Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
gjsman-1000 2 days ago

I think you're confusing technical encryption with the privacy of encryption.

For example, let's say I implemented a CSAM-scanning AI model in my chat app, which runs locally against your message, before communicating the message over an encrypted HTTPS channel. If the message is flagged, it can be sent over an encrypted HTTPS channel to authorities, on a secondary separate connection. At no point, did it leave the device, in unencrypted form.

Is that message encrypted? Yes.

The way that you want? No.

Governments have recognized this distinction, and have figured out they can have their cake and eat it too; the security of encryption with none of the privacy.

fruitworks 2 days ago | parent | next [-]

>If the message is flagged, it can be sent over an encrypted HTTPS channel to authorities

okay, but how do you prevent me from intercepting that communication.

Or even running my own copy of the local model and determing ahead of time whether it will trip the alarm. If the attacker has access to the model, they can effectively make a GAN to modify images to get past the filter.

Akronymus 2 days ago | parent [-]

Or even just having a proxy that pretends to be the official service but that just drops the reported messages.

nicce 2 days ago | parent | prev | next [-]

> In cryptography, encryption (more specifically, encoding) is the process of transforming information in a way that, ideally, only authorized parties can decode.

From Wikipedia. They can’t have their cake. You are breaking the concept of information into smaller steps (e.g. message) when that is against the definition.

gjsman-1000 2 days ago | parent [-]

Governments don't define encryption that way - they define encryption as the process of transforming information in a way that, ideally, an adversary cannot decode. Messages are unreadable if Russia hacked Vodafone, or China hacked Verizon, that kind of thing.

There's a significant difference there between a government's definition and Wikipedia's idealism. Or, even if they subscribed to the Wikipedia definition, they would say they have the legal right to be an authorized party.

nicce 2 days ago | parent [-]

Creating new words and definitions doesn't justify any initiatives. The point is that they try to mislead the common people. So we can't really say that "someone is confusing the terms", when the entity in question just created the new definition?

It works, because you already tried to argue with that. And it is not the Wikipedia. The whole existence of encryption is evolved around the concept of information. And even the government's definition can be argued, because the adversary is defined by the sender and the receiver, not by anyone else.

When there is law, then the definition matters and there is legal stand, but before that, it is just an initiative which tries to mislead.

Terr_ 2 days ago | parent | prev | next [-]

Another example of such degenerate-encryption would be having messages "end-to-end" encrypted, but a copy of the key is kept by a service-provider or even sent in advance to a government agency.

zappb 2 days ago | parent | prev [-]

People usually mean "end to end encryption" in these situations, and by adding a third "end" to the system, you bypass the whole point of end to end encryption.

gjsman-1000 2 days ago | parent [-]

My above example is end to end encryption compatible, it's just that you don't get to pick the end it might go to. However, the connections between ends are still encrypted. As such, it passes the technical mathematical definition (one end having a direct pipe to the second end, with nothing possibly in between), but not the philosophical one.

Governments have never cared about the encryption philosophy; only the math aspects and international risk - which, in this example, are technically satisfied.