For more than a decade, there has been as much internet security as anyone would want. HTTPS means anyone wanting to read your traffic has to de-crypt it, which is expensive, though they will know where it is going. VPNs removed that last bit of information. Client-side scanning is any way of looking at your device content before it is encrypted (on the send side) or after it is decrypted (on the receive side).
Let's assume that the privacy lobby's worst fears about mission creep come true, and that by, say 2030, all our devices have client-side scanning for all file types. See this paper for an example of the way the discussion is going.
Whatever we look at, type, write, read, say or hear will be sent to Government servers and scanned by AI, for evidence of an ever-increasing number of offences. (Yes there will be mediators, but they will not be English lawyers versed in the nuances of Western culture. They will be low-paid, off-shore workers in a non-European country.)
Client-side scanning will need Parliamentary approval. Everyone will be able to see it coming from a mile away and prepare for it.
The majority of users, who are well-mannered and law-abiding citizens, will not change their behaviour, as why should they? At the other extreme, Serious People doing Something Very Bad who want to go on doing it will have plenty of time to organise and convert to off-line ways of doing it. Their online behaviour will look utterly law-abiding. People who have been opportunistically doing Something Very Bad because modern devices made it easy and encryption made it reasonably un-identifiable, will either join the Serious People, or stop doing it. Lawyers and corporate executives will ask "do I want the Regulator / prosecution / HMRC / whoever else to see this?" and if the answer is NO, they will arrange an in-person meeting to communicate it.
The introduction of client-side scanning will, in other words, sanitise the Internet, remove some of the easy-come easy-go misbehaviour, but otherwise leave the real world unchanged. Cyber-bullying will stop, but old-fashioned bullying in-person will carry on. Conspiracies against the State will be discussed as before in quiet corners of noisy restaurants. Prices will be fixed by managers in queues for popular take-aways. People will need to work a little harder to conspire.
After a year or so, when the hot-heads have cooled down and the privacy activists have been imprisoned, scanning will be an expensive deterrent that does stop casual, opportunist law-breaking and activism, but does not stop the serious people. Universal cradle-to-grave client-side scanning will be the end of the Wild West of the Internet. That's probably a Good Thing.
Well, until we look at the practicalities.
First, scanning and subsequent identification by AI or other means will generate false positives: innocent images, voice calls, texts or e-mails that get classified as Bad. Liberal activists don't care about that - eggs and omelettes and all that - but the grown-ups at Apple do, which is why they abandoned their iCloud scanning development at the end of 2022.
Second, it will be easy for a malicious person to mess with your life. All they need to do is send you Bad Content, which the client-side scanner on your device will identify and report you as having. Before you even know it is there. We don't think about this now because we can delete the dodgy stuff if it ever reaches us. It does not even need to be malicious. All sorts of stuff gets returned by a Google search that we never see and didn't ask for. Apple et al will need to build in the facility to block images and files being sent to mail, messaging and other apps on their devices, while still allowing e.g. music streams and videos.
Third, remember the farce that was the Covid app? Billions of the taxpayers' money spent on a program with more flaws than a cheap diamond? What makes you think Government-specified client-side scanning will be any better? Scanning software needs to operate at a very deep level (the "kernel") of the device's operating system. Nobody outside Apple (for iOS), Google (for Android) and Microsoft (for Windows) has the detailed kernel-level knowledge required to write it well. If previous projects are a guide, the scanning software will be developed by low-bid sub-contractors who will scatter to the four winds a month after they are paid. That's how Government IT contracts work. So our phones, tablets and even maybe laptops will freeze until re-boot, brick themselves beyond re-boot, stutter, lock us out, fail to run apps at random and otherwise misbehave. Not a few devices once a year, but every device every month.
Client-side scanning is a terrific deterrent. Shame it will create way more problems than it will solve. But then, you know, it is better that ten innocent people are wrongly found guilty than one guilty person is wrongly found innocent.
At least, I think that was the quote.
No comments:
Post a Comment