UK cybersecurity experts back plan to scan phones for images of child abuse

Image scanning is controversial, and critics say it is open to abuse - but GCHQ and NCSC argue that its flaws can be addressed

Image:
Image scanning is controversial, and critics say it is open to abuse - but GCHQ and NCSC argue that its flaws can be addressed

Critics say the solution should be societal, not technical

The heads of GCHQ and the UK's National Cybersecurity Centre have called for a controversial technical solution to the ongoing challenge of child abuse.

The two organisations have long pushed for phone-scanning technology as a cheap way to increase public surveillance, but critics warn that it could be a slippery slope.

'Client-side scanning' will require service providers to create software to scan communications for any and all criminal activity, while also removing the need to place the content of messages in a server.

Crispin Robinson, technical director of cryptanalysis at GCHQ, and Ian Levy, NCSC's technical director, claimed the technology would protect children and privacy simultaneously.

"We've found no reason why client-side scanning techniques cannot be implemented safely in many of the situations one will encounter," they wrote in a paper released this week.

Involvement child protection organisations was suggested as a countermeasure to prevent any government using the system to spy on civilians. Another potential solution was implementing encryption so the platform never 'sees' images that are passed to humans for moderation.

Robinson and Levy argued that opposition to proposals for client-side scanning focused on particular flaws that are largely capable of being fixed.

"Details matter when talking about this subject. Discussing the subject in generalities, using ambiguous language or hyperbole, will almost certainly lead to the wrong outcome," they wrote.

Child protection groups agreed with the statements made in the paper. Andy Burrows, head of child safety online policy at the NSPCC, said it was "important and highly credible intervention."

He added, "It's clear that legislation can incentivise companies to develop technical solutions and deliver safer and more private online services."

However, critics said the proposals undermine the benefits of end-to-end encryption, where the true focus should be solutions to child abuse that don't involve as much technology.

"It's weird that they frame abuse as a 'societal problem' yet demand only technological solutions for it. Perhaps it would be more effective to use their funding to adopt harm-reduction approaches, hiring more social workers to implement them?" said Alec Muffett, a cryptography expert hired by Facebook during the period when Messenger was being encrypted. "The paper entirely ignores the risks of their proposals endangering the privacy of billions of people worldwide," he added.

Scanning phone images for illegal content is not a new proposal, but is one fraught with risk. Just last year Apple tested a new feature designed to do exactly what Robinson and Levy are suggesting, but was forced to delay the rollout after a backlash that suggested the company was 'opening the door to further abuse'.