What aspects of computing tech should we further criminalise?

[Samson]

Given that there is a problem what alternatives are you proposing?

My first post listed a whole load of problems and solutions that have been proposed. I shall try and focus on the things that I think you are concerned about, but if I am putting words in your mouth please let me know what you think are the important issues you want my opinion on.

Children being harmed in the creation kiddie porn

It is a very difficult problem by its nature. If I was in charge of this, the first thing I would do would be to quantify the problem and find out where and how it is happening. A quick google gives no ideas of the incidence, and I do not want to know the details. Without that I could not realistically say what magnitude of investment should be made and where.

If I was given money and political will and told to make the biggest difference I would focus on education, particularly of peers identifying each other who are at risk, as well as making sure everyone knows who to call if they are exposed to it. The other thing that would probably make the biggest difference would be something approaching an open borders immigration policy that would allow people to escape desperate situations, but that is a whole other thing. I just cannot see a way one could make a difference to this problem by restricting encryption.

Children being harmed by accidentally coming across porn

This is one that is made out to be a problem, and if it really is but I am not convinced. They may come across the odd expose breast in an inappropriate advert, but I have not had the "window cascade" of hardcore porn that used to come up when researching certain subjects like you used to get.

If it really is a problem that needs solving then it should be solvable. A legally required click through "Are you over 18, porn ahead" before you get to porn does not seem to invasive. They had the idea of restricting porn to certain top level domains I think, like .xxx. Again, that does not sound too invasive but I am not sure it could work with the global nature of the internet.

Children being harmed by purposefully accessing porn

This is another difficult one, mostly because in many cases by the time they are interested in porn many children will be better than their parents at working computers. How do you design a childproof system when the children are better than the parents are using the system?

I have said before that on a practical level I think the only answer that would allow most parents to control their children's internet usage without causing more harm than good is to require the children to use a desktop in the common area of the house until they are old enough to be trusted to control their use. I think last time we talked about this uppi convinced me he could lock down a system such that they would at least know if their child had unlocked it. I would put money on less than 50% of parents of teenages being able to do that.

Id for porn use will fail. No one will give their real personal id to a third party to identify themselves as a porn user. It will be so much easier to stop getting legal porn from pornhub and start getting illegal porn from [places] than go through the bureaucracy and risk. Then everyone will be exposed to illegal porn instead of legal porn and that will do harm.

Adults being harmed by purposefully accessing legal porn

Make more harmful porn illegal? I have to admit I do not know what the line between legal and illegal is, and I am not sure I want to know, but if there is good reason to believe it is in the wrong place there is nothing wrong with moving it.

Adults being harmed by purposefully accessing illegal porn

Another difficult one. More investment in enforcement (we could use the strategy we are using against the dark web against illegal porn perhaps?) More severe penalties, but is that justified? Automated searches of all MPs computers sounds like it might be a good start.

 

[AmazonQueen]

My first post listed a whole load of problems and solutions that have been proposed. I shall try and focus on the things that I think you are concerned about, but if I am putting words in your mouth please let me know what you think are the important issues you want my opinion on.

Children being harmed in the creation kiddie porn

It is a very difficult problem by its nature. If I was in charge of this, the first thing I would do would be to quantify the problem and find out where and how it is happening. A quick google gives no ideas of the incidence, and I do not want to know the details. Without that I could not realistically say what magnitude of investment should be made and where.

If I was given money and political will and told to make the biggest difference I would focus on education, particularly of peers identifying each other who are at risk, as well as making sure everyone knows who to call if they are exposed to it. The other thing that would probably make the biggest difference would be something approaching an open borders immigration policy that would allow people to escape desperate situations, but that is a whole other thing. I just cannot see a way one could make a difference to this problem by restricting encryption.

Children being harmed by accidentally coming across porn

This is one that is made out to be a problem, and if it really is but I am not convinced. They may come across the odd expose breast in an inappropriate advert, but I have not had the "window cascade" of hardcore porn that used to come up when researching certain subjects like you used to get.

If it really is a problem that needs solving then it should be solvable. A legally required click through "Are you over 18, porn ahead" before you get to porn does not seem to invasive. They had the idea of restricting porn to certain top level domains I think, like .xxx. Again, that does not sound too invasive but I am not sure it could work with the global nature of the internet.

Children being harmed by purposefully accessing porn

This is another difficult one, mostly because in many cases by the time they are interested in porn many children will be better than their parents at working computers. How do you design a childproof system when the children are better than the parents are using the system?

I have said before that on a practical level I think the only answer that would allow most parents to control their children's internet usage without causing more harm than good is to require the children to use a desktop in the common area of the house until they are old enough to be trusted to control their use. I think last time we talked about this uppi convinced me he could lock down a system such that they would at least know if their child had unlocked it. I would put money on less than 50% of parents of teenages being able to do that.

Id for porn use will fail. No one will give their real personal id to a third party to identify themselves as a porn user. It will be so much easier to stop getting legal porn from pornhub and start getting illegal porn from [places] than go through the bureaucracy and risk. Then everyone will be exposed to illegal porn instead of legal porn and that will do harm.

Adults being harmed by purposefully accessing legal porn

Make more harmful porn illegal? I have to admit I do not know what the line between legal and illegal is, and I am not sure I want to know, but if there is good reason to believe it is in the wrong place there is nothing wrong with moving it.

Adults being harmed by purposefully accessing illegal porn

Another difficult one. More investment in enforcement (we could use the strategy we are using against the dark web against illegal porn perhaps?) More severe penalties, but is that justified? Automated searches of all MPs computers sounds like it might be a good start.

Part of the problem with regulating porn is much of it is produced in countries with poor regulation and/or no interest in dealing with it.
Putting the computer in a common area of the house might work if you watch the children constantly. Some pupils at the primary school I work at accessed content they weren't meant to (not porn, horror film stuff) when the teacher was helping somebody else. The school computers were meant not to be able to access such sites but 10 year olds got round the protections put in by the council IT department. In practice children have access to laptops and mobile phones that can access the internet.

 

[Samson]

In practice children have access to laptops and mobile phones that can access the internet.

This is the point. If a child has access to a computer they can boot from USB and access the internet then they can get on tor, and if they can get on tor they can access everything and no one can know what. If you can solve that problem then you can become rich.

 

[AmazonQueen]

This is the point. If a child has access to a computer they can boot from USB and access the internet then they can get on tor, and if they can get on tor they can access everything and no one can know what. If you can solve that problem then you can become rich.

Sadly I think the only answer that would guarantee blocking access to porn on the internet would be going full NK which obviously isn't an option I'd approve of.
Back to encryption. How would you ensure that governments are able to protect us from terrorists and criminals when they have encrypted communications available to them?

 

[Samson]

Sadly I think the only answer that would guarantee blocking access to porn on the internet would be going full NK which obviously isn't an option I'd approve of.
Back to encryption. How would you ensure that governments are able to protect us from terrorists and criminals when they have encrypted communications available to them?

The same way they have always done it. If they have reasonable suspicion of a crime they go to a judge and get a warrant and execute the warrant. If you have some encrypted data they can now serve them with a notice under the Regulation of Investigatory Powers Act 2000/Part III for the key. If they do not give it up you can lock them up for ever even if it is just because they have forgotten it. Where do you see the need for extra police powers to access personal data in the UK today? In the prevention or terrorism of the suppression of protest?

 

[AmazonQueen]

The same way they have always done it. If they have reasonable suspicion of a crime they go to a judge and get a warrant and execute the warrant. If you have some encrypted data they can now serve them with a notice under the Regulation of Investigatory Powers Act 2000/Part III for the key. If they do not give it up you can lock them up for ever even if it is just because they have forgotten it. Where do you see the need for extra police powers to access personal data in the UK today? In the prevention or terrorism of the suppression of protest?

Its not the same way as they have always done it.
A warrant for phone tapping does not let the suspect know they are being investigated. Your method would.

 

[Samson]

Its not the same way as they have always done it.
A warrant for phone tapping does not let the suspect know they are being investigated. Your method would.

Only if they want the key, the same way as if you were talking in code in a phone conversation.

Also, you do know that posting here requires encryption, right?

 

[MrCynical]

Back to encryption. How would you ensure that governments are able to protect us from terrorists and criminals when they have encrypted communications available to them?

Encrypted communications options have been available to them for quite a few years now. We've also had over 20 years of "it's to protect from terrorists and criminals" being the go to excuse for new government and law enforcement powers. Most of which have been rapidly abused in ways which are petty, and in some cases criminal themselves. I remain thoroughly unconvinced that any of the legal changes made in the name of that cause have had their supposed actual protective effect.

As far as encryption goes, a lot of it is required at this point simply to avoid basic identity theft scams. Sending any kind of personal info in plain readable format would be foolish in the extreme. The main compromise I have seen suggested is a "back door" in encryption for government and law enforcement usage, but it seems very clear such a system would be exploited by hackers sooner rather than later.

 

[AmazonQueen]

Only if they want the key, the same way as if you were talking in code in a phone conversation.

Also, you do know that posting here requires encryption, right?

Except talking in code on a phone is more difficult than sending an encrypted message.

But by the time I read it its been decrypted.

 

[Samson]

Encrypted communications options have been available to them for quite a few years now. We've also had over 20 years of "it's to protect from terrorists and criminals" being the go to excuse for new government and law enforcement powers. Most of which have been rapidly abused in ways which are petty, and in some cases criminal themselves. I remain thoroughly unconvinced that any of the legal changes made in the name of that cause have had their supposed actual protective effect.

As far as encryption goes, a lot of it is required at this point simply to avoid basic identity theft scams. Sending any kind of personal info in plain readable format would be foolish in the extreme. The main compromise I have seen suggested is a "back door" in encryption for government and law enforcement usage, but it seems very clear such a system would be exploited by hackers sooner rather than later.

The thing that really gets me is their insistence that they can do it without compromising security. This means one of the following is true:

• The government knows it is possible but no one else does, and they refuse to share the secret
• The government knows it is impossible, but is lying to us all about it
• The government thinks it is possible, and think the best way to find that possibility is to make it illegal for it not to exist rather than assign some research grants to the people who do this sort of thing for a living and basically work for the government, the UK taxpayer funded research community.

None of these are good things.

Except talking in code on a phone is more difficult than sending an encrypted message.

But by the time I read it its been decrypted.

A) Why is easier relevant? Surely it becoming easier means that a higher proportion of encrypted communication is likely to be non-criminal?

B) That is not new, the code that does that is 32 years old. It has been integrated into email clients for about that long. It is also easier for the state to monitor all our communications, and it does not need to get a warrant for emails. Do you really believe the government is less capable of monitoring the population now than at any time in the past?

 

[Gorbles]

If you are limiting something, then those bits that are beyond the limit are banned. That is all I am saying.

Jumping on this a bit late, probably redundant now, but a better way to think about this imo is that if you're allowing anything, you're allowing something. A partial ban isn't a ban, by definition, it's partial.

So I support them being semantically distinct (I agree with AmazonQueen generally), and I do think these semantics are relevant discussion to boot

 

[Kyriakos]

Would having providers read the messages (which means it doesn't matter they are encrypted, because the point of encryption is privacy) really deter any serious criminal?
There are infinitely many ways to personally encrypt a message, and do so without at all drawing suspicion it is encrypted. People can literally write sentences that stand fine as what they are read, but be in code.
Bottom line seems to be that allowing providers to just read messages/other, will only catch the stupidest small fry, and no one who actually is likely to cause damage on a scale warranting such erosion of liberties.
For all you know, myself and @r16 have been discussing nuclear secrets here for years, for the benefit of a few 0-post lurkers. Granted, r16 isn't as mindful to fully craft his sentences so as to draw no suspicion, but it's part of the organization's leeway.

 

[Samson]

Jumping on this a bit late, probably redundant now, but a better way to think about this imo is that if you're allowing anything, you're allowing something. A partial ban isn't a ban, by definition, it's partial.

So I support them being semantically distinct (I agree with AmazonQueen generally), and I do think these semantics are relevant discussion to boot

This demonstrates that this is a semantic question. Below if the google autocomplete for "partial". I would say all of these a "partial X" is a form or subset of X, rather than a different thing. It would be really funny if your autocomplete was different in that regard, it would show that the difference is our two relatively similar google bubbles. Can we at least agree that this is a semantic question now?

Spoiler Google autocomplete on partial :

 

[AmazonQueen]

The thing that really gets me is their insistence that they can do it without compromising security. This means one of the following is true:

• The government knows it is possible but no one else does, and they refuse to share the secret
• The government knows it is impossible, but is lying to us all about it
• The government thinks it is possible, and think the best way to find that possibility is to make it illegal for it not to exist rather than assign some research grants to the people who do this sort of thing for a living and basically work for the government, the UK taxpayer funded research community.

None of these are good things.


A) Why is easier relevant? Surely it becoming easier means that a higher proportion of encrypted communication is likely to be non-criminal?

B) That is not new, the code that does that is 32 years old. It has been integrated into email clients for about that long. It is also easier for the state to monitor all our communications, and it does not need to get a warrant for emails. Do you really believe the government is less capable of monitoring the population now than at any time in the past?

Easier is relevant because it meant very few people used anything other than the simplest of codes in phone conversations.
I'm not arguing than the government should have unlimited access to all communications.
I'd prefer them to have to obtain a warrant from a judge as C&E had to.
Because of the bureaucratic nature of the process and the resource cost C&E rarely did it but there were cases when the evidence couldn't have been gathered without access to the suspects communications without their knowledge. It also meant there was a record of what phone taps had been granted held by an organisation that C&E didn't control.

 

[Samson]

Easier is relevant because it meant very few people used anything other than the simplest of codes in phone conversations.
I'm not arguing than the government should have unlimited access to all communications.
I'd prefer them to have to obtain a warrant from a judge as C&E had to.
Because of the bureaucratic nature of the process and the resource cost C&E rarely did it but there were cases when the evidence couldn't have been gathered without access to the suspects communications without their knowledge. It also meant there was a record of what phone taps had been granted held by an organisation that C&E didn't control.

To be sure that we are not talking past each other again, I shall lay out my position.

• Terrorist level and serious crime level operations have had access to encryption technology to frustrate law enforcement basically forever, but at least since 1882.
• Government surveillance is far greater now than it has ever been, reportedly up to 90% of US packet level data is available for purchase by law enforcement and and unknown and large use is put to this resource
• Legal powers to require people to give up their passwords are a "new" type of power the state gained in 2000
• If I am allowed to run PGP/GPG I have at least 2010 military grade encryption, which is good enough for anyone (terrorist or kiddie fiddler) until we get quantum computers
• If I am not allowed to run the maths implemented in PGP/GPG then internet commerce would stop, and linux would become illegal
• I do not see a legislative solution. I see loads of non-legislative solutions.

Is there anything here you actually disagree with?

 

[AmazonQueen]

To be sure that we are not talking past each other again, I shall lay out my position.

• Terrorist level and serious crime level operations have had access to encryption technology to frustrate law enforcement basically forever, but at least since 1882.
• Government surveillance is far greater now than it has ever been, reportedly up to 90% of US packet level data is available for purchase by law enforcement and and unknown and large use is put to this resource
• Legal powers to require people to give up their passwords are a "new" type of power the state gained in 2000
• If I am allowed to run PGP/GPG I have at least 2010 military grade encryption, which is good enough for anyone (terrorist or kiddie fiddler) until we get quantum computers
• If I am not allowed to run the maths implemented in PGP/GPG then internet commerce would stop, and linux would become illegal

I do not see a legislative solution. I see loads of non-legislative solutions.

Is there anything here you actually disagree with?

I'm not an expert and not qualified to comment on most of it.
Legal powers to force people to give up their passwords seem useless in preventing crime.

 

[Samson]

Legal powers to force people to give up their passwords seem useless in preventing crime.

It is good for punishing undesirables though. Is this not enough to convince you? What do you see as the problem that needs more laws in this area, pushing the balance of power more towards the state that the proletariat?

A leading French publisher has been bailed after anti-terror laws were used to arrest him as he arrived in London.​

​

“On Tuesday, 18 April, the man was subsequently arrested on suspicion of wilfully obstructing a Schedule 7 examination (contrary to section 18 of the Terrorism Act 2000). Enquiries continue.”​

​

“It was demanded that he give up his phone and pass codes to the officers, with no justification or explanation offered. This morning, Ernest was formally arrested and transferred to a police station, accused of obstruction because of his refusal to give up his pass codes.”​

To be clear, they wanted to get information from a book publishers devices about the recent pension protests to pass on to the french police. They required the divulging of passwords, using a law that granted him immunity from UK but not French law. His refusal was breaking UK law. This is international silencing of dissenting voices.

 

[AmazonQueen]

It is good for punishing undesirables though. Is this not enough to convince you? What do you see as the problem that needs more laws in this area, pushing the balance of power more towards the state that the proletariat?

A leading French publisher has been bailed after anti-terror laws were used to arrest him as he arrived in London.​

​

“On Tuesday, 18 April, the man was subsequently arrested on suspicion of wilfully obstructing a Schedule 7 examination (contrary to section 18 of the Terrorism Act 2000). Enquiries continue.”​

​

“It was demanded that he give up his phone and pass codes to the officers, with no justification or explanation offered. This morning, Ernest was formally arrested and transferred to a police station, accused of obstruction because of his refusal to give up his pass codes.”​

To be clear, they wanted to get information from a book publishers devices about the recent pension protests to pass on to the french police. They required the divulging of passwords, using a law that granted him immunity from UK but not French law. His refusal was breaking UK law. This is international silencing of dissenting voices.

I'm not arguing for more laws in general, I'm arguing that the ability to intercept communications without the suspects knowledge is important in investigating and preventing crime.

 

[Samson]

I'm not arguing for more laws in general, I'm arguing that the ability to intercept communications without the suspects knowledge is important in investigating and preventing crime.

Full pedantry, to ensure there is no miscommunication:

• State legal ability to intercept communications without the suspects knowledge would cause some crimes to be solved when they would not otherwise. On that we agree.
• The distribution of those crimes will trend to the small ones, because the practical ability to encrypt communication will be unaffected.
• State legal ability to intercept communications will definitely break whatsapp/signal
• State legal ability to intercept communications will probably break internet commerce
• I THINK state legal ability to intercept communications would be more draconian than current CCP law
• I am convinced that state legal ability to intercept communications will have a greater practical effect on XR than ISIS or the Peckham Boys

 

[Fippy]

Not sure if this belongs in here..after just several minutes on my "Smart TV" i feel like either i can just watch as on a normal TV, or i want that darn thing to be off again.
There's so much advertising that you suddenly see without top adblockers (on PC), all paths lead to usual suspects like Google, Amazon, App store etc.
I somewhat learned ways around them..but teens etc prolly know no better and i would go as far as saying they want us all to be digitally brainwashed.
I know those things are rampant on phones as well.

No idea if it can be stopped..anyways i consider this criminal by now.
There are really serious topics on Samson's list, so as mentioned at start i dunno if my thoughts fit in here.