To protect the privacy and security of people in Australia, the eSafety Commissioner must amend the new draft industry standards. Through an open letter, Access Now, Digital Rights Watch, and the GEC Steering Committee, along with over 600 signatories, are urging the Commissioner to introduce safeguards for end-to-end encrypted services in the recently published Online Safety Codes.
Access Now strongly cautions against the proposed mandate for proactive detection and removal of content, commonly called “client-side scanning,” on messaging and cloud services in the recently released drafts for Relevant Electronic Services Standard and Designated Internet Services Standard under the Online Safety Act. These measures would result in indiscriminate surveillance and render encrypted platforms incapable of fulfilling their promise of privacy and security.
Client-side scanning technologies are deeply-flawed, violate individual privacy and security, and have been criticised internationally by researchers. By undermining encryption, such measures, which have questionable effectiveness, also cause harm, including for those that the standards seek to protect.
Obligations to proactively scan private content on personal devices and cloud also contravene the pro-privacy goals reflected in the ongoing review of Australia’s Privacy Act 1988 and Australian government’s response to the Attorney General’s Department (AGD) Privacy Act Review Report.
The eSafety Commissioner’s office must honour their statement to safeguard privacy and digital safety by incorporating categorical protections for end-to-end encrypted services. The Online Safety Act must not enforce a one-size-fits-all approach without consideration for the security offered by encrypted services and what it means for people in Australia, and beyond.