Categories
Actions News

Take Action: Sign the joint letter in response to Australian eSafety proposed industry standards

The Australian government is currently considering draft online safety standards that threaten to undermine the use of end-to-end encryption, putting security and privacy of Internet users at greater risk.

The eSafety Commissioner has proposed two draft industry standards under the Online Safety Act. Both draft standards include a range of proactive detection obligations on digital services to scan content in order to detect, remove, disrupt and deter illegal content. However, as these standards have no specific safeguards for end-to-end encrypted services that people rely on for privacy and safety, end-to-end encrypted services will be forced to undermine the security and privacy of their services in order to comply. Contrary to the goals of the standards, this will leave everyone less safe online.

The Australian online safety codes must ensure the protection of privacy and security of Internet users, and the use of end-to-end encrypted services.

Join the Steering Global Encryption Coalition Steering Committee (The Center for Democracy & Technology, Global Partners Digital, the Internet Freedom Foundation, the Internet Society, and Mozilla), Access Now, and Digital Rights Watch in calling on the eSafety Commissioner to protect the privacy and safety of all users by protecting end-to-end encrypted services.

Joint letter in response to Australian eSafety proposed industry standards

Target: Commissioner Inman Grant

Sign This Petition

  • Not in US? United States
    • Note: If you subscribed earlier, this will not unsubscribe you. You can unsubscribe using the link provided in emails you receive. You can always take action without opting in.
  • Loading

    Dear Commissioner Inman Grant, 

    We the undersigned organisations and individuals urge you to protect the privacy and security of communications and cloud file storage for internet users.

    We acknowledge the severity of harm caused by the dissemination of child sexual abuse material (CSAM) and other forms of illegal content, and we support strong regulation to ensure platform accountability, the empowerment of users as well as the protection of their rights and safety. It is essential that governments, with the support of industry, take effective steps to regulate the spread of illegal content. It is also essential that such approaches do not also disproportionately lead to the creation and exacerbation of other harms, and adopt best practices in international policy making.

    The eSafety Commissioner has proposed two draft industry standards (1) under the Online Safety Act. Taken together, these standards apply to a broad range of services that people use every day including email, text and instant messaging, video communications, online gaming, dating services, and online file storage. In a context in which cybersecurity risks are rising, the safety, rights, and wellbeing of individuals and communities rely on the digital security and the privacy of these services.

    Both draft standards include a range of proactive detection obligations on digital services to scan content in order to detect, remove, disrupt and deter CSAM and ‘pro-terror’ content. There are no specific safeguards for end-to-end encrypted services that people rely on for privacy and safety, as content on such platforms cannot be accessed by any third party, including the service provider, at any stage of the communication/storage process. Hashing and artificial intelligence technologies are specifically referenced to detect and remove objectionable content. Such approaches, when deployed on a device, are commonly referred to as ‘client side scanning.’ These methods have been widely criticised by privacy and security researchers, digital rights advocacy organisations and human rights groups around the world. (2) Internet safety advocates and child rights groups have emphasised the importance of looking at other methods to enhance online safety for children and minimise the dissemination of CSAM, and how encryption works to protect the rights of children. (3) Scanning technologies are deeply flawed because they: have questionable effectiveness; contain a high risk of false positives; increase vulnerabilities to security threats and attack – thereby weakening online safety for all users – and enable the ability to expand use of such systems to scan other categories of content in the future. (4)

    The eSafety Commissioner has publicly stated that it supports privacy and security, and does not advocate building in weaknesses or back doors to undermine end-to-end encrypted services. (5) But client-side scanning fundamentally undermines encryption’s promise and principle of private and secure communications and personal file storage. We urge the Commissioner against creating standards that would force encrypted services to implement such scanning measures as they would create an unreasonable and disproportionate risk of harm to individuals and communities.

    Australia is a leader in the field of online safety policy making, and this position comes with responsibility in shaping the norms and direction of international internet governance and regulation. Proceeding with the standards as drafted would signal to other countries that online safety is somehow counterposed to privacy and security, when the opposite is true.

    We strongly urge the eSafety Commissioner to amend the proposed industry standards to ensure the protection of privacy and security, and urge the Australian Government to commit to the ongoing protection and strengthening of encryption, privacy and digital security.

    1) See two draft industry standards: https://www.esafety.gov.au/industry/codes/standards-consultation
    2) See, for example, this open letter in response to the EU’s proposed Child Sexual Abuse Regulation, signed by over 450 scientists and researchers: https://docs.google.com/document/d/13Aeex72MtFBjKhExRTooVMWN9TC-pbH-5LEaAbMF91Y/edit
    3) See, for example, ‘Privacy and Protection: A children’s rights approach to encryption,’ Child Rights International Network, 19 January 2023, which concludes technologies including client-side scanning is akin to breaking encryption by compromising its aims, and points to other underutilised safety mechanisms such as user reporting, https://home.crin.org/readlistenwatch/stories/privacy-and-protection; and ‘Chat Control or Child Protection?’ Ross Anderson, Foundation for Information Policy Research, October 2022 which notes alternative methods to tech solutionism to enhance safety, https://www.cl.cam.ac.uk/~rja14/Papers/chatcontrol.pdf.
    4) For further detail on the risks of client side scanning see: ‘Fact Sheet: Client-Side Scanning’, Internet Society 24 March 2020, https://www.internetsociety.org/resources/doc/2020/fact-sheet-client-side-scanning/; and ‘Bugs in our Pockets: The Risks of Client-Side Scanning,’ 14 October 2021, https://arxiv.org/abs/2110.07450.
    5) See ‘Updated Position Statement: End-to-end encryption ,’ October 2023 https://www.esafety.gov.au/sites/default/files/2023-10/End-to-end-encryption-position-statement-oct2023.pdf; and ‘Australia releases new online safety standards to tackle terror and child sexual abuse content,’ The Guardian, 20 November 2023, https://www.theguardian.com/australia-news/2023/nov/20/australia-esafety-standards-new-2023-targets-child-content-terrorism-detection.

    Sincerely,

    The undersigned organizations and individuals

    Organizations

    Access Now

    Africa Media and Information Technology Initiative (AfriMITI)

    ARTICLE 19 Assembly Four

    Associação Portuguesa para a Promoção da Segurança da Informação (AP2SI)

    Betapersei SC
    Blueprint for Free Speech

    Center for Democracy and Technology

    Centro Latinoamericano de Investigaciones Sobre Internet (CLISI)

    Digital Rights Watch

    eclectic.engineering P/L

    Electronic Frontiers Australia

    Fabiano Law Firm

    Fight for the Future

    Fusion Party Australia

    Global Partners Digital

    Hello Code Pty Ltd

    Internet Architecture Board

    Internet Association of Australia

    Internet Australia (Internet Society of Australia)

    Internet Freedom Foundation

    Internet Society

    Internet Society Ghana

    Interpeer Project

    IT-Pol Denmark

    JCA-NET(Japan)

    LGBT Technology Partnership

    Mozilla

    NAPWHA

    Open Rights Group

    OPTF

    Privacy & Access Council of Canada

    Proton

    Seraf Inc.

    Signal

    Signal Labs

    Superbloom (previously known as Simply Secure)

    The Ruffle Technology Company

    The Sizzle

    The Tor Project Tuta

    Individuals

    Affiliations listed for identification purposes only

    Romney Adams

    Zafer Saeed A Ahmad

    Michael Airey

    Shane Alderton

    Pat Allan

    Jamie Allen

    Toby Allen

    Shereen  Almagzoub

    Robert Amos

    Leroy Anderson

    brian anderson

    Thomas  Anderson

    Matt Andrews

    Ambrose Andrews

    Sherry Armstrong

    Tommaso Armstrong

    Reginald Ashman

    Michael Astle

    Daniel Axtens

    Jade B

    Ramon Baba

    Katherine  Back

    nicola badran

    Melanie Bakewell

    Veronica  Ball

    Paora  Balzer

    Nic Barbaro

    Marcus Barczak

    Jason Barker

    Chris Barry

    Hamish Bassett

    Lyn Barwick

    Alana Becker

    Stuart Begg

    Bradley Bell

    Toni Bentley

    Michel Bergeron

    Jordan Bertasso

    Benjamin Beshara

    Fares Bessrour

    Stuart Biggs

    Christopher Biggs

    Michelle Black

    Adam Blackhall

    David Blackwell

    Julie Blackwell

    Cees Boekel

    Oliver Boermans

    Luke Boner

    Matthew Boniface

    Andrew Bonte

    Pieter Bos

    Sarah Botham

    Constantine Bourlioufas

    Jarah Bowman

    Nicholas Boyle

    Sean Boys

    Marcie Breen

    Philip Briggs

    han broekman

    Gregor Brown

    John Brown

    Alannah  Brown

    Vin Brown

    Damion  Brown

    Sam Buckberry

    Jon Burdach

    Rollin Burford

    Phil Burg

    Donald Burgess

    Richard Burke

    Julianna Burke

    Sam Burnett

    Adrian Burns

    Brodie Burns-williamson

    Angela Cadwallen

    Peter Caffin

    Carlos Calero

    Evan Cameron

    John Cameron

    Leigh Carey

    Michael Carino

    Madeline Carlier

    Clancy Carr

    Jayden Carslake

    Georgina Carson

    Graham Castles

    Matthew Cengia

    Travis Charlton

    Paul  Cheshire

    Sishoon Chow

    James Clark

    Aidan Clarke, Principle DevOps Evangelist, Atlassian

    Brady Clarke

    Denise  Clarke

    Tim Cleaver

    Jake Cleland

    Daniel Clibborn

    Phillip  Cochrane

    Garth Coghlan

    Trevor Collins

    Josephine Colson, Head of Marketing, Cremorne Digital Hub

    Adrian Cook

    Greg Cooper

    Steel Cooper

    Erica Corr

    Sean Corrigan

    Lachlan Costigan

    Tavishe Coulson

    Neill Cox

    Rob Craig

    Andrew Crane

    Petar Crnomarkovic

    Brian Crowley

    Owen Curteis

    James Cutler

    Adam D’Alessandro

    Simon Daigle

    Andreas Dalman

    Maria Dancuk

    Bruce Davie, co-founder and publisher,  Systems Approach, LLC

    Shaun deans

    Stephen Dedman

    Mark Delany

    Quincy Denham

    Marcus Denny

    Andrew Dent

    Nakul Deshmukh

    Deon Deszcz

    Mark Devenish

    Marco Di Leo

    Andy Do

    Rebecca Dominguez

    Mark Dorset

    Kim Dowling

    Iain Dowling

    Andrew Downing

    Nick Doyle

    wojtek  dr

    Craig Drewer

    Darcy Driscoll, Software Engineer, Professionals Australia

    Gareth Dunstone

    Peter Dutch

    Odin Dutton

    Tim Edwards

    Megan Edwards

    Alex Egan

    Steve Evans

    Elisa Ewer


    Ryan Fearnall

    zev  feldman

    Matt Fenn

    Edoardo Ferrero

    John Ferrero

    Lucas Ficarra

    Mathew Fidge

    Ben Finney

    Samantha Floreani

    Tara Force

    Linda  Ford

    joseph frawley

    Chris Fredericks

    Nick Freeland

    Neville  Fryar

    Nancy Gabauer

    Josh Gardner

    Charles Gascoigne

    Stephen Gentle

    Darren Gibbs

    Beau Gieskens, Software Engineer

    Christopher Giffard

    Kevin Gil

    Evan Gilbert

    wayne gipters dj

    Chery Gladman

    Callum Glennen

    Matthew Godfrey

    Hollie Goik

    Daniel Gomes

    Jason Goroncy

    Jarrah Gosbell

    Daniel Govier

    Nathan Grant

    Angus Gratton

    Aaron Graves

    Taylor Greig

    Matthew Gretton

    Michael Grey

    Joao  Grilo

    Nick Grundy

    Michał Grygierzec

    Jon H

    Robin Haeusler

    David Geoffrey Hall

    Mark Halliwell

    Damian Halloran

    Simon Handfield

    Mark Hansen

    Tracy Hawes

    Brad Hayes

    Ric Hayman

    Paige Headington

    Virginia Heal

    James Hebden

    Natalie Hendry

    Nicholas Henry

    Mark Henry

    Menno Hess

    adrian hewitt

    Adam Hickey

    Ben Hickleton

    Brendan Hidetake

    Allen Higginbottom

    Andrew  Hill

    Christopher Hocking

    Lindsay-Leigh Hocking

    Joshua Hodkinson

    Stephan Holle

    Lindsay Holmwood

    Michael Honey

    O Hooper

    Kevin Hsueh

    Robert Hudson

    Baden Hughes

    Scott Humphries

    Allan Hunt

    Dirk Hunter

    Michael  Hurren

    John Hussey

    Mark Hutton

    Patrik Hyytiäinen

    Sam Ibrahim

    Steven Impson

    Jett Jackson

    Alexandra James

    Trevor Jenke

    Joshua Jennings

    Mark Johnson

    Jerrie Johnston

    Jacob Johnston

    Martin  Jones

    Nivin Jose

    Rowan K

    Kaan Karaoglu

    Tace Kelly

    mark kerr

    Dave Kerr

    Monique Kerr

    Alex Kesik

    Alex Keynes

    Garth Kidd

    Marian Kiely

    Stephen King

    Brayden King

    Nazar Kirama

    Amy Kirwan

    Mariusz Klochowicz

    Matthew Kobayashi

    Thea Koutsoukis

    Luke Kowald

    Nathan Kowald

    Sebastian Krapf

    Matthew Krins, Cyber Security Teacher, Box Hill Institute

    Erin Kruck

    Michael kruck

    Neville Kruck

    Rod Kruse

    Myles Kunzli

    Henry L

    Bob Lacey

    Angus Ladyman-Palmer

    Basil Lambert

    Kim  Langer

    Wendy Langer

    Sean Lanigan

    Robin Lao

    Paul Latoszek

    Chun Ming Lau

    Mark Lauer

    Jon Lawrence

    Jamie Le

    River Leah

    Arron Lee

    Ryan  Lester

    Ben Lever

    Peter Lewis

    Peter Lieverdink

    Dylan Lindgren

    Eric Lindsay

    Kate Linton

    Hugo Lisiecki

    Grant Lockwood

    John Logan

    Chris  Lovell

    Alma Lucas

    Robert Lugton

    Simone  Lymbery

    Tamara Macadam

    Sean Mackedie

    Keelan Macpherson

    Mary Macrae

    Peter Maddox

    Robert Madell

    Darren Major

    James Man

    Diana Mangion

    Trevor March

    Tim Marriage

    Debra  Marriott

    Kara Martin

    Tom Marwick

    Michelle Masterd

    John Mautz

    David Mazzei

    Robert McAlavey

    Laurie McAnulty

    Joseph McCrossin

    Caitlin McGrane

    Jamie McGuire

    Gregory McIntyre

    Craig McIntyre

    Courtney McKenzie

    John McKinsey

    Sam McLeod

    greg mcleod

    Amy McMurtrie

    Dion Meade

    Kim Meagher

    Vincent Mellor

    Mathias Ménard

    Eli Mendez

    Chris Menz

    Dale Miller

    Owen Miller

    Joseph Miller

    Eddie  Miller

    James Milne

    Charles Mok

    Dee Mooney-Pursell

    Lily Moor

    DAmien Moore

    Jason Moore

    Jake Moore

    Wesley Moore

    Tahnee Moore

    Bradley Morgan

    Patrick Morgan

    Alice  Morgan

    Jeremie Moroney

    David Morrell

    James Morris

    Nicolas Mulder

    Kieran Murphy

    James Murty

    Thomas Nash

    Chris Naunton

    Noely Neate

    Anais Nedermeijer

    Lavender Neesham

    Chris Neilson

    Mark Newton

    Ronald Ng

    Daniel Nicholls

    Toby Nieboer

    Earanee  Niedzwiecki

    Chris Nilsson

    Igor Nikitin

    Adrian Noblett

    Jacqueline Norris-Burnett

    Peter Nunn

    Nicola Nye

    Dylan O’Brien

    Marni O’Connell

    Daniel O’Connor

    Daniel O’Connor

    Nicholas O’Dwyer

    Naomi O’Sullivan

    Fiona O’Connor

    Tim O’Keefe

    Eric O’Nyme

    Alphonce  Odhiambo

    Martin Oliver

    Rebecca Oyomopito

    Vasilisa Paderina

    Luci Pangrazio

    Colin Panisset

    Brad Parker

    James Parker

    James Parkinson

    keira Paterson

    Tina Patterson

    Natalie Pawlus

    Tess Peer

    Susan Pegg

    Jodie Pepper

    Scott Percival

    Philippe Petit

    Riana Pfefferkorn, Research Scholar, Stanford Internet Observatory

    Christopher Phillips

    Rachel Pickford

    Angie Pisani

    Anthony Pitt

    A R Polack

    Ryan Polk, Director, Internet Policy, Internet Society

    John Posar

    Robert Postill

    Charlotte Price

    Andrew Price

    Leigh Price

    David Price

    Ed Prism

    Shaun Procter

    Glen Purkiss

    Jackie Radisich

    Sumit Rajs

    Khen Ramos

    Ashlea Randle

    Tiago Rangel

    Tim Raphael

    Eric Rasmussen

    Brett Raymond

    Brendan Read

    Olivier Rehani

    J Reiman

    Matt Relouw

    Dove Rengger-Thorpe

    Moshe Reuveni

    Ben Reynolds

    Michelle Richards

    Elaine Richardson

    Owen Richardson

    Joshua Ridgway

    Eamon Rist

    Tina Rizza

    Davide Rizzo

    Ben Robbins

    Matthew Roberts

    David Robinson

    Tom Robson

    R Rohde

    andrew rossiter

    Igor  Rozenberg

    Sophie Rudolph

    Stanley Ruffo

    Michael Ruigrok

    Simon Rumble

    Greg Rush

    Chris Russell

    Stuart Rutherford

    Andrew Sadler

    Vignesh Sankaran

    Fushia Saulwick

    Jurgen Schaub

    David Schinazi, Board Member, Internet Architecture Board

    Paul Schnackenburg

    Vicki Scholes

    Sam Schuur

    Ben Schwarz

    Christopher Scopa

    Julia Scott-Stevenson

    Hazel Seen

    Anker Segal

    Alexis Shaw

    Chris Shaw

    Shane Short

    Maddison Sideris

    Lachlan Simpson

    Ben Sinclair

    Mike  Sinclair

    Tim Singleton Norton

    Rob Sison

    Geoffrey  Skerratt

    Josephine Smart

    Phillip Smith

    James Smith

    Michael Smith

    Tim Smith

    Adam Smith-Platts

    Simon Sonter

    Eliza Sorensen

    Leon Spencer

    Ben Staggard

    Zahra  Stardust

    David Stastny

    Shimmy Stauber

    Janet  Stephan

    Josh  Stephens

    Richard Stevenson

    Jim Stewart

    Brody Stockel

    Michael Strasser

    Michael Strasser

    Iain Stubbs

    Ales Sura

    Luke Sutton

    Katy Swain

    Olek Swierczynski

    Krishna Tammireddy

    William Taylor

    Rob  Taylor

    justine teernstra

    Michael Terrington

    Maria Terzi

    Andre Thomas

    Hamish Thorp

    James Thurgood

    Jon Tjhia

    Jon Tjhia

    Matt Toohey

    Luke Toop

    ted tottenham

    Matt Trappett

    Alexandre Trotel

    Martha Tsakalos

    Lance Turner

    Nicholas Tzimos

    Michael Usher

    Nicky V

    Thomas Van Deun

    Gala Vanting

    Christian Varga

    Michael Velsigne

    Loganaden Velvindron, Founding Member, Cyberstorm.mu

    Joshua Vermeulen

    Karl von Muller

    Tim Walker

    Kieran Wallace

    Kenneth Wallace

    maize wallin

    Aaron Walters

    Paul Warren

    Justin Warren

    Connor Waterbanks

    Declan Watson

    Chris Watt

    Victoria Watts

    Jason Weathered

    Craig Weavers

    Kayleen White

    Simon Whitehead

    Phil Whitehouse

    Ben Whitmore

    Andreas Wilhelm

    Lachlan Williams

    Dean Williams

    Luke Williamson

    James Williamson

    Joshua Wilson

    Ty Wilson-Brown

    Joshua Withers

    Withheld Withheld

    Grant Withington

    Greg Wodetzki

    Jonathan Wood

    Andrew Woodforth

    Ron Woods

    Sharyn Woods

    Vicki Woodward

    Simon Wooldridge

    Trent  Yarwood

    Erin Young

    Cédric  Zeegers-Jourdain

    Jackson Zhang

    Lorna Zhulan

    Justin Zobel