On Mon, Jul 31, 2023 at 5:44 AM Ben Laurie <benl=40google.com@xxxxxxxxxxxxxx> wrote:
On Sun, 30 Jul 2023 at 22:27, John C Klensin <john-ietf@xxxxxxx> wrote:* As John Levine more or less pointed out below, getting
encryption right means finding mutual understandings and
understanding what will inevitably be a somewhat delicate
balance. While, like him, I see the advantages of encryption as
greater than the disadvantages, it seems to me that it is very
much in our interests --and very much in the interest of
preserving access to encryption-- if we recognize that there are
tradeoffs and help people understand them, we are all likely to
be better off in the long term than if we work ourselves into
"encryption good; anyone who questions that is inherently evil
or stupid" positions like a sister organization of ours seems to
be doing.The core issue with these "tradeoffs" is they are binary. You either have encryption, or you don't. The whole notion that there is a spectrum on which you can choose your place is flawed.
No, they aren't. Cryptography is binary but stopping pedophiles is not.
Before the Apple CSAM scanning blow up, I had been experimenting with a scheme in which a person in an end-to-end encrypted social media system could opt in to scanning of inbound materials from specified parties.
One application for this would be to prevent malicious parties sending materials to incriminate someone. Another would be for use within CSAM police teams.
I did quite a bit of modelling on this and then the unilateral action by Apple made it all moot because so technology of that type was going to be acceptable. And the legislative moves in the UK are only going to harden opposition.
One of the issues I have is that the scanning services come at a cost and I have long, long experience of 'not-for-profit' entities becoming very profitable for the people running them. I can't even find out what those costs are.
When the discussion is framed in terms of 'Google has lots of money', such issues are easily avoided. But the legislative mandates affect more than just trillion dollar corporations.
