By John Gruber
WorkOS: APIs to ship SSO, SCIM, FGA, and User Management in minutes. Check out their launch week.
Wired:
Spain has advocated banning encryption for hundreds of millions of people within the European Union, according to a leaked document obtained by Wired that reveals strong support among EU member states for proposals to scan private messages for illegal content.
The document, a European Council survey of member countries’ views on encryption regulation, offered officials’ behind-the-scenes opinions on how to craft a highly controversial law to stop the spread of child sexual abuse material (CSAM) in Europe. The proposed law would require tech companies to scan their platforms, including users’ private messages, to find illegal material. However, the proposal from Ylva Johansson, the EU commissioner in charge of home affairs, has drawn ire from cryptographers, technologists, and privacy advocates for its potential impact on end-to-end encryption. [...]
Of the 20 EU countries represented in the document leaked to WIRED, the majority said they are in favor of some form of scanning of encrypted messages, with Spain’s position emerging as the most extreme. “Ideally, in our view, it would be desirable to legislatively prevent EU-based service providers from implementing end-to-end encryption,” Spanish representatives said in the document.
If the EU goes ahead with this, I think it means the end of services like WhatsApp, Signal, and iMessage in the EU. There’s no way to architect a messaging system that uses E2EE in some regions and doesn’t in others. The only way to comply would be to rearchitect these systems to not use E2EE anywhere. Signal certainly wouldn’t do that. Apple wouldn’t either.
Denmark and Ireland expressed support for scanning encrypted messengers for child sexual abuse material while also endorsing the inclusion of wording in the law that protects end-to-end encryption from being weakened. The ability to do this would rely on the invention of technology that can scan encrypted messages for illegal content without altering or breaking the security features offered by encryption — a feat cryptographers and cybersecurity experts have said is technically impossible.
It is technically impossible. There is no he-said/she-said debate here. The cryptographers are correct and the lawmakers are so ignorant that they’re proposing a fantasy. It’s a downwind effect of Arthur C. Clarke’s famous maxim that sufficiently advanced technology is indistinguishable from magic: the technology of E2EE is so far above the heads of lawmakers and law enforcement officials that they feel free to demand magic solutions. “Just nerd harder.”
The Netherlands, however, stated that this would be possible through “on-device” scanning before the illegal material is encrypted and sent to its recipient. “There are … technologies which may allow for automatic detection of CSAM while at the same time leaving end-to-end encryption intact,” the country’s representatives stated in the document.
Somewhere in Cupertino, a head bangs against a desk.
★ Monday, 22 May 2023