CSAM Detection Organizations Are Like Any Other Business balkaninsight.com

Today is fitting a theme so far that is, unfortunately, just about the heaviest thing I publish here, but I have a couple things I think I need to add.

Giacomo Zandonini, Apostolis Fotiadis, and Luděk Stavinoha, for Balkan Insight, investigated how CSAM scanning companies have lobbied in favour of a new law to screen everything — including private messages — for illegal media:

Though registered in the EU lobby database as a charity, Thorn sells its AI tools on the market for a profit; since 2018, the US Department of Homeland Security, for example, has purchased software licences from Thorn for a total of $4.3 million.


ECLAG [the European Child Sexual Abuse Legislation Advocacy Group], which launched its website a few weeks after Johansson’s proposal was announced in May 2022, acts as a coordination platform for some of the most active organisations lobbying in favour of the CSAM legislation. Its steering committee includes Thorn and a host of well-known children’s rights organisations such as ECPAT, Eurochild, Missing Children Europe, Internet Watch Foundation, and Terre des Hommes.

Another member is Brave Movement, which came into being in April 2022, a month before’s Johansson’s regulation was rolled out, thanks to a $10.3 million contribution by the Oak Foundation to Together for Girls, a US-based non-profit that fights sexual violence against children.

These multimillion-dollar numbers pale in comparison to, for example, the $20 billion Apple makes every quarter in digital services revenue alone. Still, though these are non-governmental mission-orientated organizations, they do have products and services to sell, hence the lobbying efforts.

If the name “Oak Foundation” sounds familiar, that is likely because it also funds the Heat Initiative. That is not a surprise: CSAM prevention causes are among the largest beneficiaries of the Oak Foundation’s grants, representing over 10% of its grant-making in 2022. That is an understandable place to spend a lot of money; who can disagree with efforts to fight among the world’s bleakest genres of crime?

But for anyone who remembers the arguments made in the 2000s justifying wholesale invasions of personal privacy in an effort to combat terrorism, this all feels a bit too familiar, and we know the consequences. I do not buy speculative slippery slope arguments but, in this case, there is no need to: we know this kind of surveillance has poor oversight, expands beyond its initial scope, produces post hoc rationalization for crimes, and leads to escalating competition between nations. That the E.U. is proposing on-device scanning is little comfort when, by design, there is little understanding of how any of these systems work and what their limits are.