The outcome would most likely result in an outright ban on encryption or will require app developers to start implementing CSS on every app used for communication (Whatsapp, Signal, Messenger, Telegram, IMessage).
Once that happens, it will only be a matter of time before it will be mandatory for CSS to happen at the OS level.
It could potentially be rolled out to MacOS and Windows as well.
What would you do then? Would that bother you or would you keep on using your devices as usual?
I know the question is very broad but I am interested in what other people think on these matters.
This is just my opinion and what I've always done but I'd keep 'em separated. By weird coincidence I've been following some PCI standards for my home gear before the PCI standard existed. Linux for daily driver. A throw-away Windows machine for watching streaming videos that come with my Amazon Prime and to make the governments and their corporate 3rd party buddies happy that they can see some things I do. Another Linux machine for protecting financial data. Another Linux machine for managing devices. All except Windows are configured to be in a hostile network. I leave the Windows machine leaking like it is expected to be.
What would you do then?
If something required an app to be installed I would not use it. If something ever requires WEI [1] I would not use it. If a video game requires some anti-cheat daemon running with higher privs I get a refund and so on. Given the internet is entirely optional for me and everyone else too there is no way I could be required to install something.
My cell phone is used for Texting neighbors, family and voice. It will soon be launched from a skeet launcher and replaced with a IP68 tough dumb phone that will be powered off most of the time. I do not trust centralized services for sensitive chat even if one of their founders used to be kindof cool. This stodgy cranky ol' troglodyte will use self hosted IRCD, SSH chat, uMurmur, open source tinc vpn meshes. They are higher friction and I love it. It keeps people with leaky pipes off my stuff. Maybe AI can help me make a song, "Crank up the friction!"
[1] - https://www.eff.org/deeplinks/2023/08/your-computer-should-s...
Although the damage to trust these attempts alone should never be underestimated. Windows is already running in an enclave for me and I use it less and less. I don't like MacOS because I think Apple is not the way if you like open computing. Nice devices, but for a different target demographic.
Otherwise I can of course just disable any scanning, it isn't too hard to filter or even better make false reports. I don't use large messengers outside of a dry business account and I doubt any smaller software will comply.
Under no circumstance do I want to use a device where any third party can scan as it please, even if it is just file hashes or something similar. I would like to sabotage such attempts to the largest degree possible because I believe them to conflict with basic rights.
The answer is largely going to be to just use open source software which doesn't have CSS and continues to implement E2E. For work I don't care because it's not my privacy to protect so I'll probably just continue using whatever – Mac, Slack, etc. For most personal stuff I use Linux anyway so I don't really care.
Something I will warn people of in advance is that if you're in the EU/UK people have been arrested for terrorism simply for their book and memorabilia collections. If you're suspected of terrorism (at least in the UK) you do not have a right to silence and this extends to being legally required to hand over passwords/keys for your devices.
Once CSS is in place if you have any edgy Alex Jones memes on your phone / computer or a digital copy of something like the anarchistic cookbook don't be surprised if the government suspects you of being a terrorist or if you get put you on a list.
CSS and breaking E2E gives governments everything they need to find out who all the wrong thinkers are in society so they can protect us. It would be irresponsible of them to pass up that opportunity. Keep your opinions to yourself, and ensure all jokes and memes viewed or stored on your device are safely within the Overton window.
Yes, but this may in fact take much longer that it may look at first glance. Think decades, not years.
Do not overestimate churn. Compare to how long it took / is still taking for virus scanners to become integral part of Windows. Similarly, at some point it will become empirically clear that CSS (like virus scanners) aren't the end-all blessing they promised to be.
There will be accidents in the mean time. Obviously: false positives, misuse by oppressive regimes. But also: malware, DoS, exploits and other mischief we've already seen in the wild with virus scanners, spam filters, intrusion detection systems, DRM, corporate firewalls.
I'm confident that at some point, legislation will be loosened to aim for more realistic goals. Especially once legislator realizes it fails to meaningfully "protect the children and fight terrorism".
So, I kinda accepted that things will change mostly for the worst. When the real thing against ecryption comes out, I will adapt to the specific case. Not much to do outside a political battle (which requires real power).