I agree, in this context it's likely an emotional play to go against encryption (especially if you look who is behind the law), I'd like to know more about what tech companies mean when they say they have their own plans to tackle this problem.
To me, it seems the requirements that:
1) you should be unable to access the data
and
2) you should monitor the data for certain content
seem hard mutually exclusive:
Even if you developed some magic AI technology that could detect child porn in an end-to-end encrypted connection, well congrats, you broke the encryption, but then it's not end-to-end encrypted anymore. (And you could likely use the same technology to detect other things)
The only way I can see how you could keep both promises in some sense would be to move the detection into the client scan for content before it's being encrypted.
This would require that you tightly control all clients any kind of tampering or use of alternative clients impossible. I'm not sure, that's a good vision for the future either. (It would also render the encryption mostly useless, because the vendor could simply instruct the client to extract whatever data they are interested in. I can get the same level of security with plain HTTPS and a vendor promising not to look at the data.)
If this is the alternative, maybe a controlled, traceable way to intercept connections would be the lesser evil.
To me, it seems the requirements that:
1) you should be unable to access the data
and
2) you should monitor the data for certain content
seem hard mutually exclusive:
Even if you developed some magic AI technology that could detect child porn in an end-to-end encrypted connection, well congrats, you broke the encryption, but then it's not end-to-end encrypted anymore. (And you could likely use the same technology to detect other things)
The only way I can see how you could keep both promises in some sense would be to move the detection into the client scan for content before it's being encrypted.
This would require that you tightly control all clients any kind of tampering or use of alternative clients impossible. I'm not sure, that's a good vision for the future either. (It would also render the encryption mostly useless, because the vendor could simply instruct the client to extract whatever data they are interested in. I can get the same level of security with plain HTTPS and a vendor promising not to look at the data.)
If this is the alternative, maybe a controlled, traceable way to intercept connections would be the lesser evil.
So, what are the tech companies' takes on this?