Local and international organisations urge Australia’s eSafety Commissioner against requiring the tech industry to scan users’ personal files and messages

40 organisations from around the world have today delivered a joint letter to Australia’s eSafety Commissioner, calling for protections for privacy, digital security and end-to-end encryption. 

The letter was coordinated by Digital Rights Watch, Access Now, and the Global Encryption Coalition Steering Committee, and has been co-signed by organisations including Signal, Mozilla, Proton, the Tor Project, Electronic Frontiers Australia, and more. It was also signed by 560+ supporting members of the public.

The letter is in response to two draft industry standards proposed by the eSafety Commissioner under the Online Safety Act, which are open for public consultation until 21 December. The standards would apply to a broad range of services including email, messaging, and personal file storage, and include a range of proactive detection obligations to detect, remove, disrupt and deter illegal content. However, as there are no safeguards for encryption, the standards would require end-to-end encrypted services to undermine the security and privacy of their users in order to comply. 

Signatories acknowledge the severity of harm caused by the dissemination of illegal content, and recognise the need for regulation to enhance online safety. Contrary to the goal of the standards, what is being proposed will make everyone less safe online. 

The letter urges the eSafety Commissioner against registering standards that would force encrypted services to implement proactive scanning measures, as it would fundamentally undermine private and secure communications and personal file storage. 

The letter highlights ‘client-side scanning’ as a particularly dangerous method to proactively detect content, which was suggested in eSafety Industry guidance. Scanning technologies are deeply flawed and have been criticised by privacy and security experts for questionable effectiveness; the risk of false positives; increased vulnerabilities to security threats and attack – thereby weakening online safety for all users – and the ability to expand use of such systems to scan other categories of content in the future.

Quotes attributable to Samantha Floreani, Head of Policy at Digital Rights Watch 

“People rely on encrypted services to have robust privacy and security measures in place in order to uphold their rights and safety online. What is being proposed would undermine both, and in doing so be detrimental to individual and community online safety.”

“The eSafety Commissioner has publicly stated that they do not expect services to undermine or weaken encryption, however that isn’t reflected in the body of the standards. We are calling for that intention to be clearly stated  in the legal instrument to better protect the privacy, security and ultimately the safety of all internet users.”

“Client-side scanning enables monitoring of material that might otherwise never leave a user’s device, and in doing so pushes the reach of surveillance across the boundary between what is shared and what is private. Because this would happen at a population level, it creates dangerous capability for mass monitoring and surveillance.”  

Media contact 

Samantha Floreani, Digital Rights Watch: samantha@digitalrightswatch.org.au

Namrata Maheshwari, Access Now namrata@accessnow.org

The full text of the joint letter and signatories is included below [Download PDF Here]