Categories
Actions News

Take Action: Sign the joint letter in response to Australian eSafety proposed industry standards

The Australian government is currently considering draft online safety standards that threaten to undermine the use of end-to-end encryption, putting security and privacy of Internet users at greater risk.

The eSafety Commissioner has proposed two draft industry standards under the Online Safety Act. Both draft standards include a range of proactive detection obligations on digital services to scan content in order to detect, remove, disrupt and deter illegal content. However, as these standards have no specific safeguards for end-to-end encrypted services that people rely on for privacy and safety, end-to-end encrypted services will be forced to undermine the security and privacy of their services in order to comply. Contrary to the goals of the standards, this will leave everyone less safe online.

The Australian online safety codes must ensure the protection of privacy and security of Internet users, and the use of end-to-end encrypted services.

Join the Steering Global Encryption Coalition Steering Committee (The Center for Democracy & Technology, Global Partners Digital, the Internet Freedom Foundation, the Internet Society, and Mozilla), Access Now, and Digital Rights Watch in calling on the eSafety Commissioner to protect the privacy and safety of all users by protecting end-to-end encrypted services.


Dear Commissioner Inman Grant, 

We the undersigned organisations and individuals urge you to protect the privacy and security of communications and cloud file storage for internet users.

We acknowledge the severity of harm caused by the dissemination of child sexual abuse material (CSAM) and other forms of illegal content, and we support strong regulation to ensure platform accountability, the empowerment of users as well as the protection of their rights and safety. It is essential that governments, with the support of industry, take effective steps to regulate the spread of illegal content. It is also essential that such approaches do not also disproportionately lead to the creation and exacerbation of other harms, and adopt best practices in international policy making.

The eSafety Commissioner has proposed two draft industry standards (1) under the Online Safety Act. Taken together, these standards apply to a broad range of services that people use every day including email, text and instant messaging, video communications, online gaming, dating services, and online file storage. In a context in which cybersecurity risks are rising, the safety, rights, and wellbeing of individuals and communities rely on the digital security and the privacy of these services.

Both draft standards include a range of proactive detection obligations on digital services to scan content in order to detect, remove, disrupt and deter CSAM and ‘pro-terror’ content. There are no specific safeguards for end-to-end encrypted services that people rely on for privacy and safety, as content on such platforms cannot be accessed by any third party, including the service provider, at any stage of the communication/storage process. Hashing and artificial intelligence technologies are specifically referenced to detect and remove objectionable content. Such approaches, when deployed on a device, are commonly referred to as ‘client side scanning.’ These methods have been widely criticised by privacy and security researchers, digital rights advocacy organisations and human rights groups around the world. (2) Internet safety advocates and child rights groups have emphasised the importance of looking at other methods to enhance online safety for children and minimise the dissemination of CSAM, and how encryption works to protect the rights of children. (3) Scanning technologies are deeply flawed because they: have questionable effectiveness; contain a high risk of false positives; increase vulnerabilities to security threats and attack – thereby weakening online safety for all users – and enable the ability to expand use of such systems to scan other categories of content in the future. (4)

The eSafety Commissioner has publicly stated that it supports privacy and security, and does not advocate building in weaknesses or back doors to undermine end-to-end encrypted services. (5) But client-side scanning fundamentally undermines encryption’s promise and principle of private and secure communications and personal file storage. We urge the Commissioner against creating standards that would force encrypted services to implement such scanning measures as they would create an unreasonable and disproportionate risk of harm to individuals and communities.

Australia is a leader in the field of online safety policy making, and this position comes with responsibility in shaping the norms and direction of international internet governance and regulation. Proceeding with the standards as drafted would signal to other countries that online safety is somehow counterposed to privacy and security, when the opposite is true.

We strongly urge the eSafety Commissioner to amend the proposed industry standards to ensure the protection of privacy and security, and urge the Australian Government to commit to the ongoing protection and strengthening of encryption, privacy and digital security.

1) See two draft industry standards: https://www.esafety.gov.au/industry/codes/standards-consultation
2) See, for example, this open letter in response to the EU’s proposed Child Sexual Abuse Regulation, signed by over 450 scientists and researchers: https://docs.google.com/document/d/13Aeex72MtFBjKhExRTooVMWN9TC-pbH-5LEaAbMF91Y/edit
3) See, for example, ‘Privacy and Protection: A children’s rights approach to encryption,’ Child Rights International Network, 19 January 2023, which concludes technologies including client-side scanning is akin to breaking encryption by compromising its aims, and points to other underutilised safety mechanisms such as user reporting, https://home.crin.org/readlistenwatch/stories/privacy-and-protection; and ‘Chat Control or Child Protection?’ Ross Anderson, Foundation for Information Policy Research, October 2022 which notes alternative methods to tech solutionism to enhance safety, https://www.cl.cam.ac.uk/~rja14/Papers/chatcontrol.pdf.
4) For further detail on the risks of client side scanning see: ‘Fact Sheet: Client-Side Scanning’, Internet Society 24 March 2020, https://www.internetsociety.org/resources/doc/2020/fact-sheet-client-side-scanning/; and ‘Bugs in our Pockets: The Risks of Client-Side Scanning,’ 14 October 2021, https://arxiv.org/abs/2110.07450.
5) See ‘Updated Position Statement: End-to-end encryption ,’ October 2023 https://www.esafety.gov.au/sites/default/files/2023-10/End-to-end-encryption-position-statement-oct2023.pdf; and ‘Australia releases new online safety standards to tackle terror and child sexual abuse content,’ The Guardian, 20 November 2023, https://www.theguardian.com/australia-news/2023/nov/20/australia-esafety-standards-new-2023-targets-child-content-terrorism-detection.

Sincerely,

The undersigned organizations and individuals

Organizations

Access Now

Africa Media and Information Technology Initiative (AfriMITI)

ARTICLE 19 Assembly Four

Associação Portuguesa para a Promoção da Segurança da Informação (AP2SI)

Betapersei SC
Blueprint for Free Speech

Center for Democracy and Technology

Centro Latinoamericano de Investigaciones Sobre Internet (CLISI)

Digital Rights Watch

eclectic.engineering P/L

Electronic Frontiers Australia

Fabiano Law Firm

Fight for the Future

Fusion Party Australia

Global Partners Digital

Hello Code Pty Ltd

Internet Architecture Board

Internet Association of Australia

Internet Australia (Internet Society of Australia)

Internet Freedom Foundation

Internet Society

Internet Society Ghana

Interpeer Project

IT-Pol Denmark

JCA-NET(Japan)

LGBT Technology Partnership

Mozilla

NAPWHA

Open Rights Group

OPTF

Privacy & Access Council of Canada

Proton

Seraf Inc.

Signal

Signal Labs

Superbloom (previously known as Simply Secure)

The Ruffle Technology Company

The Sizzle

The Tor Project Tuta

Individuals

Affiliations listed for identification purposes only

Romney Adams

Zafer Saeed A Ahmad

Michael Airey

Shane Alderton

Pat Allan

Jamie Allen

Toby Allen

Shereen  Almagzoub

Robert Amos

Leroy Anderson

brian anderson

Thomas  Anderson

Matt Andrews

Ambrose Andrews

Sherry Armstrong

Tommaso Armstrong

Reginald Ashman

Michael Astle

Daniel Axtens

Jade B

Ramon Baba

Katherine  Back

nicola badran

Melanie Bakewell

Veronica  Ball

Paora  Balzer

Nic Barbaro

Marcus Barczak

Jason Barker

Chris Barry

Hamish Bassett

Lyn Barwick

Alana Becker

Stuart Begg

Bradley Bell

Toni Bentley

Michel Bergeron

Jordan Bertasso

Benjamin Beshara

Fares Bessrour

Stuart Biggs

Christopher Biggs

Michelle Black

Adam Blackhall

David Blackwell

Julie Blackwell

Cees Boekel

Oliver Boermans

Luke Boner

Matthew Boniface

Andrew Bonte

Pieter Bos

Sarah Botham

Constantine Bourlioufas

Jarah Bowman

Nicholas Boyle

Sean Boys

Marcie Breen

Philip Briggs

han broekman

Gregor Brown

John Brown

Alannah  Brown

Vin Brown

Damion  Brown

Sam Buckberry

Jon Burdach

Rollin Burford

Phil Burg

Donald Burgess

Richard Burke

Julianna Burke

Sam Burnett

Adrian Burns

Brodie Burns-williamson

Angela Cadwallen

Peter Caffin

Carlos Calero

Evan Cameron

John Cameron

Leigh Carey

Michael Carino

Madeline Carlier

Clancy Carr

Jayden Carslake

Georgina Carson

Graham Castles

Matthew Cengia

Travis Charlton

Paul  Cheshire

Sishoon Chow

James Clark

Aidan Clarke, Principle DevOps Evangelist, Atlassian

Brady Clarke

Denise  Clarke

Tim Cleaver

Jake Cleland

Daniel Clibborn

Phillip  Cochrane

Garth Coghlan

Trevor Collins

Josephine Colson, Head of Marketing, Cremorne Digital Hub

Adrian Cook

Greg Cooper

Steel Cooper

Erica Corr

Sean Corrigan

Lachlan Costigan

Tavishe Coulson

Neill Cox

Rob Craig

Andrew Crane

Petar Crnomarkovic

Brian Crowley

Owen Curteis

James Cutler

Adam D’Alessandro

Simon Daigle

Andreas Dalman

Maria Dancuk

Bruce Davie, co-founder and publisher,  Systems Approach, LLC

Shaun deans

Stephen Dedman

Mark Delany

Quincy Denham

Marcus Denny

Andrew Dent

Nakul Deshmukh

Deon Deszcz

Mark Devenish

Marco Di Leo

Andy Do

Rebecca Dominguez

Mark Dorset

Kim Dowling

Iain Dowling

Andrew Downing

Nick Doyle

wojtek  dr

Craig Drewer

Darcy Driscoll, Software Engineer, Professionals Australia

Gareth Dunstone

Peter Dutch

Odin Dutton

Tim Edwards

Megan Edwards

Alex Egan

Steve Evans

Elisa Ewer


Ryan Fearnall

zev  feldman

Matt Fenn

Edoardo Ferrero

John Ferrero

Lucas Ficarra

Mathew Fidge

Ben Finney

Samantha Floreani

Tara Force

Linda  Ford

joseph frawley

Chris Fredericks

Nick Freeland

Neville  Fryar

Nancy Gabauer

Josh Gardner

Charles Gascoigne

Stephen Gentle

Darren Gibbs

Beau Gieskens, Software Engineer

Christopher Giffard

Kevin Gil

Evan Gilbert

wayne gipters dj

Chery Gladman

Callum Glennen

Matthew Godfrey

Hollie Goik

Daniel Gomes

Jason Goroncy

Jarrah Gosbell

Daniel Govier

Nathan Grant

Angus Gratton

Aaron Graves

Taylor Greig

Matthew Gretton

Michael Grey

Joao  Grilo

Nick Grundy

Michał Grygierzec

Jon H

Robin Haeusler

David Geoffrey Hall

Mark Halliwell

Damian Halloran

Simon Handfield

Mark Hansen

Tracy Hawes

Brad Hayes

Ric Hayman

Paige Headington

Virginia Heal

James Hebden

Natalie Hendry

Nicholas Henry

Mark Henry

Menno Hess

adrian hewitt

Adam Hickey

Ben Hickleton

Brendan Hidetake

Allen Higginbottom

Andrew  Hill

Christopher Hocking

Lindsay-Leigh Hocking

Joshua Hodkinson

Stephan Holle

Lindsay Holmwood

Michael Honey

O Hooper

Kevin Hsueh

Robert Hudson

Baden Hughes

Scott Humphries

Allan Hunt

Dirk Hunter

Michael  Hurren

John Hussey

Mark Hutton

Patrik Hyytiäinen

Sam Ibrahim

Steven Impson

Jett Jackson

Alexandra James

Trevor Jenke

Joshua Jennings

Mark Johnson

Jerrie Johnston

Jacob Johnston

Martin  Jones

Nivin Jose

Rowan K

Kaan Karaoglu

Tace Kelly

mark kerr

Dave Kerr

Monique Kerr

Alex Kesik

Alex Keynes

Garth Kidd

Marian Kiely

Stephen King

Brayden King

Nazar Kirama

Amy Kirwan

Mariusz Klochowicz

Matthew Kobayashi

Thea Koutsoukis

Luke Kowald

Nathan Kowald

Sebastian Krapf

Matthew Krins, Cyber Security Teacher, Box Hill Institute

Erin Kruck

Michael kruck

Neville Kruck

Rod Kruse

Myles Kunzli

Henry L

Bob Lacey

Angus Ladyman-Palmer

Basil Lambert

Kim  Langer

Wendy Langer

Sean Lanigan

Robin Lao

Paul Latoszek

Chun Ming Lau

Mark Lauer

Jon Lawrence

Jamie Le

River Leah

Arron Lee

Ryan  Lester

Ben Lever

Peter Lewis

Peter Lieverdink

Dylan Lindgren

Eric Lindsay

Kate Linton

Hugo Lisiecki

Grant Lockwood

John Logan

Chris  Lovell

Alma Lucas

Robert Lugton

Simone  Lymbery

Tamara Macadam

Sean Mackedie

Keelan Macpherson

Mary Macrae

Peter Maddox

Robert Madell

Darren Major

James Man

Diana Mangion

Trevor March

Tim Marriage

Debra  Marriott

Kara Martin

Tom Marwick

Michelle Masterd

John Mautz

David Mazzei

Robert McAlavey

Laurie McAnulty

Joseph McCrossin

Caitlin McGrane

Jamie McGuire

Gregory McIntyre

Craig McIntyre

Courtney McKenzie

John McKinsey

Sam McLeod

greg mcleod

Amy McMurtrie

Dion Meade

Kim Meagher

Vincent Mellor

Mathias Ménard

Eli Mendez

Chris Menz

Dale Miller

Owen Miller

Joseph Miller

Eddie  Miller

James Milne

Charles Mok

Dee Mooney-Pursell

Lily Moor

DAmien Moore

Jason Moore

Jake Moore

Wesley Moore

Tahnee Moore

Bradley Morgan

Patrick Morgan

Alice  Morgan

Jeremie Moroney

David Morrell

James Morris

Nicolas Mulder

Kieran Murphy

James Murty

Thomas Nash

Chris Naunton

Noely Neate

Anais Nedermeijer

Lavender Neesham

Chris Neilson

Mark Newton

Ronald Ng

Daniel Nicholls

Toby Nieboer

Earanee  Niedzwiecki

Chris Nilsson

Igor Nikitin

Adrian Noblett

Jacqueline Norris-Burnett

Peter Nunn

Nicola Nye

Dylan O’Brien

Marni O’Connell

Daniel O’Connor

Daniel O’Connor

Nicholas O’Dwyer

Naomi O’Sullivan

Fiona O’Connor

Tim O’Keefe

Eric O’Nyme

Alphonce  Odhiambo

Martin Oliver

Rebecca Oyomopito

Vasilisa Paderina

Luci Pangrazio

Colin Panisset

Brad Parker

James Parker

James Parkinson

keira Paterson

Tina Patterson

Natalie Pawlus

Tess Peer

Susan Pegg

Jodie Pepper

Scott Percival

Philippe Petit

Riana Pfefferkorn, Research Scholar, Stanford Internet Observatory

Christopher Phillips

Rachel Pickford

Angie Pisani

Anthony Pitt

A R Polack

Ryan Polk, Director, Internet Policy, Internet Society

John Posar

Robert Postill

Charlotte Price

Andrew Price

Leigh Price

David Price

Ed Prism

Shaun Procter

Glen Purkiss

Jackie Radisich

Sumit Rajs

Khen Ramos

Ashlea Randle

Tiago Rangel

Tim Raphael

Eric Rasmussen

Brett Raymond

Brendan Read

Olivier Rehani

J Reiman

Matt Relouw

Dove Rengger-Thorpe

Moshe Reuveni

Ben Reynolds

Michelle Richards

Elaine Richardson

Owen Richardson

Joshua Ridgway

Eamon Rist

Tina Rizza

Davide Rizzo

Ben Robbins

Matthew Roberts

David Robinson

Tom Robson

R Rohde

andrew rossiter

Igor  Rozenberg

Sophie Rudolph

Stanley Ruffo

Michael Ruigrok

Simon Rumble

Greg Rush

Chris Russell

Stuart Rutherford

Andrew Sadler

Vignesh Sankaran

Fushia Saulwick

Jurgen Schaub

David Schinazi, Board Member, Internet Architecture Board

Paul Schnackenburg

Vicki Scholes

Sam Schuur

Ben Schwarz

Christopher Scopa

Julia Scott-Stevenson

Hazel Seen

Anker Segal

Alexis Shaw

Chris Shaw

Shane Short

Maddison Sideris

Lachlan Simpson

Ben Sinclair

Mike  Sinclair

Tim Singleton Norton

Rob Sison

Geoffrey  Skerratt

Josephine Smart

Phillip Smith

James Smith

Michael Smith

Tim Smith

Adam Smith-Platts

Simon Sonter

Eliza Sorensen

Leon Spencer

Ben Staggard

Zahra  Stardust

David Stastny

Shimmy Stauber

Janet  Stephan

Josh  Stephens

Richard Stevenson

Jim Stewart

Brody Stockel

Michael Strasser

Michael Strasser

Iain Stubbs

Ales Sura

Luke Sutton

Katy Swain

Olek Swierczynski

Krishna Tammireddy

William Taylor

Rob  Taylor

justine teernstra

Michael Terrington

Maria Terzi

Andre Thomas

Hamish Thorp

James Thurgood

Jon Tjhia

Jon Tjhia

Matt Toohey

Luke Toop

ted tottenham

Matt Trappett

Alexandre Trotel

Martha Tsakalos

Lance Turner

Nicholas Tzimos

Michael Usher

Nicky V

Thomas Van Deun

Gala Vanting

Christian Varga

Michael Velsigne

Loganaden Velvindron, Founding Member, Cyberstorm.mu

Joshua Vermeulen

Karl von Muller

Tim Walker

Kieran Wallace

Kenneth Wallace

maize wallin

Aaron Walters

Paul Warren

Justin Warren

Connor Waterbanks

Declan Watson

Chris Watt

Victoria Watts

Jason Weathered

Craig Weavers

Kayleen White

Simon Whitehead

Phil Whitehouse

Ben Whitmore

Andreas Wilhelm

Lachlan Williams

Dean Williams

Luke Williamson

James Williamson

Joshua Wilson

Ty Wilson-Brown

Joshua Withers

Withheld Withheld

Grant Withington

Greg Wodetzki

Jonathan Wood

Andrew Woodforth

Ron Woods

Sharyn Woods

Vicki Woodward

Simon Wooldridge

Trent  Yarwood

Erin Young

Cédric  Zeegers-Jourdain

Jackson Zhang

Lorna Zhulan

Justin Zobel