UK cybersecurity chiefs endorse scanning of phones for child abuse pictures
Tech major Apple’s plan to scan photos before they are uploaded to the company’s image-sharing service has been halted because of privacy concerns. Client-side scanning refers to the scanning of messages for matches against a database of objectionable content before they are sent to the intended recipients. (Photo by Chip Somodevilla/Getty Images)
The UK’s cybersecurity chiefs have favoured allowing companies to put in place “client-side scanning” that could protect “children and privacy at the same time”.
In a discussion paper, National Cybersecurity Centre technical director Ian Levy and Crispin Robinson of the Government Communications Headquarters (GCHQ) said they did not find merit in the arguments that the technology was unsafe to prevent uploading of child abuse imagery.
However, critics argue that client-side scanning, which refers to the scanning of messages for matches against a database of objectionable content before they are sent to the intended recipients, goes against end-to-end encryption policy.
Tech major Apple’s plan to scan photos before they are uploaded to the company’s image-sharing service has been halted because of privacy concerns.
“We’ve found no reason why client-side scanning techniques cannot be implemented safely in many of the situations one will encounter,” they said.
However, Levy and Robinson, who is the technical director of cryptanalysis at the GCHQ, clarified that the discussion paper was not a government policy.
“It’s relatively easy for a service provider to silently add a law enforcement participant to a group chat or call.. This sort of solution seems to be no more intrusive than the virtual crocodile clips that our democratically elected representatives and judiciary authorise today,” the duo said.
They also warned that lack of clarity in understanding the matter could result in “the wrong outcome”.
“Details matter when talking about this subject… Discussing the subject in generalities, using ambiguous language or hyperbole, will almost certainly lead to the wrong outcome,” their discussion paper said.
Child protection campaigners welcomed the duo’s argument.
Andy Burrows of the National Society for the Prevention of Cruelty to Children said the paper “breaks through the false binary that children’s fundamental right to safety online can only be achieved at the expense of adult privacy”.
He told the Guardian, “It’s clear that legislation can incentivise companies to develop technical solutions and deliver safer and more private online services.”