Bottom line: Proposed device filters to detect abuse material endanger encryption and create new attack vectors for sensitive enterprise data.
British Prime Minister Keir Starmer is calling on tech companies to implement device filters against child sexual abuse material. CISOs and security experts warn of significant consequences for encryption, enterprise security, and data protection.
Prime Minister Keir Starmer has called on tech companies to develop device control mechanisms intended to prevent children from accessing or creating sexualized content. Companies have three months to implement the measure voluntarily, after which Starmer announced a legal mandate. The initiative aims to protect minors — but raises fundamental technical and security policy questions.
The central challenge lies in the question of where content analysis takes place. Experts consider purely local processing on the device to be unrealistic, since older hardware — the majority of devices in the UK — does not offer the necessary computing power and would lead to significant performance degradation. This means: the data must be transferred to cloud systems where it is analyzed. Flavio Villanustre, CISO at LexisNexis Risk Solutions, puts it plainly: “It will make the majority of devices in use in the UK unusable.” However, shifting to the cloud opens up significant security gaps: encrypted data is processed, transmitted, or in the worst case stored in plaintext.
Jeff Valdes of Acceligence warns of a critical problem: the mechanism that reports hits to authorities creates “a new, built-in exfiltration channel” for sensitive enterprise data. Messaging company Signal criticizes the plans as dystopian — with the warning that such systems, once implemented, are routinely expanded and could be abused for censorship and surveillance of law-abiding citizens. Similar campaigns against such measures are taking place in other European countries as well.
Sanchit Vir Gogia of Greyhound Research assesses the three-month implementation deadline as unrealistic and argues that the proposals will do more harm than good. From a CISO perspective, a fundamental dilemma emerges: the attempt to identify abuse material endangers the encryption infrastructure on which enterprises worldwide rely to protect sensitive data — and simultaneously creates new attack surfaces against that data.
Source: www.csoonline.com · Published June 10, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.5.