Research reportedly shows that the inclusion of software as part of the UK’s proposed Online Safety Bill could be used for facial recognition, a function not covered in the legislation.
The bill‘s stated purpose is to enable governments to get around end-to-end encryption so that they can spot and punish sending and possession illegal content, one shade of which would be child pornography.
An Imperial College London research paper concerns the use of client-side scanning (CSS), which reportedly would make it possible for the government to scan images sent by people via private messaging apps.
If the software (called deep perceptual hashing) identified a match against a database of illegal content – the stated purpose of being debated in the bill — the offending image would be sent to the authorities.
However, the study claims, the same code could be used by the government to search private messages, without users’ knowledge, for facial images that match those of known criminals’.
Researchers recreated CSS algorithms that they taught to match subject faces for wanted criminals. Theirs reportedly is not a general face detector or facial recognition model, which would allow a government to hide its presence.
The researchers write that their tool is “very accurate” at matching faces of wanted criminals. In fact, it was 67 percent reliable in identifying a targeted subject without impacting how it performed in searching for illegal content.
The researchers claim, this secondary purpose could be enabled by adding “a single illegal looking image to the database.” That is to say, someone could add the image of a criminal to a database of illegal content, and the software would search and flag private messages for images matching that person the same as it would look for, as an example, an image of pornography.
“We call on policymakers to thoroughly evaluate the pros and cons of client-side scanning, including the risk of it being abused, before passing laws mandating its installation on millions of phones,” said Yves-Alexandre de Montjoye, a researcher on the study. “Client-side scanning is not the innocuous ‘single purpose’ technology it has been described to Parliament as.”
Potentially monitoring private messages is not the only controversy that backers of the Online Safety Bill has found themselves in. Some privacy advocates have objected to proposed requirements that verify user age.
Lucy Crompton-Reid, CEO of Wikimedia UK, told the BBC her organization would not attempt to verify the ages its contributors.
The Open Safety Bill, which has so far undergone numerous revisions, has passed the UK’s lower house and is in the House of Lords.