>If passed, the legislation would require encrypted app makers ... to find ways to enforce such scanning – something they have neither the ability nor the desire to do.
100% they could add client side scanning, why do they think its impossible?
Eddy_Viscosity2•1h ago
Perhaps its more along the line of it being impossible to have privacy if privacy invading scanning is required. Its impossible to have secure encryption if there is a requirement to be not secure so that every message can be read by any government that wants to.
graemep•1h ago
What apps can access can be restricted by the OS.
All you need to do to avoid it would be to encrypt outside the app, something most people would not bother to do, but criminals would be motivated to do.
skeezyboy•59m ago
whats that got to do with whatsapp scanning the photo youre about to send?
ivan_gammel•29m ago
1. Client-side scanning of the content that is externally encrypted is impossible. So if you are a criminal, you just don't share the photo, you share the encrypted file to circumvent this restriction.
2. Reliable client-side scanning of images is impossible (you cannot download illegal content to client devices for exact matches, so it will be only signatures and collisions are possible), so there will be false positives that will be reported, which will inevitably result in violation of privacy, possibly persecution etc.
xoa•58m ago
>>"something they have neither the ability nor the desire to do."
>100% they could add client side scanning, why do they think its impossible?
I think you've misread that sentence. It's saying that they don't have the ability right now, as-in this is not a feature they've written in their software, and that further they do not wish to do so (in the same way that Apple did not want to write a backdoor for the FBI previously). Obviously as a matter of programming of course backdoors can be written and have been. But software developers don't want to be forced at gun point to do so like the EU proposes, which seems perfectly understandable.
And fwiw with open source software it actually would be arguable that they "don't have the ability" on a more technical level since that couldn't actually be enforced on the users and the EU's jurisdiction ends at its borders. Obviously many of the most popular messengers are proprietary, but not all. And even for the proprietary vendors that probably does factor into their arguments, as it'd put them at a commercial disadvantage.
lupusreal•42m ago
They can't do it without false positives stochastically decrypting perfectly legal conversations without a warrant or any sort of due process. Of course, the EU elites don't care, but the leadership of Signal/etc obviously do.
rightbyte•35m ago
> Of course, the EU elites don't care
Oh they do. They are excempted.
Insanity•34m ago
EU taking a page out of China's playbook, after years of 'complaining' about what China was doing, is kind of wild. And sad.
skeezyboy•1h ago
100% they could add client side scanning, why do they think its impossible?
Eddy_Viscosity2•1h ago
graemep•1h ago
All you need to do to avoid it would be to encrypt outside the app, something most people would not bother to do, but criminals would be motivated to do.
skeezyboy•59m ago
ivan_gammel•29m ago
2. Reliable client-side scanning of images is impossible (you cannot download illegal content to client devices for exact matches, so it will be only signatures and collisions are possible), so there will be false positives that will be reported, which will inevitably result in violation of privacy, possibly persecution etc.
xoa•58m ago
>100% they could add client side scanning, why do they think its impossible?
I think you've misread that sentence. It's saying that they don't have the ability right now, as-in this is not a feature they've written in their software, and that further they do not wish to do so (in the same way that Apple did not want to write a backdoor for the FBI previously). Obviously as a matter of programming of course backdoors can be written and have been. But software developers don't want to be forced at gun point to do so like the EU proposes, which seems perfectly understandable.
And fwiw with open source software it actually would be arguable that they "don't have the ability" on a more technical level since that couldn't actually be enforced on the users and the EU's jurisdiction ends at its borders. Obviously many of the most popular messengers are proprietary, but not all. And even for the proprietary vendors that probably does factor into their arguments, as it'd put them at a commercial disadvantage.
lupusreal•42m ago
rightbyte•35m ago
Oh they do. They are excempted.