According to Keith Moore <moore@xxxxxxxxxxxxxxxxxxxx>: >> But that can cut both ways. There is absolutely a lot of bad stuff >> that is passed through encrypted channels, and shrugging and saying >> too bad, can't do anything is not going to make us any friends. I >> agree that on balance the benefits of encryption outweigh the costs, >> but the costs are real. >I am skeptical of such conclusions in the absence of a thorough and >sober, balance-of-harm analysis.  For instance, it should not be >automatically assumed that back doors or other CSAM countermeasures will >actually reduce the level of CSAM that's produced or distributed. Um, I think I said that the benefits of encryption outweigh the costs. My understanding is that in the US at least, law enforcement is deluged with CSAM reports and doesn't act on most of them, so a broad brush giving them a lot more is unlikely to help. On the other hand, if there is reason to believe that a particular target is making or trading CSAM, it would be a good idea to have something to say beyond "too bad, he's using Signal." There are plausible approaches, e.g., analyzing metadata, or targeted approaches to end devices, and there has been some interesting technical work like how Meta deals with reports of illegal material on WhatsApp without breaking Whatsapp's E2E encryption. The issues are messy, and it is important to take them seriously and not just dismiss people with opinions with which we disagree. R's, John -- Regards, John Levine, johnl@xxxxxxxxx, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly
