EU's concealment of secret 'expert list' on CSAM regulation is maladministration

Did we ever stop to consider the theory of harm of CSAM circulating in private communications? Because I don&#x27;t see how bytes being copied around in secret actually hurts children in any meaningful way.<p>Obviously it is wrong to create child porn intentionally. But that&#x27;s already illegal and people who do this are laughably bad at ITSEC. Like seriously, read the stories of CSAM making &quot;studios&quot; who got caught. Either law enforcement is so bad that any remotely shrewd criminal defeats them, either the criminals are just not all that technically savvy. Either way, the tools to catch actual child molesters are effective and adequate.

I suggest people read the full decision from the ombudsman: <a href="https:&#x2F;&#x2F;www.ombudsman.europa.eu&#x2F;en&#x2F;decision&#x2F;en&#x2F;176658" rel="nofollow noreferrer">https:&#x2F;&#x2F;www.ombudsman.europa.eu&#x2F;en&#x2F;decision&#x2F;en&#x2F;176658</a><p>It shows what an absolute bureaucratic mess it all is.

Sadly, this sort of thing isn&#x27;t new. Governments around the world are trying to avoid any kind of public scrutiny for what they&#x27;re doing.<p>I&#x27;m reminded of the Trans-Pacific Partnership (&quot;TPP&quot;) from ~8 years ago. Very few people were even allowed to see the text of the treat [1] yet the people&#x27;s represntatives had to ratify this when their own constituents weren&#x27;t allowed to see it? Wikileaks and others leaked drafts and it was as bad as people thought it was going to be.<p>Defenders argue that trade negotiations need to happen in secret so as to not worsen our negotiating position. This really translates to &quot;we don&#x27;t want to afford the public the opportunity to oppose it&quot;. The EU now is finding some BS rationale for operating in the shadows.<p>[1]: <a href="https:&#x2F;&#x2F;www.npr.org&#x2F;sections&#x2F;itsallpolitics&#x2F;2015&#x2F;05&#x2F;14&#x2F;406675625&#x2F;a-trade-deal-read-in-secret-by-only-few-or-maybe-none" rel="nofollow noreferrer">https:&#x2F;&#x2F;www.npr.org&#x2F;sections&#x2F;itsallpolitics&#x2F;2015&#x2F;05&#x2F;14&#x2F;40667...</a>

The only way for this system to work would be if the database of CSAM were managed by consensus by geopolitical rivals. That is, it would have to include Russia and China. This is the only way to ensure that Western governments don&#x27;t abuse their access in the future to surveil dissident groups.<p>Trusting that NCMEC can&#x27;t be compromised is a nonstarter. I would trust a system where Chinese, Russian, American, British, etc police agreed that the database only includes CSAM.

&gt; Suggestion for improvement<p>&gt; 26. Given the Commission’s failure to identify the list of experts despite the complainant’s clear interest in it, the Commission should register this now as a new request for public access to documents and handle it in accordance with Regulation 1049&#x2F;2001.<p>I know the ombudsman doesn&#x27;t really have power and can only provide recommendations but surely &quot;and the people who initially denied the request should be fined&#x2F;fired&#x2F;imprisoned&quot; or some such language would have been OK to add? Seems like &#x27;we can ignore the law until someone jumps over the substantial hurdles to complain about us ignoring the law and then we can follow the law&#x27; is not good for democracy.

Isn&#x27;t it illegal to save, view, or post, the new zealand shooting in NZ and Australia. Add those hashes to the list too why not...<p>the exact same twisted logic that we use in this crusade surely it would apply to videos of people getting killed not just raped right?<p>or is there a unique puritanical weirdness that allows CSAM to get a pass to where states should be violating all of our devices

The secret expert list is now published<p><a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=38205743#38205787">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=38205743#38205787</a>

<a href="https:&#x2F;&#x2F;netzpolitik.org&#x2F;2023&#x2F;geheime-liste-wie-der-sicherheitsapparat-die-chatkontrolle-praegt&#x2F;" rel="nofollow noreferrer">https:&#x2F;&#x2F;netzpolitik.org&#x2F;2023&#x2F;geheime-liste-wie-der-sicherhei...</a>

&gt; EU&#x27;s concealment of secret &#x27;expert list&#x27; on CSAM regulation is maladministration<p>What is more disturbing is that there are very few European institutions and companies on this list.

&gt; 17. The Commission representatives noted that many companies, which participate in the EUIF, are concerned about their security and public image. In addition, the topics discussed in the EUIF are often of a sensitive, operational nature and disclosure could be exploited by malicious actors to circumvent detection mechanisms and moderation efforts by companies. Revealing some of the strategies and tactics of companies, or specific technical approaches also carries a risk of informing offenders on ways to avoid detection. The Commission representatives provided additional confidential information during the meeting with the Ombudsman inquiry team on why the list of experts could not be disclosed.<p>If the goal of your company is to promote and get a wiretap on every single device and messenger app, IN SECRET, you should be concerned about your public image. I also suggest you should be also concerned human rights and your personal moral compass.<p>Time to drag out these bastards to the light.

I had it with these people. The next time there are elections for the Commission I will...hey...wait a minute!...

25000 lobbyists. If they don&#x27;t deliver, what are they good for?!

CSAM = child sexual abuse material

It is possible to detect CSAM in end-to-end encrypted messaging by doing it on-device on the client side before it is encrypted and&#x2F;or on the receiving client side after it is decrypted. iMessage already does this in the latest release. Most smart phones have AI-enabled chips that would be able to run images&#x2F;videos against classification algorithms. The tricky part would be enforcing that users use clients which do this, so the task becomes regulating allowed messaging clients, which might be impossible. That being said, one could probably knock out 80% of the problem by legally forcing the hand of all the major platforms to do client-side scanning. At that point, only the truly dedicated would move their comms to another platform. Mobile users are very susceptible to nudges.