Online platforms will be forced to scan the private messages of users if proposed industry standards are implemented in Australia, global privacy watchdogs claim.
The group is responding to moves by Western governments, including Australia’s eSafety Commissioner Inman Grant, to do more to tackle online sex exploitation material and other harmful content.
Released draft standards, of the Online Safety Act, to regulate “Class 1” online material, including content considered seriously harmful, such as videos showing the sexual abuse of children or acts of terrorism.
The standard applies to services including “email, instant messaging, short messages services (SMS), multimedia message services (MMS) and chat, as well as services that enable people to play online games with each other and dating services.”
Further other “apps and websites … as well as online file storage services” will come under the microscope.
Everything online, provided it’s accessible to Australians (even if there are no visitors) is captured, even corporate Intranet sites and content-free static sites like those used to park domains—including The Epoch Times.
Encryption At Risk to Meet Government’s Standard
In response, the Global Encryption Coalition have signed a joint letter—which comprises the Center for Democracy & Technology, Global Partners Digital, the Internet Freedom Foundation, the Internet Society, Mozilla, Access Now, and Digital Rights Watch—calling on the Australian government to amend the proposal.
They warn the move will “threaten to undermine the use of end-to-end encryption, putting security and privacy of Internet users at greater risk,” according to an open letter.
Australia’s eSafety commissioner, Ms. Grant, has said the standard “does not require service providers to monitor the content of private emails, instant messages, SMS, MMS, online chats and other private communications.”
Rather it calls upon online platforms to “use systems, processes and technologies to detect known child sexual abuse material and known pro-terror material” and notes that “deployment of end-to-end encryption does not absolve services of responsibility for hosting or facilitating online abuse or the sharing of illegal content.”
Technical Limits to Achieving ‘Online Safety’
But the global coalition says the methods providers will need to meet that standard—such as using artificial intelligence and “hashtag scanning”—will need to bypass or break encryption if they are to work.
Generally “client-side scanning” results in online messages between a sender and receiver losing their privacy.
The complexity they add could also limit the reliability of a communication, and potentially stop legitimate messages from reaching their intended destination. They also have the potential to be exploited by criminals.
If the decryption and scanning take place on a server through which the messages pass, that means “end-to-end encryption” is ultimately, not achieved.
The coalition also claims the technologies favoured by the eSafety commissioner are, in any case, ineffective, saying: “These methods have been widely criticised by privacy and security researchers, digital rights advocacy organisations and human rights groups around the world.”
Scanning technologies are considered to be flawed because they: have questionable effectiveness; contain a high risk of false positives; [and] increase vulnerabilities to security threats and attack … scanning fundamentally undermines encryption’s promise and principle of private and secure communications and personal file storage.
“Contrary to the goals of the standards, this will leave everyone less safe online” and create an “unreasonable and disproportionate risk of harm to individuals and communities,” the group said.
The coalition also said there was a lack of clear safeguards to guarantee digital privacy for the millions that use such apps each day.
Telegram, one of the better-known encrypted messaging services, claims a user base of 200 million people.
Meta, which built encryption into WhatsApp after it purchased the messaging app, has pledged to work toward encryption and secure data storage across Facebook, and on Dec. 7, announced the introduction of end-to-end encryption in Facebook Messenger, which is used by over a billion people.
Online storage services such as iCloud and Google Cloud also offer, as an option, encrypted storage.
What Online Platforms Are Required to Do?
The proposed Australian standard requires providers to carry out regular risk assessments, the methodology for which they must devise themselves.
It gives the commissioner the power to impose an obligation on providers that their service is not “used to solicit, access, distribute or store” Class 1 material.
If the provider is subsequently prosecuted for failing to do so, it bears the burden of proof to show that it took “appropriate and proportionate” action to restrict and remove the material.
Nicolas Suzor, who researches internet governance at the Queensland University of Technology, points out that some potential Class 1B material—instructions in matters of crime or information about prohibited drug use—are things that Australians might want to have available online, and gives the example of articles on safe medical abortions, currently illegal in certain states of the United States.
In one such state, Nebraska, police have already used Facebook messages to investigate an alleged illegal abortion.
Meanwhile, the national programs manager at the Scarlet Alliance, Gala Vanting, said the technology is of particular concern for those in the sex work industry.
“It’s very likely to over-capture content. It’s very unskilled at reading context [in] sexual content.” she said.
Section 146 of Australia’s Online Safety Act sets the penalty for not complying with an Industry Standard at 500 penalty units—currently $156,500 (US$102,000).
Friends Read Free
Copy
Facebook
Tweet
