A recent research paper, published in the Journal of Cybersecurity and Privacy examines the use of hashing technologies as a central tool in detecting and limiting the spread of child sexual abuse material (CSAM) online.
The paper covers both cryptographic and perceptual hashing methods, highlighting their detection capabilities but also structural vulnerabilities, such as susceptibility to media edits, collision attacks, hash inversion and data leakage.
By reframing CSAM detection as situated at the intersection of cybersecurity, data protection law (particularly under EU regulations) and digital ethics, the authors provide a multidimensional view of the problem.
They make three key contributions: (1) a comparative technical evaluation of hashing techniques showing their weaknesses and challenges, (2) a call for standardised benchmarks and interoperable evaluation protocols to assess robustness of detection systems, and (3) a legal analysis asserting that perceptual hashes may qualify as “personal data” under EU law, which has major implications for transparency, accountability and governance.
Ethically, the paper discusses the tension faced by service providers who must balance user privacy rights with the duty to detect and intervene in CSAM cases. The authors argue for detection systems that are not only technically robust, but also legally defensible and ethically governed - integrating safeguards, auditability, and oversight.
