In a discussion paper published this week, the Government Communications Headquarters (GCHQ) and National Cyber Security Center (NCSC) said tech companies should proceed with implementing technologies that would go around end-to-end encryption to scan phones for child abuse images.
The discussion paper, authored by GCHQ’s technical director of cryptanalysis Crispin Robinson and NCSC’s technical director Ian Levy, suggested “client-side scanning” would protect children and still maintain privacy.
Client-side scanning would involve tech tools that monitor content for suspicious activity without having to upload the private messages to a centralized server.
“We’ve found no reason why client-side scanning techniques cannot be implemented safely in many of the situations one will encounter,” they wrote.
According to the pair, the concerns of client-side scanning are based on fixable flaws.
For example, they suggested the involvement of multiple NGOs who would ensure that no government is using scanning tools to spy on people, and encryption to make sure that the service providers do not see the images that are sent for human moderation.
The discussion paper also insisted on detailed policies, arguing that “discussing the subject [client-side scanning] in generalities, using ambiguous language or hyperbole, will almost certainly lead to the wrong outcome.”
Privacy advocates feel the proposals still compromise the advantages of end-to-end encryption.
According to cryptography expert Alec Muffet, who championed Facebook’s Messenger encryption, the discussion paper “entirely ignores the risks of their proposals endangering the privacy of billions of people worldwide.”
“It’s weird that they frame abuse as a ‘societal problem’ yet demand only technological solutions for it. Perhaps it would be more effective to use their funding to adopt harm-reduction approaches, hiring more social workers to implement them?” he told The Guardian.
Robinson and Levy, the authors of the discussion paper, have previously suggested controversial policies. In 2018, the pair backed the so-called “ghost protocol,” which would allow the GCHQ to silently spy on messages.
“It’s relatively easy for a service provider to silently add a law enforcement participant to a group chat or call,” they wrote at the time. “This sort of solution seems to be no more intrusive than the virtual crocodile clips that our democratically elected representatives and judiciary authorize today.”