CSAM law puts Apple’s client-side analytics plans back in the spotlight


Update: Voting on the bill is now expected to be postponed until the fall – see end for details.

A new proposed CSAM law in the UK could require all email companies to use the kind of client-side scanning approach that Apple was planning to launch to detect child sexual abuse material (CSAM) on iPhones.

An amendment to the Online security bill has been proposed that would require tech companies to identify and remove CSAM, even in end-to-end encrypted private messages…

The online security bill

The Online Safety Bill (OSB) is something of a hodgepodge of measures designed to tackle ‘harmful’ user-generated content, i.e. any service that allows users to post textual content or downloading media. It was, of course, sold as targeted terrorist material and CSAM.

The bill introduces new rules for companies that host user-generated content, i.e. those that allow users to post their own content online or interact with each other, and for search engines. research services, which will have tailored obligations aimed at minimizing the presentation of harmful research results to users.

Platforms that fail to protect people will have to answer to the regulator and could face fines of up to 10% of their revenue or, in the most serious cases, be blocked.

All relevant platforms will have to address and remove illegal material online, especially material related to terrorism and child sexual exploitation and abuse.

Platforms likely to be viewed by children will also have a duty to protect young people who use their services from legal but harmful content such as self-harm content or eating disorders. Additionally, providers that post or place pornographic content on their services will be required to prevent children from accessing that content.

The largest and most risky platforms will have to deal with named categories of legal but harmful material that adults have access to, which may include issues such as abuse, harassment or exposure to content encouraging self-harm or eating disorders. They will need to clearly state in their terms and conditions what is and is not acceptable on their site, and enforce it.

A whole series of changes have since been made, expanding both the scope and the powers of the law. One of the scariest changes is that the government could – after the adoption of the law – amend the definition of “harmful” content.

CSAM bill

The Guardian reports that a new amendment has been proposed which would create a requirement to detect CSAM even in end-to-end encrypted messages. (Note: in the UK the term CSAE is used instead of CSAM – child sexual abuse and exploitation content.)

Heavily encrypted messaging services such as WhatsApp could be required to adopt cutting-edge technology to spot child sex abuse material or face the threat of steep fines, under new changes to the law. UK on digital security.

The amendment to the Online Safety Bill would require tech companies to do their best to deploy new technology that identifies and removes child sexual abuse and exploitation (CSAE) content.

It comes as Mark Zuckerberg’s Facebook Messenger and Instagram apps prepare to introduce end-to-end encryption, amid strong opposition from the UK government, which has called the plans “not acceptable”.

Priti Patel, a longtime critic of Zuckerberg’s plans, said the law change balances the need to protect children while ensuring user privacy online.

Specifically, the change would prevent courier companies from simply shrugging their shoulders and saying they have no way of seeing the content of E2E encrypted messages, and would create an obligation for them to develop new ways to do so.

The only* technical way to achieve this would be to perform client-side analysis, either before encryption on the sender’s device or after decryption on the receiver’s device. This was, of course, the approach Apple planned to take when it announced its intention to digitize CSAM photos. (*Another approach that has been suggested is the so-called “phantom proposal”, but I would argue that this violates the definition of E2E encrypted messaging.)

Apple was forced to put its plans on hold after concerns were raised that governments could misuse the technology. You can read a summary of the controversy here, and a potential solution here.

9to5Mac’s take on the CSAM bill

The current UK government – ​​and more specifically its Home Secretary Priti Patel – has the form to try to block the use of end-to-end encryption. Indeed, as The Guardian noted, the whole problem exploded when Meta announced plans to adopt E2E encryption for Facebook Messenger and Instagram (WhatsApp already uses E2E encryption).

Given the government’s technical illiteracy, smart money would be on this amendment being just another attempt to outlaw E2E encrypted messaging, not even realizing that client-side scanning is another option.

Either way, it will bring client-side CSAM analysis back into the spotlight and put renewed pressure on Apple to clarify its own position. The iPhone maker has so far said nothing since promising to deliver further privacy improvements, apparently hoping it could just keep its head down and wait for the fuss to die down. This amendment, if adopted, would make it impossible to maintain his silence.

Update: Bill expected to be postponed until fall

Politics reports that the vote on the bill – originally scheduled for next week – is set to be postponed until the autumn, as one of the effects of the forced resignation of Prime Minister Boris Johnson.

Progress on Britain’s new content regulation bill is set to be delayed until the autumn amid fallout from the resignation of Boris Johnson as leader of the Conservative Party.

The Online Safety Bill, which ministers hoped to push through the House of Commons before MPs go on holiday on July 21, is set to be dropped from the parliamentary calendar next week, according to a digital ministry, Culture, Media and Sports Official […]

If the bill is dropped, it means no parliamentary time will be allocated until Johnson leaves Downing Street on September 6, the day after the UK parliament returns.

We will know for sure later today, when next week’s parliamentary timetable is officially announced.

FTC: We use revenue-generating automatic affiliate links. After.

Check out 9to5Mac on YouTube for more Apple news:


Comments are closed.