Attempts to tackle child sexual abuse material and pro-terror content could do more harm than good, tech organisations and rights activists warn.
Australia's e-safety commissioner has outlined measures in a draft paper for online safety standards, including a requirement for digital services to scan for such material to remove, disrupt and deter it.
Internet browser developer Mozilla and the privacy-focused Tor Project are among more than 40 groups that co-signed a letter voicing concerns over the proposed measures.
Signatories of the letter released on Wednesday agree illegal content must be regulated, but say the standards reference "client-side" scanning approaches that do not offer safeguards for end-to-end encrypted services.
"Client-side scanning fundamentally undermines encryption's promise and principle of private and secure communications and personal file storage," the letter said.
Scanning could introduce surveillance of emails and texts, messages and video communications, gaming, dating services and online storage on apps like iMessage, WhatsApp, Signal, some parts of Skype and Telegram.
"Proceeding with the standards as drafted would signal to other countries that online safety is somehow counterposed to privacy and security."
Among the co-ordinators of the letter is Australian non-profit Digital Rights Watch, whose head of policy Samantha Floreani says these measures allow for the monitoring of material that might otherwise never leave a user's device.
"(This) pushes the reach of surveillance across the boundary between what is shared and what is private," she said.
"Because this would happen at a population level, it creates dangerous capability for mass monitoring and surveillance."
Client-side scanning has questionable effectiveness and poses a significant risk of false positives, the letter said, while weakening online safety by increasing vulnerability to security threats for all users.
"Scanning technologies are deeply flawed," the letter stated.
The eSafety Commissioner released a statement about these concerns on Tuesday, claiming it does not expect companies to break end-to-end encryption and there is no such requirement in the draft standards.
It also does not specify that companies use client-side scanning, but rather outlines draft standards that services must meet in whichever way they decide is best.
But Ms Floreani says these sentiments are not reflected in the paper.
"We are calling for that intention to be clearly stated in the legal instrument to better protect the privacy, security and ultimately the safety of all internet users," she said.
The eSafety Commissioner also said services could reduce illegal content without breaking end-to-end encryption through methods like scanning non-encrypted elements such as names and pictures on profiles and group chats, that might indicate they are sharing child sexual abuse material.
The paper is still in draft form and open for continued public consultation until at least December 21.
