@hMar 4, 2023
Eleanor Saitta

The EU's proposal to force all service providers to automatically search all content that is either stored or transmitted anywhere in Europe, forward all illegal results to the police, and to block access to all non-European illegal content is expected to be presented to parliament in April. It's currently focused on algorithmic identification of unknown CSAM and of any social interactions that could be child grooming — basically, an AI trying to guess if an image might be child porn or a conversation might be trying to lure a child for sex — but it's unlikely that once the capability exists it won't be expanded to other crimes. The proposal would also force all services to age check their users (which means identifying them) and effectively ban anyone under 18 from interacting with the internet. There are no exceptions for end to end encryption and stored data not being shared is included.

To be clear, this proposal is not going to work. You know how bad chatGPT is? This is trying to solve a much harder problem, one humans struggle with, with much less compute power. What it will do is end all private communication in Europe, waste an amazing amount of police time, and leak a spectacular amount of private material to local police, some of whom — looking at you Hungary and Poland — are more than happy to use it to harass queers and trans people. It is fundamentally incompatible with the basic rights the EU is legally bound to uphold. It's also, in case they care, going to be a nightmare for corporate security and intellectual property control and will create a massive barrier to entry for anyone smaller than Google or Facebook running communication services in Europe.

Please call or write your MEP today and tell them to stop #ChatControl and preserve freedom of expression in Europe.

Mar 4, 2023 at 8:23amWeb
Show threadEleanor SaittaMar 6, 2023

While less terrifying than Chat Control, this piece of legislation looking to regulate and require secure development practices is equally great and terrible. I'm curious to see to what degree this approach works, especially vs. something like software liability. The part where this doesn't exempt open source developers who receive donations for their work from massive fines is a serious problem. HT @edwtjo to for linking me to this.

https://berthub.eu/articles/posts/eu-cra-secure-coding-solution

The EU's new Cyber Resilience Act is about to tell us how to code - Bert Hubert's writings

First a round of thanks for the many people in industry and government who provided valuable links, background and insights! I could not have done this without your help! If you spot any mistakes, or have suggestions, please do contact me on [email protected] The EU’s new Cyber Resilience Act is admirable in its goal. And the EU is not alone in thinking something needs to be done about the dreadful state of security online – the Biden administration has just released its National Cybersecurity Strategy that has similar aims.

Bert Hubert's writings
Show threadLuis Aguila has movedMar 6, 2023
The Precautionary Principle has a lot more influence in the EU than in the US. As the potential harms increase in scope, liability is not enough deterrent. It’s rolling the dice that you won’t get caught before you can fix something later. But some harms can’t actually be undone, especially when unintended consequences are in play. I wish the EU success with this approach.
Show threadVesna ManojlovićMar 4, 2023
@dymaxion World you like to come to talk with #RIPE community about this? https://Ripe86.ripe.net/cfp 22-26.May in Rotterdam
Call for Presentations – RIPE 86

Show threadEleanor SaittaMar 4, 2023
@becha
Unfortunately, I've got another speaking engagement that week, and I'm probably not the right person — I don't follow this as closely as I'd want to for a talk like that. However! You should absolutely reach out to Bits of Freedom, the Dutch Internet freedom NGO — I know they have folks who do and who would be really happy to get to talk to the RIPE crowd.
Show threadEleanor SaittaMar 4, 2023
@becha
Do let me know if you can't find someone — this is really important and I'm happy to go shake down a tree to help
Show threadALMar 4, 2023

@dymaxion This is the biggest #over-sell of #AI that I have seen and its real scary.
A good example of how a little information in the hands of #peopleInPower that don't have any respect for #democracy can be real #dangerous to real people around the world. We need to staff our #governments with people that understand #science.

Be strong folks of #EU, protect your privacy and security. We are counting on you.

Show threadEleanor SaittaMar 4, 2023

@mral
It is and it isn't an overselling of ML. While it's impossible for what the EU is asking for to be done by ML at accuracy they expect, let alone at what would be required to preserve fundamental rights, they also don't particularly care. The EU has a history of ignoring expert advice on the technical impact of digital security policies when the experts don't agree with them and just requiring impossible things. The attitude, much like with Congress on the US and key escrow security, is that they'll require it and then the nerds will figure out how to do it.

The dynamics behind this are complicated. It's a problem, for example, that almost everyone in a position to comment authoritatively on how systems like this might work at scale is or has been employed by the companies the EU most wants to regulate. Their opinions are thus ignored as biased. The few exceptions tend to work with NGOs like @edri and are dismissed as biased activists. There are, of course folks willing to tell the EU what they want to hear, often because they'd like money to sell a solution they claim will work. They're usually idiots, but presentable ones who know how to speak to the system.

So far, a lot of these proposals have been fought to a standstill, but it's been razor thin every time and the work required had burnt folks it and gotten in the way of most work that might lead up any substantive improvements.

Show threadALMar 4, 2023
@dymaxion @edri agreed, I'm glad folks like you are still in the fight. Ignorant folks in power are very dangerous, I wish more would remember that in the voting booth.
Show threadEdward TjörnhammarMar 6, 2023
@dymaxion The Swedish presidency in the EU certainly went from concerning to fiasco quickly. https://berthub.eu/articles/posts/eu-cra-secure-coding-solution #ChatControl #CRA
The EU's new Cyber Resilience Act is about to tell us how to code - Bert Hubert's writings

First a round of thanks for the many people in industry and government who provided valuable links, background and insights! I could not have done this without your help! If you spot any mistakes, or have suggestions, please do contact me on [email protected] The EU’s new Cyber Resilience Act is admirable in its goal. And the EU is not alone in thinking something needs to be done about the dreadful state of security online – the Biden administration has just released its National Cybersecurity Strategy that has similar aims.

Bert Hubert's writings
Show threadEleanor SaittaMar 6, 2023
@edwtjo
Oh wow, this is fascinating. And yeah, in equal measures amazing and catastrophic