Re: [EXT] Re: IAB Statement on Encryption and Mandatory Client-side Scanning of Content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The issue is not 'open source' software.

To make the proposed control of CSAM materials viable, governments would have to regulate distribution and use of ALL third party software in the manner of Soviet Russia.

Of course that isn't being proposed. All the software vendors want is to wet their beak selling their vaporware to Google etc.


On Wed, Dec 20, 2023 at 3:57 AM Vittorio Bertola <vittorio.bertola=40open-xchange.com@xxxxxxxxxxxxxx> wrote:
 
Il 19/12/2023 18:33 CET Paul Wouters <paul@xxxxxxxxx> ha scritto:
 
 
On Dec 19, 2023, at 08:50, Andrew Alston - IETF <andrew-ietf@xxxxxxxxxxx> wrote:

 

>>  I am okay if a government makes open
>> source illegal to disable that open source feature.

You may be – I am not – because the consequences of banning opensource would be directly detrimental to the Internet and its development.  It would prevent running code implementations to test standards, it would harm the development community, and it would do endless amounts of damage.  So – while you are free to hold that opinion, I can’t in good faith sit here and say that I think that making opensource illegal wouldn’t be utterly insane – entirely unworkable – and massively detrimental to the Internet at large

Banning open source is generally not going to happen, as that would basically stop the Internet and cripple the society and the economy to death. There is just one (1) country where something like that is happening, which is way less than the total number of countries ruled by crazy dictatorships - not even that kind of country can easily survive without the open Internet.
 
This said, I want to answer a couple of your points for what regards the EU:
And on top of that, the PGP lawsuit in the US in the 90’s already showed that opensource code is the equivalent of free speech, so making opensource illegal constitutes making freedom of speech illegal.
This has somewhat changed in Europe with the recent law on mandatory security requirements for software (the Cyber Resilience Act - a completely different one from the CSAM regulation that prompted the IAB statement). We argued with the Commission that software is free speech and thus its publishing cannot be subject to (too many) constraints, but the Commission's line is that now software is an industrial product, not an _expression_ of thought, and as such can be restricted and arbitrarily regulated.
 
It would be interesting to challenge that in court and see if the European Court of Justice would uphold the "software as free speech" principle, but I don't know if anyone will bring the case.
 
Additionally, since people in other countries can legally write such modified opensource software, you would additionally need to ban all software (opensource or not) that doesn’t have the backdoor/government reporting/filtering code. How would endusers even know this ? Eg they download chrome or Firefox and now they are a criminal ?
No, the law above would put the liability on Google and Mozilla - if you let end-users from Europe download software that does not meet the legal requirements (in the CRA, they are about publishing security patches etc.), you as a company are liable even if you are not based in Europe and your servers are outside the EU. I haven't checked the CSAM proposal on this specific point, but I suspect it would be similar.
 
-- 
Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
vittorio.bertola@xxxxxxxxxxxxxxxx 
Office @ Via Treviso 12, 10144 Torino, Italy
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux