It’s the mix that matters: a comprehensive strategy against Child Sexual Abuse online

We all want to see an internet free of child sexual abuse. It’s a complex task which requires an enormous shared responsibility with a wide range of actors. On the part of the Tech industry, it is our duty to make sure our users are safe and secure in the online environment. Policy makers on the other hand, have the opportunity to ensure the legislative framework, by means of the Child Sexual Abuse Regulation (CSA Regulation), is futureproof and all possible measures to fight Child Sexual Abuse Material (CSAM) are taken into account. Together, we can empower and help children to stay safe in the online environment. A holistic approach is needed, looking in particular at prevention, protection and technology. Creating enough legal certainty for providers in view of these three elements is crucial for the framework to be viable in the long run.

What are the tools available to ensure a holistic approach?

1.????? Targeted Risk Mitigation Measures as part of the First Line of Defence

Today, interpersonal communication service (ICS) providers are taking significant steps to prevent child sexual abuse online, thanks to the interim derogation from the ePrivacy Directive. Tomorrow, they should be able to continue and take new and innovative steps through targeted risk mitigation measures, that would be based on the risk assessment proposed in the CSA Regulation. The goal of these measures would be to tackle the distribution and sharing of CSAM, including when the content is not accessible yet on ICS. This would avoid relying solely on detection orders, i.e. that would act on content which has already been posted. In the past years, such measures have proven vital in the fight against child exploitation and are used to create new tools and improve them.

The advantages of maintaining targeted risk mitigation measures:

• Swift Action: Technology companies have the agility to respond quickly to emerging threats and evolving tactics employed by child abusers thanks to data processing that helps training and improving the models for tools flagging unknown CSAM and grooming. Targeted risk mitigation measures, as we propose them, would allow them to adapt and strengthen their defences promptly.
• Global solutions: Online platforms have a worldwide user base, making them uniquely positioned to address online child exploitation on a global scale. Targeted risk mitigation measures ensure that efforts to protect children transcend borders.
• Collaboration (eg. Tech coalition): The technology industry's collaborative approach with law enforcement, NGOs, and advocacy groups enhances the effectiveness of child protection efforts. The targeted risk mitigation measures that we are proposing will help companies sharing more informed data and alert relevant stakeholders on emerging threats and bad actors’ behaviours. These partnerships enable the sharing of information and resources to combat child exploitation more effectively.
• Accountability: Targeted risk mitigation measures demonstrate the industry's commitment to being part of the solution and act on the issue rather than passively detecting content once the harm has happened.
• Privacy Concerns: Striking a balance between privacy and security is crucial. Targeted risk mitigation measures allow technology companies to proactively address child exploitation in a way that is proportionate.

2.????? Detection orders as a last resort only

In the case of known CSAM, targeted risk mitigation measures combined with detection orders as a last resort, will provide both privacy and safety. The situation becomes more complex when dealing with unknown CSAM and cases involving the solicitation of minors. Indeed, the challenge lies in implementing reliable technology to identify such content.

For the companies subject to these detection orders, this would imply implementing a technology that systematically analyses all content on a service to be able to find such infringing content. The technology required to systematically analyse all content on a service to find new CSAM or detect solicitation is not yet up to the task, particularly given the constantly evolving nature of online threats. The risk of false positives and the potential for privacy violations are therefore still significant concerns.

The advantages of resorting to detection orders as a last resort, after targeting risk mitigation measures

• Narrowing the scope of the detection obligation means lower levels of intrusiveness in respect of the fundamental rights of users, less human intervention and fewer false positives.
• Using detection orders only as a last resort means less risk posed on end-to-end encryption integrity which will continue to be offered by companies. E2EE remains a very important tool used to protect users’ privacy, security and safety online and ordering detection even on encrypted services would break the promise made to users that no one would be able to access their communications.
• Only allowing for targeted actions conducted by the providers to detect and remove content keeps measures proportionate and strikes the right balance between the proportionality of the measure and the need to protect children online.

Our industry and EU policymakers share a common goal: to protect children from the horrors of CSAM and online exploitation while respecting individual privacy rights. The key lies in finding a balanced approach that leverages technology, legal measures, and targeted risk mitigation to achieve this goal. We believe this is the right mix to create a safer landscape.

For more information from DOT Europe contact:

+32(0) 472 26 83 02

[email protected]

DOT Europe is the voice of the leading internet companies in Europe. DOT Europe’s mission is to develop ideas and support policy initiatives that foster an innovative, open and safe internet for Europe’s citizens and businesses. More information is available here: https://doteurope.eu/

DOT Europe represents 22 of the leading internet companies: Airbnb, Amazon, Apple, Discord, Dropbox, eBay, Etsy, Expedia Group, Google, Indeed, King, Meta, Microsoft, Mozilla, Nextdoor, OLX, Shopify, Snap, Spotify, TikTok, Twitter, Yahoo.

Its members produce and manage a variety of products, services and applications including browsers, entertainment platforms, social networks, marketplaces and review sites. More information is available here: https://doteurope.eu/members