What technical methods (hashing, AI classifiers) do platforms use to detect CSAM and what are their false-positive rates?

1. Hash matching: the workhorse for known content

Perceptual hashes (PhotoDNA, PDQ, SaferHash and similar) and cryptographic hashes are the baseline: cryptographic hashes detect exact byte‑for‑byte matches quickly, while perceptual hashing tolerates edits to discover previously identified CSAM after minor transformations — and these tools generate the majority of automated CSAM identifications reported by industry to authorities ^{[1] [6] [7]}. That strength is also a limitation: hash systems can produce false positives via rare natural collisions or deliberately crafted “forced collisions,” and perceptual hashes can be evaded by modest alterations that change the hash while preserving the image content ^{[2] [4]}.

2. AI classifiers: novel content and the precision–recall tradeoff

Machine‑learning classifiers — trained on confirmed CSAM and related signals — are used to surface previously unseen material, to score images and videos (embeddings), and to analyze grooming or exploitative text; industry defenders say these models extend detection beyond the reach of hash lists ^{[8] [9] [1]}. But classifiers introduce measurable uncertainty: CRIN cites experts who estimate text‑only detectors can produce error rates “significantly below 5–10%” only with difficulty, and warns that at high message volumes even conservative false‑positive rates translate to huge absolute numbers of flagged items ^[4]. Vendors argue layered systems reduce mistakes, but concrete, independent per‑tool false‑positive rates are seldom published ^{[1] [10]}.

3. Privacy‑preserving deployments and their tradeoffs

Client‑side scanning, homomorphic comparisons and secure enclaves are proposed or trialled methods to reconcile detection with encryption; Apple’s paused iCloud client‑side scanning effort and discussions of homomorphic hashing show intense debate about feasibility and civil‑liberties risk ^[2]. These architectures change who sees content and when, but they do not eliminate detection errors — they merely relocate where matching or classification happens, and the feasibility of keeping false positives low under these constraints remains contested ^[2].

4. What industry claims vs. independent scrutiny reveal about false positives

Major platforms publicly claim “incredibly low” or “extremely low” false positive rates for hash‑matching workflows and emphasize human review to confirm automated flags (Google’s public statements) ^[3]. Independent NGOs and expert coalitions push back: academic and policy reviews highlight known vulnerabilities (false negatives and positives in perceptual hashes), estimate classifier error ranges for text and image tools, and warn that proposals to mandate scanning could multiply false positives to “millions” of daily alerts without robust detector performance data ^{[4] [5] [2]}.

5. Reality check: available numbers and gaps in public data

Industry surveys show widespread deployment — e.g., 89% of Tech Coalition members reported using image hash matchers and 57% used classifiers — but these surveys do not publish standardized, independently audited false‑positive metrics for the field ^[6]. TechCrunch and other expert letters argue that without public, peer‑reviewed detector performance figures it is impossible to credibly estimate system‑level false‑positive burdens under real‑world base rates and multi‑platform scaling ^[5]. The result: firm technical descriptions exist for methods, and selective performance claims exist from vendors and platforms, but comprehensive, independently validated false‑positive rates across methods and deployment scenarios are largely absent from the public record ^{[1] [5]}.