Workshop 1b: Protecting vulnerable groups online from harmful content – new (technical) approaches

¶ 1 Leave a comment on paragraph 1 6
Type of content: Self-generated abuse material and pathological content are emerging as the most trending harms to vulnerable groups online. This is further compounded by the privacy paradox, where privacy protection protocols create unintended vulnerabilities.

¶ 2 Leave a comment on paragraph 2 12
Privacy-Respectful, Inclusive, and Accessible Technical Approaches: Client-side scanning for detecting CSA online involves methods that can be privacy-respecting, even though concerns are raised about anti-grooming techniques analysing visual and textual data. AI deployment involves issues of proxies, biases, and accuracy, necessitating inclusive and accurate data for effective task-oriented models that respect privacy, especially leveraging metadata. Authorities play a crucial role in double-checking these measures’ effectiveness and privacy compliance. Looking ahead, the European ID based on private blockchain technology may be a future-proof solution for robust verification and privacy protection.

¶ 3 Leave a comment on paragraph 3 5
Diversity and Multi-Stakeholder Philosophy: A diversified multi-stakeholder approach is required to ensure that solutions are comprehensive in addressing harmful online content. Significant weight should be given to civil society, including individuals from non-technical backgrounds (e.g. psychology, ethics, cybersecurity, crypto-technologists, political science, etc.).

Comments
Activity

Comments

Comments are closed

0 Comments on the whole Page

6 Comments on paragraph 1

sofia.rasgado 28th June 2024 at 5:27 pm

· Type of content: Child Sexual Abuse (CSAM) was mentioned; self-generated abuse material that can be voluntarily produced, shared and misused or due to coercion by online organizer groups (sextortion), both with severe consequences as suicidal actions; Pathological content (live broadcasting content appealing to violence, alcohol consumption, sexual abuse, etc).
Torsten Krause 28th June 2024 at 5:26 pm

It was an attempt not only to react, but also to reflect on other thoughts and suggest a possible solution. In view of your response, I suggest formulating it as follows. By the way, sources with current data are listed in the workshop wiki. In my view, it is not necessary to repeat them here.

new proposal paragraph 1, ws 1b:
Child sexual abuse material and other unlawful content massively violates the rights of those affected and those who happen to come into contact with it by accident. All stakeholders recognise that measures and regulations must be put in place to protect vulnerable groups, e.g. children. They also acknowledge that the rights and needs for protection from violence and abuse as well as privacy and participation of all must be equally guaranteed.
Robin Wilton 28th June 2024 at 3:11 pm

With respect, the proposed revision does not address the objections in the comment from 26th June.

The phrase “self-generated abuse material” is unclear and problematic. Does it refer to content generated by the subject of the abuse themselves? Or was the intent to refer to what is more usually called “user generated content” (UGC) – that is, content generated by the users of a platform/service, but not necessarily depicting or referring to themselves?

Further, “pathological” is being used here in an unconventional way, without explaining how its normal use (‘relating to or caused by disease”) is relevant to this issue.

Replacing the word “widespread” with “trending” is not a material improvement, and does not substantiate the claim.

The main question is: is this unclear message an accurate reflection of unclear statements in the workshop, or did the workshop produce a clear message which is expressed unclearly here?
Torsten Krause 27th June 2024 at 10:14 am

Proposal new paragraph 1, ws1b:

Self-generated abusive material and pathological content are emerging as the most widespread harms to vulnerable groups online. All stakeholders are aware that measures and regulations must be taken to protect vulnerable groups. They are also aware that the rights and needs for protection against violence and abuse as well as privacy and participation must be guaranteed.
Torsten Krause 27th June 2024 at 10:12 am

Proposal new paragraph 1, Ws 1b:
Self-generated abusive material and pathological content are emerging as the most widespread harms to vulnerable groups online. All stakeholders are aware that measures and regulations must be taken to protect vulnerable groups. They are also aware that the rights and needs for protection against violence and abuse as well as privacy and participation must be guaranteed.
Davidfrautschy_ISOC 26th June 2024 at 11:42 pm

This whole paragraph has no sense at all. the first sentence needs a reference note, to clarify which study supports the statement.

On the second sentence, there is a misguided concept. The so called “privacy paradox”, is a term coined by EDPS Buttarelli, which describes the contradiction between privacy-related attitudes and behavior: we know our privacy is being exploited, and we feel like we’re losing control of our data, yet statistics show we’re not changing our online behavior to claim it back. Instead, we keep feeding data-collection machines that undermine our privacy. The use of this term on the second sentence is inappropriate and out of context.
Finally, in line with previous EuroDIG positions, we must acknowledge that strong end-to-end encryption protects citizens, enterprises and governments. There should be no excuse to undermine it. Therefore, the second sentence also needs a reformulation.

12 Comments on paragraph 2

Torsten Krause 1st July 2024 at 5:53 pm

New technology-open proposal for the first sentence of the paragraph, as there was no explicit request in the workshop to exclude CCS:

To detect CSAM online, only techniques that can protect privacy by not learning anything about the content of a message other than whether an image matches known illegal content should be used.
Davidfrautschy_ISOC 28th June 2024 at 11:16 pm

The new proposal paragraph 2 ws 1b by Torsten Krause is an oxymoron: Client-Side-Scanning and Privacy cannot simply not coexist.

Proposal:
Client-side scanning should not be used as a means to detect CSAM online. Instead, only techniques that can protect privacy should be used. Concerns are raised about anti-grooming techniques that analyse visual and textual data. The use of AI raises questions about proxies, bias and accuracy. Effective task-based models that respect privacy require comprehensive and accurate data, especially the use of metadata. Authorities play a critical role in double-checking the effectiveness of these measures and privacy compliance. Looking ahead, data-saving and anonymity-preserving age verification mechanisms could be a future-proof solution for robust verification and privacy protection.
Torsten Krause 28th June 2024 at 5:38 pm

Here is an attempt to summarise the ongoing discourse in a common message. Regardless, we should be careful to reflect the discussion of the workshop and not continue the discourse.

New proposal paragraph 2 ws 1b:

If client-side scanning is used to detect known CSAM online, only techniques that can protect privacy by not learning anything about the content of a message other than whether an image matches known illegal content should be used. Concerns are raised about anti-grooming techniques that analyse visual and textual data. The use of AI raises questions about proxies, bias and accuracy. Effective task-based models that respect privacy require comprehensive and accurate data, especially the use of metadata. Authorities play a critical role in double-checking the effectiveness of these measures and privacy compliance. Looking ahead, data-saving and anonymity-preserving age verification mechanisms could be a future-proof solution for robust verification and privacy protection.
sofia.rasgado 28th June 2024 at 5:35 pm

Taking into account the previous comments, could it be rephrase by:
Privacy-Respectful, Inclusive, and Accessible Technical Approaches:
Client-side scanning for detecting known CSAM online involves methods that can be privacy-preserving, learning nothing about the content of a message except whether an image matches known illegal content; concerns are raised about anti-grooming techniques analysing visual and textual data.
AI deployment involves issues of proxies, biases, and accuracy, necessitating inclusive and accurate data for effective task-oriented models that respect privacy, especially leveraging metadata. Authorities play a crucial role in double-checking these measures’ effectiveness and privacy compliance. Looking ahead, data-saving and anonymity-preserving age verification mechanisms could be a future-proof solution for robust verification and privacy protection.

Leave a comment on paragraph 2
Robin Wilton 28th June 2024 at 3:45 pm

@Velofisch Actually I am not at all convinced that “these methods” minimise the impact on privacy. One of the fundamental problems with Andrew’s claims is that client-side scanning places, on every device or handset, the means to inspect the individual’s communications. From that point on, you are wholly dependent on the good-faith action of the authorities to use that tool only as specified. You can’t stop it from being used to inspect everything. In my view, that is a risk wholly disproportionate to the stated goals of this approach.

It gets worse, in my view. Client-side scanning (as envisaged by Andrew) takes place regardless of any basis for suspicion. This reverses the “presumption of innocence”. It starts with the assumption that everyone is committing a CSA offence, and goes looking for the evidence. That mindset ought not to be acceptable to any citizen in a democratic society.
Robin Wilton 28th June 2024 at 3:34 pm

Andrew, your opening sentence, regardless of which version, is a mixture of analysis, misdirection, and wishful thinking. The two principal problems with it are these:

1 – your use of the word “involves” is misdirection, because it implies that these methods are a fait accompli, viable at scale and without adverse consequences, which is very far from the case.

2 – Your assertion that it is possible to implement CSS that is privacy-respecting and effective is entirely open to challenge. In particular, you are choosing to ignore – and not for the first time – widely publicised and valid analysis of CSS as a capability that introduces systemic vulnerability and creates the foundations for mass surveillance of law-abiding citizens. Here are three examples:

https://academic.oup.com/cybersecurity/article/10/1/tyad020/7590463?login=false

Chatcontrol or Child Protection?

https://signal.org/blog/pdfs/ndss-keynote.pdf
Davidfrautschy_ISOC 27th June 2024 at 10:30 am

Finally, there was a question from the audience about security risks associated to client-side-scanning. Participants agreed that, indeed, there can be risks of attacks on the database, also that reverse engineering could occur and that this would be a way for criminals to circumvent detection.
Torsten Krause 27th June 2024 at 10:21 am

proposal new last sentence of paraagraaph 2, ws1b:
Looking aheaad, data-saving and anonymity-preserving age verification mechanisms could be a future-proof solution for robust verification and privacy protection.
Torsten Krause 27th June 2024 at 10:18 am

+1 Andrew Campling
Davidfrautschy_ISOC 26th June 2024 at 11:26 pm

Regardless an intervention was contested or not during the workshop, EuroDIG official messages cannot reflect statements that are inaccurate. Client-side-scanning defeats completely the purpose of encryption. If breaking encryption is equal to opening a sealed envelop to read the content, client-side-scanning is equal to having someone read above your shoulder while you write the letter. Common sense shows that Client-side-Scanning is the end of privacy, so the first sentence is to be redrafted completely. I suggest:
“Client-side scanning for detecting CSA online involves methods that are questionable from a privacy perspective, and can be as intrusive as requiring the analisys of all the media stored in all citizen’s devices, making everyone suspect by definition.”

Also hoping that AI technologies will bring a magic-wand-solution to this challenge is a naïve approach. The fact that we would need so many safeguards as the ones listed, is an indication of the immaturity of this proposal.
Andrew Campling 26th June 2024 at 8:04 pm

To be consistent with what I said during the discussion in Vilnius, which wasn’t contradicted, I suggest that the sentence at the start of this paragraph would be better worded as follows:
“Client-side scanning for detecting known CSAM online involves methods that can be privacy-preserving, learning nothing about the content of a message except whether an image matches known illegal content; concerns are raised about anti-grooming techniques analysing visual and textual data.”
Velofisch 26th June 2024 at 2:56 pm

These methods do not fully respect privacy, no surveillance does it. But they minimize the impact on privacy.

Therefore, I would propose to write

“… involves methods that can minimize the impact on privacy, even though …”

5 Comments on paragraph 3

Robin Wilton 3rd July 2024 at 12:27 pm

Like David, I don’t think cybersecurity and ‘crypto-technologists’ should be considered non-technical.
Robin Wilton 3rd July 2024 at 12:26 pm

I think Torsten’s suggestion for the last sentence of para.3 is a good one. Ross Anderson’s “chat control” paper made a convincing case that domestic violence and sexual abuse are closely linked, and that preventive measures which ignore one in favour of the other are less likely to be effective.
sofia.rasgado 28th June 2024 at 5:44 pm

Taking into account the previous comments, could it be rephrased by:
3. Diversity and Multi-Stakeholder Philosophy: A diversified multi-stakeholder approach is required to ensure that solutions are comprehensive in addressing harmful online content. Significant weight should be given to civil society, including individuals from the vulnerable groups, like minors, and non-technical backgrounds, should be involved in this process and their perspectives taken into account.
Torsten Krause 27th June 2024 at 10:24 am

proposal new last sentence at paragraph 3 ws1b:
All stakeholder groups, including those affected by violence, should be involved in this process and their perspectives taken into account.
Davidfrautschy_ISOC 26th June 2024 at 11:31 pm

In this debate about protecting vulnerable groups, it is precisely the vulnerable groups the ones who are disregarded. Minors are continuously forgotten when formulating solutions. They should be included in this paragraph.

” (…) Significant weight should be given to civil society, including individuals from the vulnerable groups, like minors; and non-tehnical backgrounds (…)”

I wonder why cybersecurity and crypto-technologists are considered non-technical.

Commenting Platform

Contents

Search

Special Pages

Table of Contents

Workshop 1b: Protecting vulnerable groups online from harmful content – new (technical) approaches

Comments

Activity

Comments

Comments are closed

0 Comments on the whole Page

6 Comments on paragraph 1

12 Comments on paragraph 2

5 Comments on paragraph 3

Activity

Recent Comments on this Page

Recent Comments on this Site