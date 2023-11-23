Platforms like Google Drive, Facebook Messenger, and other websites and apps may soon be required to scan for illegal material under proposed standards Australia’s eSafety Commissioner. The aim is to detect and remove child sexual abuse and pro-terror content from various online platforms. Stakeholders have until December 21 to provide their feedback on the costs, practicality, privacy risks, and other concerns related to these proposed online safety standards.

Contrary to common misconceptions, the standards do not require service providers to monitor private communications such as emails, instant messages, SMS, MMS, and online chats. Automated detection technologies, like Microsoft’s PhotoDNA, which uses a hash-matching tool, are considered privacy-protecting as they only match and flag known child sexual abuse imagery. The accuracy rate of PhotoDNA is incredibly high, with a false positive rate of only 1 in 50 billion.

To detect illegal content, some platforms, such as Meta, use classifiers trained on verified content. Additionally, the distribution of illegal content can be disrupted blocking accounts with suspicious metadata or identifying material posted on unencrypted surfaces like user profiles.

Unlike previously rejected codes, the proposed standards do not create a separate category for end-to-end encrypted (E2EE) services. Companies operating E2EE services cannot use encryption as a free pass to avoid taking action against criminal acts performed on their platforms. However, these standards do not require companies to intentionally design vulnerabilities or weaknesses into their E2EE services.

While there is a perception that E2EE and automated detection technologies are incompatible, the eSafety Commissioner disagrees. Exceptions may be granted to service providers who can demonstrate that detection is technically infeasible in their specific circumstances. These technical feasibility assessments consider the costs of implementing action against the level of risk to end-users’ online safety.

The eSafety Office has proposed methods for making E2EE and content scanning interoperable. For example, content could be scanned for illegal material before the encryption phase of E2EE, ensuring privacy while still detecting harmful content.

Overall, the proposed requirements aim to maintain online safety, particularly when it comes to combating child sexual abuse and pro-terror content, without compromising users’ privacy and security.

