Connect with us


GCHQ experts back scanning of encrypted phone messages to fight child abuse



GCHQ experts back scanning of encrypted phone messages to fight child abuse

Companies could police encrypted messaging services for possible child abuse while still preserving the privacy and security of the people who use them, government security and intelligence experts said in a discussion paper published yesterday.

Ian Levy, technical director of the UK National Cyber Security Centre (NCSC), and Crispin Robinson, technical director for cryptanalysis at GCHQ, argued that it is “neither necessary nor inevitable” for society to choose between making communications “insecure by default” or creating “safe spaces for child abusers”.

The technical directors proposed in a discussion paper, Thoughts on child safety on commodity platforms, that client-side scanning software placed on mobile phones and other electronic devices could be deployed to police child abuse without disrupting individuals’ privacy and security.

The proposals were criticised yesterday by technology companies, campaign groups and academics.

Meta, owner of Facebook and WhatsApp, said the technologies proposed in the paper would undermine the internet, would threaten security and damage people’s privacy and human rights.

The Open Rights Group, an internet campaign group, described Levy and Robinson’s proposals as a step towards a surveillance state.

The technical directors argued that developments in technology mean there is not a binary choice between the privacy and security offered by end-to-end encryption and the risk of child sexual abusers not being identified.

They argued in the paper that the shift towards end-to-end encryption “fundamentally breaks” most of the safety systems that protect individuals from child abuse material and that are relied on by law enforcement to find and prosecute offenders. 

“Child sexual abuse is a societal problem that was not created by the internet, and combating it requires an all-of-society response,” they wrote.

“However, online activity uniquely allows offenders to scale their activities, but also enables entirely new online-only harms, the effects of which are just as catastrophic for the victims.”

Neural Hash on hold

Apple attempted to introduce client-side scanning technology – known as Neural Hash – to detect known child sexual abuse images on iPhones last year, but put the plans on indefinite hold following an outcry by leading experts and cryptography experts.

A report by 15 leading computer scientists, Bugs in our pockets: the risks of client-side scanning, published  by Columbia University, identified multiple ways that states, malicious actors and abusers could turn the technology around to cause harm to others or society.

“Client-side scanning, by its nature, creates serious security and privacy risks for all society, while the assistance it can provide for law enforcement is at best problematic,” they said. “There are multiple ways in which client-side scanning can fail, can be evaded and can be abused.”

Levy and Robinson said there was an “unhelpful tendency” to consider end-to-end encrypted services as “academic ecosystems” rather than the set of real-world compromises that they actually are.

“We have found no reason as to why client-side scanning techniques cannot be implemented safely in many of the situations that society will encounter,” they said.

“That is not to say that more work is not needed, but there are clear paths to implementation that would seem to have the requisite effectiveness, privacy and security properties.”

The possibility of people being wrongly accused after being sent images that cause “false positive”  alerts in the scanning software would be mitigated  in practice by multiple independent checks before any referral to law enforcement, they said.

The risk of “mission creep”, where client-side scanning could potentially be used by some governments to detect other forms of content unrelated to child abuse could also be prevented, the technical chiefs argued.

Under their proposals, child protection organisations worldwide would use a “consistent list” of known illegal image databases.

The databases would use cryptographic techniques to verify that they only contained child abuse images and their contents would be verified by private audits.

The technical directors acknowledged that abusers might be able to evade or disable client-side scanning on their devices to share images between themselves without detection.

However, the presence of the technology on victims’ mobile phones would protect them from receiving images from potential abusers, they argued.

Detecting grooming

Levy and Robinson also proposed running “language models” on phones and other devices to detect language associated with grooming. The software would warn and nudge potential victims to report risky conversations to a human moderator.

“Since the models can be tested and the user is involved in the provider’s access to content, we do not believe this sort of approach attracts the same vulnerabilities as others,” they said.

In 2018, Levy and Robinson proposed allowing government and law enforcement “exceptional access” to encrypted communications, akin to listening in to encrypted communications services.

But they argued that countering child sexual abuse is complex, that the detail is important and that governments have never clearly laid out the “totality of the problem”.

“In publishing this paper, we hope to correct that information asymmetry and engender a more informed debate,” they said.

Analysis of metadata ineffective

The paper argued that the use of artificial intelligence (AI) to analyse metadata, rather than the content of communications, is an ineffective way to detect the use of end-to-end encrypted services for child abuse images.

Many proposed AI-based solutions do not give law enforcement access to suspect messages, but calculate a probability that an offence has occurred, it said.

Any steps that law enforcement could take, such as surveillance or arrest, would not currently meet the high threshold of evidence needed for law enforcement to intervene, the paper said.

“Down this road lies the dystopian future depicted in the film Minority Report,” it added.

Online Safety Bill

Andy Burrows, head of child safety online policy at children’s charity the NSPCC, said the paper showed it is wrong to suggest that children’s right to online safety can only be achieved at the expense of privacy.

“The report demonstrates that it will be technically feasible to identify child abuse material and grooming in end-to end-encrypted products,” he said. “It is clear that the barriers to child protection are not technical, but driven by tech companies that don’t want to develop a balanced settlement for their users.”

Burrows said the proposed Online Safety Bill is an opportunity to tackle child abuse by incentivising companies to develop technical solutions.

“The Online Safety Bill is an opportunity to tackle child abuse taking place at an industrial scale. Despite the breathless suggestions that the Bill could ‘break’ encryption, it is clear that legislation can incentivise companies to develop technical solutions and deliver safer and more private online services,” he said.

Proposals would ‘undermine security’

Meta, which owns Facebook and WhatsApp, said the technologies proposed in the paper by Levy and Robinson would undermine the security of end-to-end encryption.

“Experts are clear that technologies like those proposed in this paper would undermine end-to-end encryption and threaten people’s privacy, security and human rights,” said a Meta spokesperson.

“We have no tolerance for child exploitation on our platforms and are focused on solutions that do not require the intrusive scanning of people’s private conversations. We want to prevent harm from happening in the first place, not just detect it after the fact.”

Meta said it protected children by banning suspicious profiles, restricting adults from messaging children they are not connected with on Facebook, and limiting the capabilities of accounts of people aged under 18.

“We are also encouraging people to report harmful messages to us, so we can see the reported contents, respond swiftly and make referrals to the authorities,” the spokesperson said.

UK  push ‘irresponsible’

Michael Veale, an associate professor in digital rights and regulations at UCL, wrote in an anlaysis on Twitter that it was irresponsible of the UK to push for client-side scanning.

“Other countries will piggyback on the same (faulty, unreliable) tech to demand scanning for links to abortion clinics or political material,” he wrote.

Veale said the people sharing child sexual abuse material would be able to evade scanning by moving to other communications services or encrypting their files before sending them.

“Those being persecuted for exercising normal, day-to-day human rights cannot,” he added.

Security vulnerabilties

Jim Killock, executive director of the Open Rights Group, said client-side scanning would have the effect of breaking end-to-end encryption and creating vulnerabilities that could be exploited by criminals, and state actors in cyber-warfare battles.

UK cyber security chiefs plan to invade our privacy, break encryption, and start automatically scanning our mobile phones for images that will turn them into a ‘spies in your pocket’,” he said.

“This would be a massive step towards a Chinese-style surveillance state. We have already seen China wanting to exploit similar technology to crack down on political dissidents.”

Read More

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.


Nothing announces official launch date for new Ear (stick) AirPods alternatives




Nothing announces official launch date for new Ear (stick) AirPods alternatives
Nothing Ear (stick) held by a model on white background

(Image credit: Nothing )

True to form, Nothing has just announced the full reveal date for its upcoming audio product, Ear (stick). 

So, an announcement about an announcement. You’ve got to hand it to Carl Pei’s marketing department, they never miss a trick.

What we’re saying is that although we still have ‘nothing’ conclusive about the features, pricing or release date for the Ear (stick) except an image of another model holding them (and we’ve seen plenty of those traipsing down the catwalk recently), we do have a date – the day when we’ll be granted official access to this information. 

That day is October 26. Nothing assures us that on this day we’ll be able to find out everything, including pricing and product specifications, during the online Ear (stick) Reveal, at 3PM BST (which is 10AM ET, or 1AM on Wednesday if you’re in Sydney, Australia) on (opens in new tab)

Any further information? A little. Nothing calls the Ear (stick), which is now the product’s official name, “the next generation of Nothing sound technology”, and its “most advanced audio product yet”. 

But that’s not all! Apparently, Ear (stick) are “half in-ear true wireless earbuds that balance supreme comfort with exceptional sound, made not to be felt when in use. They’re feather-light with an ergonomic design that’s moulded to your ears. Delivered in a unique charging case, inspired by classic cosmetic silhouettes, and compactly formed to simply glide into pockets.” 

Opinion: I need more than a lipstick-style case

Nothing Ear (stick) – official leaked renders 1, 2022

See more

It’s no secret that I want Nothing’s earbuds to succeed in world dominated by AirPods; who doesn’t love a plucky, eccentric underdog? 

But in order to become some of the best true wireless earbuds on the market, there is room for improvement over the Nothing Ear 1, the company’s inaugural earbuds. 

Aside from this official ‘news’ from Nothing, leaked images and videos of the Ear (stick) have been springing up all over the internet (thank you, developer Kuba Wojciechowski) and they depict earbuds that look largely unchanged, which is a shame. 

For me, the focus needs to shift from gimmicks such as a cylindrical case with a red section at the end which twists up like a lipstick. Don’t get me wrong, I love a bit of theater, but only if the sound coming from the earbuds themselves is top dog. 

As the natural companions for the Nothing Phone 1, it makes sense for the Ear (stick) to take a place similar to that of Apple’s AirPods 3, where the flagship Ear (1) sit alongside the AirPods Pro 2 as a flagship offering. 

See, that lipstick case shape likely will not support wireless charging. That and the rumored lack of ANC means the Ear (stick) is probably arriving as the more affordable option in Nothing’s ouevre. 

For now, we sit tight until October 26. 

Becky is a senior staff writer at TechRadar (which she has been assured refers to expertise rather than age) focusing on all things audio. Before joining the team, she spent three years at What Hi-Fi? testing and reviewing everything from wallet-friendly wireless earbuds to huge high-end sound systems. Prior to gaining her MA in Journalism in 2018, Becky freelanced as an arts critic alongside a 22-year career as a professional dancer and aerialist – any love of dance starts with a love of music. Becky has previously contributed to Stuff, FourFourTwo and The Stage. When not writing, she can still be found throwing shapes in a dance studio, these days with varying degrees of success.  

Read More

Continue Reading


YouTube could make 4K videos exclusive to Premium subscribers




YouTube could make 4K videos exclusive to Premium subscribers
Woman watching YouTube on mobile phone screen

(Image credit: Shutterstock / Kicking Studio)

You might soon have to buy YouTube Premium to watch 4K YouTube videos, a new user test suggests.

According to a Reddit thread (opens in new tab) highlighted on Twitter by leaker Alvin (opens in new tab), several non-Premium YouTube users have reported seeing 4K resolution (and higher) video options limited to YouTube Premium subscribers on their iOS devices. For these individuals, videos are currently only available to stream in up to 1440p (QHD) resolution.

The apparent experiment only seems to be affecting a handful of YouTube users for now, but it suggests owner Google is toying with the idea of implementing a site-wide paywall for access to high-quality video in the future.

So, after testing up to 12 ads on YouTube for non-Premium users, now some users reported that they also have to get a Premium account just to watch videos in 4K. 1, 2022

See more

It’s no secret that Google has been searching for new ways to monetize its YouTube platform in recent months. In September, the company introduced five unskippable ads for some YouTube users as part of a separate test – an unexpected development that, naturally, didn’t go down well with much of the YouTube community. 

A resolution paywall seems a more palatable approach from Google. While annoying, the change isn’t likely to provoke the same level of ire from non-paying YouTube users as excessive ads, given that many smartphones still max out at QHD resolution anyway. 

Of course, if it encourages those who do care about high-resolution viewing to invest in the platform’s Premium subscription package, it may also be more lucrative for Google. After all, YouTube Premium, which offers ad-free viewing, background playback and the ability to download videos for offline use, currently costs $11.99 / £11.99 / AU$14.99 per month.

Suffice to say, the subscription service hasn’t taken off in quite the way Google would’ve hoped since its launch in 2014. Only around 50 million users are currently signed up to YouTube Premium, while something close to 2 billion people actively use YouTube on a monthly basis. 

Might the addition of 4K video into Premium’s perk package bump up that number? Only time will tell. We’ll be keeping an eye on our own YouTube account to see whether this resolution paywall becomes permanent in the coming months.

Axel is a London-based staff writer at TechRadar, reporting on everything from the newest movies to latest Apple developments as part of the site’s daily news output. Having previously written for publications including Esquire and FourFourTwo, Axel is well-versed in the applications of technology beyond the desktop, and his coverage extends from general reporting and analysis to in-depth interviews and opinion. 

Axel studied for a degree in English Literature at the University of Warwick before joining TechRadar in 2020, where he then earned a gold standard NCTJ qualification as part of the company’s inaugural digital training scheme. 

Read More

Continue Reading


Europe sets deadline for USB-C charging for (almost) all laptops




Europe sets deadline for USB-C charging for (almost) all laptops

USB-C als Ladestandard in der EU

Mundissima / Shutterstock

Author: Michael Crider
, Staff Writer

Michael is a former graphic designer who’s been building and tweaking desktop computers for longer than he cares to admit. His interests include folk music, football, science fiction, and salsa verde, in no particular order.

Read More

Continue Reading


Copyright © 2022 Xanatan