Australia: Australia’s online safety regulator has released new standards to tackle terrorist content and child abuse material but won’t compromise end-to-end encryption.
In June this year, the eSafety commissioner, Ms. Julie Inman Grant, turned down two industry-made rules as they didn’t mandate cloud storage, email, or encrypted messaging services to spot child abuse material. Instead, the regulator started crafting compulsory standards, which were shared in draft form on November 20.
The suggested standards ask cloud and messaging service operators to spot and delete known child abuse and pro-terror content where possible. They also aim to prevent and discourage the creation of similar material.
eSafety emphasizes that it will only demand actions that are technically possible and insists it doesn’t support creating vulnerabilities or backdoors that compromise privacy or security in end-to-end encrypted services.
“eSafety is not requiring companies to break end-to-end encryption through these standards nor do we expect companies to design systematic vulnerabilities or weaknesses into any of their end-to-end encrypted services,” Ms. Inman Grant said.
“But operating an end-to-end encrypted service does not absolve companies of responsibility and cannot serve as a free pass to do nothing about these criminal acts,” the commissioner added.
By focusing on what’s technically feasible, the regulator might sidestep a clash similar to Apple’s recent dispute with the UK government.
Previously, tech companies like Apple, which offer encrypted messaging apps, warned about potentially pulling iMessage from the UK if message scanning rules were imposed under local online safety laws. In September, the UK government backed down, pausing the plans unless content scanning became technically possible.