So-called “client-side scanning” would involve service providers such as Facebook or Apple building software that monitors communications for suspicious activity without having to share the content of messages with a central server. Ian Levy, technical director of the NCSC, and Crispin Robinson, the technical director of cryptanalysis – code breaking – at GCHQ, said the technology could protect children and privacy at the same time. “We have found no reason why client-side scanning techniques cannot be safely applied in many of the situations one will encounter,” they wrote in a discussion paper published Thursday, which they said was “not government policy”. They argued that opposition to proposals for client-side scanning — with Apple’s most famous plan, now on hold indefinitely, to scan photos before they are uploaded to the company’s image-sharing service — was based on specific flaws, the which could be corrected in practice. They proposed, for example, requiring the participation of many child protection NGOs to protect themselves from any individual government using the scanning device to spy on citizens. and using encryption to ensure the platform never sees images passed to people for moderation, rather than only involving the NGOs themselves. “Details matter when we talk about this issue,” Levy and Robinson wrote. “Discussing the matter in broad terms, using ambiguous language or exaggeration, is almost certain to lead to the wrong result.” The document was welcomed by child protection groups. Andy Burrows, head of child safety online policy at the NSPCC, said it was an “important and highly credible intervention” which “breaks the false binary that children’s fundamental right to safety online can only be achieved at the expense of of the privacy of adults”. . “It is clear that legislation can incentivize companies to develop technical solutions and provide safer and more private online services,” he added. Subscribe to First Edition, our free daily newsletter – every morning at 7am. BST But critics say the proposals undermine the benefits of end-to-end encryption and that the focus should be on non-technical solutions to child abuse. Alec Muffett, a cryptography expert who led Facebook’s efforts to encrypt Messenger, said the newspaper “completely ignores the dangers of their proposals that endanger the privacy of billions of people around the world.” Muffett said: “It’s strange that they label abuse as a ‘societal problem’ but only demand technological solutions to it. Perhaps it would be more effective to use their funding to adopt harm reduction approaches by employing more social workers to implement them?’ The discussion paper by Levy and Robinson is not the first time the pair have waded into controversial areas of policy. In 2018 they argued for an encryption solution with a so-called “ghost protocol”, where GCHQ could be silently added as another recipient of messages sent to and from a target device. “It is relatively easy for a service provider to silently add a law enforcement participant to a group chat or call,” they wrote. “This kind of solution appears to be no more intrusive than the virtual alligator clips that our democratically elected representatives and judiciary are authorizing today.”
