Australia Wants To Undermine Encryption. A Dangerous Precedent From One Of The Five Eyes That Must Be Stopped!

Australia's eSafety regulator wants to undermine encryption. We must fight now!

Australian eSafety Regulation is a threat to encryption and privacy.

The Australian government is discussing a draft on online safety standards that threaten end-to-end encryption and the secure communication of all Australian citizens. What is more, if said standards are passed into law, Australia could be testing the erosion of privacy for the other Five Eyes countries.


The eSafety Commissioner of Australia, Julie Inman Grant, has proposed draft industry standards under the Online Safety Act that read similar to the UK Online Safety Bill and the EU Commission’s Chat Control proposal. The aim of the proposed standards are to detect, remove, disrupt and deter known child abuse material (CSA) and pro-terror material “where technically feasible” - a very similar wording has been used in the UK Online Safety Bill. This new regulation comes only years after the Australian surveillance bill of 2021 that already gives a lot of power to the authorities to request data.

Australian’s eSafety regulation could become the playbook for the five eyes

While eSafety regulator Inman has stressed that the proposal “does not advocate building in weaknesses or back doors to undermine privacy and security on end-to-end encrypted services”, the threat is imminent.

The Australian proposal does not include any specific safeguards for end-to-end encrypted services. It is highly likely that Australia will try to force encrypted services to undermine the security and privacy of their services in order to comply.

Contrary to the goals of the Australian eSafety standards, this will leave everyone less safe online.

Open Letter Demanding Secure Encryption

That’s why we, together with Mozilla, the Tor Project, Fight for the Future and many other companies, organizations and individuals, are going to send an open letter to the Australian eSaftey Regulator demanding the protection of privacy and security of Internet users which ultimately includes secure end-to-end encryption.

The letter is open for individuals as well: * *Sign on now! **

There’s also public consultation on the eSafety proposal open until December 21st so go ahead and make your voice heard!


Open Letter

Dear Commissioner Inman Grant,

We the undersigned organisations and individuals urge you to protect the privacy and security of communications and cloud file storage for internet users.

We acknowledge the severity of harm caused by the dissemination of child sexual abuse material (CSAM) and other forms of illegal content, and we support strong regulation to ensure platform accountability, the empowerment of users as well as the protection of their rights and safety. It is essential that governments, with the support of industry, take effective steps to regulate the spread of illegal content. It is also essential that such approaches do not also disproportionately lead to the creation and exacerbation of other harms, and adopt best practices in international policy making.

The eSafety Commissioner has proposed two draft industry standards under the Online Safety Act. Taken together, these standards apply to a broad range of services that people use every day including email, text and instant messaging, video communications, online gaming, dating services, and online file storage. In a context in which cybersecurity risks are rising, the safety, rights, and wellbeing of individuals and communities rely on the digital security and the privacy of these services.

Both draft standards include a range of proactive detection obligations on digital services to scan content in order to detect, remove, disrupt and deter CSAM and ‘pro-terror’ content. There are no specific safeguards for end-to-end encrypted services that people rely on for privacy and safety, as content on such platforms cannot be accessed by any third party, including the service provider, at any stage of the communication/storage process. Hashing and artificial intelligence technologies are specifically referenced to detect and remove objectionable content. Such approaches, when deployed on a device, are commonly referred to as ‘client side scanning.’ These methods have been widely criticised by privacy and security researchers, digital rights advocacy organisations and human rights groups around the world. Internet safety advocates and child rights groups have emphasised the importance of looking at other methods to enhance online safety for children and minimise the dissemination of CSAM, and how encryption works to protect the rights of children. Scanning technologies are deeply flawed because they: have questionable effectiveness; contain a high risk of false positives; increase vulnerabilities to security threats and attack – thereby weakening online safety for all users – and enable the ability to expand use of such systems to scan other categories of content in the future.

The eSafety Commissioner has publicly stated that it supports privacy and security, and does not advocate building in weaknesses or back doors to undermine end-to-end encrypted services. But client-side scanning fundamentally undermines encryption’s promise and principle of private and secure communications and personal file storage. We urge the Commissioner against creating standards that would force encrypted services to implement such scanning measures as they would create an unreasonable and disproportionate risk of harm to individuals and communities.

Australia is a leader in the field of online safety policy making, and this position comes with responsibility in shaping the norms and direction of international internet governance and regulation. Proceeding with the standards as drafted would signal to other countries that online safety is somehow counterposed to privacy and security, when the opposite is true.

We strongly urge the eSafety Commissioner to amend the proposed industry standards to ensure the protection of privacy and security, and urge the Australian Government to commit to the ongoing protection and strengthening of encryption, privacy and digital security.

Your sincerely,

Africa Media and Information Technology Initiative (AfriMITI)

Access Now

Assembly Four

Betapersei SC

Blueprint for Free Speech

Center for Democracy and Technology

Centro Latinoamericano de Investigaciones Sobre Internet (CLISI)

Digital Rights Watch

eclectic.engineering P/L

Fight for the Future

Gate 15

Hello Code Pty Ltd

Internet Freedom Foundation

Internet Society

Internet Society Ghana

JCA-NET(Japan)

Mozilla

Proton

The Ruffle Technology Company

The Sizzle

The Tor Project

Tuta

and over 350 individual signers