Apple & big tech urged to fight online child sexual abuse with more vigor

U.S. Attorney General William Barr speaking at the Center for Strategic & International Studies in February

At a gathering alongside representatives from Australia, Canada, New Zealand, and the United Kingdom on Thursday, Attorney General Barr and the group announced the development of voluntary standards to prevent the distribution of child abuse imagery online.

The principles were created in consultation with industry representatives and will be promoted by the WePROTECT Global Alliance, which counts 97 governments and 25 technology companies including Apple in its membership.

The principles cover a number of areas already being covered by technology firms in various capacities. Giants like Apple, Facebook, and Google have all taken measures to identify abusive material, making it inaccessible, and the reporting of said material to authorities.

Furthermore, companies need to adopt measures to improve child safety online, as well as preventing the use of live-streaming services for abusive purposes. Collaboration between companies is also advised on the matter.

"For the first time, the Five Countries are collaborating with tech companies to protect children against online sexual exploitation," said Barr. "We hope the Voluntary Principles will spur collective action on the part of industry to stop one of the most horrendous crimes impacting some of the most vulnerable members of society."

The Technology Coalition, an organization that works to promote online child safety and to eradicate online child sexual exploitation, welcomed the principles as a demonstration that child exploitation "is a complex global issue." The voluntary principles "provide a vital contribution to focusing efforts on the most important areas of the threat," the group said in a statement, with it working to spread awareness and to "redouble our efforts" to combat the online abuse.

Apple is counted as a member of the Technology Coalition, which has been in existence since 2006. Other group members include Adobe, Dropbox, Facebook, Flickr, GoDaddy, Google, Microsoft, PayPal, Roblox, Snapchat, Twitter, Verizon Media, VSCO, Wattpad, and Yubo.

EARN IT and Encryption

While the announcement did not bring up encryption at all, calls for companies to do more to fight the circulation of abuse images would naturally infer the breaking of security. As it stands, other existing and related measures are already firmly entrenched in the debate as a whole.

The announcement ties in to a bipartisan bill titled the "Eliminating Abusive and Rampant Neglect of Interactive Technologies Act of 2019," or EARN IT. The draft bill intends to create a set of best practices for tech firms and websites to follow "regarding the prevention of online child exploitation."

The bill would require the creation of a National Commission on Online Child Exploitation Prevention if enacted, which would deal with making the best practices themselves relating to child sexual-abuse material detection and reporting, "and for other purposes." Failure to certify compliance with the best practices could remove immunity protections under Section 230 of the Communications Act, protecting service providers from being sued over content posted by a user, which could lead to criminal prosecutions or civil lawsuits.

It is thought that, in order to appease any request relating to the examining of content set out by the commission, it would effectively require the breaking of encryption. This would include end-to-end encryption, where service operators typically cannot see the contents of messages and files.

"Online child sexual-abuse material, as the bill labels it, is a heinous problem. It's understandable that the co-sponsors of this bill want to address it," said Free Press Action senior policy counsel Gaurav Laroia in a statement. "But the legislation's construct could upset the entire internet ecosystem to combat activities that are already clearly unlawful."

Encryption Debate Continues

Barr's comments are the latest in continued attempts by the US government and others around the world to force tech companies into providing access to encrypted data. The long-running encryption debate has the governments and law enforcement demanding access on the basis of needing to access potentially crucial evidence stored on electronic devices, but are protected by encryption.

The general request made of technology giants like Apple is to provide some sort of mechanism that can grant access to encrypted data, but only for authorized parties. For example, in February the head of the UK's MI5 Sir Andrew Parker said he wanted "exceptional access" to encrypted communications "where there is a legal warrant and a compelling case" to do so.

Arguments by tech companies and critics of the demands are resisting for a number of reasons, but it boils down to the idea that backdoors are not safe at all. By creating a backdoor, while it may only be meant for law enforcement, the same technology could plausibly be abused by bad actors, including hackers or spy agencies, and could even lead to mass surveillance of the population.

"The idea that we can break encryption and safely store a record of everything just for the putative good guys is technically unsound," Laroia asserts. "It's anathema to the privacy rights people must have against not just corporate actors and criminals, but against overly intrusive governments, too."

Apple has been a strong proponent of encryption, and has been at the center of many arguments about backdoors, such as during the FBI investigation into the Pensacola shooting. The FBI and Barr have requested Apple unlocks the iPhone at the center of the investigation, with Barr further asserting Apple didn't provide "substantive assistance," Apple rejected the calls and responded it had already provided a considerable amount of data to the investigation.