Two senior technical directors at GCHQ, the UK’s cyber-intelligence agency, have published a new paper looking at how to tackle online child sexual abuse tech companies could protect children from online sexual abuse. The impact of child sexual abuse can be lifelong, even if the abuse takes place online. Research by the independent Inquiry into Child Sexual Abuse found that survivors often suffer from serious physical and mental health problems as adults.
One of the challenges in addressing this online abuse is the growing number of services and how to tackle online child sexual abuse that offer end-to-end encryption, technology that often undermines existing security features that many companies use to detect child sexual abuse material. But without using end-to-end encryption, any even legal authority, and perhaps even courier company workers, who could access the service’s internal controls could read those messages.
The new paper is written by Dr. Ian Levy, Technical Director of the UK’s National Cyber Security Center (NCSC), a part of GCHQ, and Crispin Robinson, Technical Director of Cryptanalysis at GCHQ, both trained mathematicians and intelligence officers. whose job involves addressing Child Sexual Abuse Online.
They describe seven “harm archetypes” to frame the problem in a new way, covering everything from children being manipulated by criminals to adults sharing indecent images of children in shock, and look at how each of these harmful behaviors has a profile. particular technique that can be approached in a specific way.
In particular, he recommends reviewing a recent controversial proposal by Apple to preemptively scan all iPhones for child sexual abuse material (CSAM) as a possible solution to some harms, if it were properly designed to protect against others.
The main fear of academics and security experts was that Apple’s system could be modified to look for non-CSAM images that might be of interest to government authorities. The company subsequently delayed the proposal indefinitely.