The United Kingdom is planning a new attack on end-to-end encryption, with the Home Office set to lead efforts designed to discourage Facebook from further deploying the technology in its messaging applications.
Interior Secretary Priti Patel is planning to deliver a speech at a child protection charity event focused on exposing the perceived ills of end-to-end cryptography and calling for tougher technology regulation. At the same time, a new report will say that technology companies need to do more to protect children online.
Patel will headline an April 19 roundtable organized by the National Society for the Prevention of Cruelty to Children (NSPCC), according to an invitation draft seen by WIRED. The event was created to deeply criticize the cryptography standard, which makes it more difficult for researchers and technology companies to monitor communications between people and detect the enticement of children or illegal content, including terror or images of child abuse.
End-to-end encryption works by protecting communications between those involved – only the sender and receiver of the messages can see what they say, and the platforms that provide the technology cannot access the content of the messages. Technology has become increasingly standard in recent years with WhatsApp and Signal using end-to-end encryption by default to protect people’s privacy.
The change to the Home Office comes as Facebook plans to implement end-to-end encryption across all of its messaging platforms – including Messenger and Instagram – which has sparked a heated debate in the UK and elsewhere about the alleged risks that the technology represents for children.
During the event, the NSPCC will reveal an end-to-end encryption report by PA Consulting, a UK company that advised the UK’s Digital Culture and Sport Media Department (DCMS) on the upcoming Online Security regulation. A first draft of the report, seen by WIRED, says that increasing the use of end-to-end encryption would protect adult privacy at the expense of children’s safety, and that any strategy adopted by technology companies to mitigate the end-to-end effect End-of-use encryption “will almost certainly be less effective than the current ability to scan harmful content”.
The report also suggests that the government draw up regulations “expressly aimed at cryptography”, in order to prevent technology companies from “designing[ing] remove ”their ability to police illegal communications. He recommends that the forthcoming Online Safety Act – which will impose a duty of care on online platforms – make it mandatory for technology companies to share child abuse data online, rather than voluntarily.
The Online Safety Bill should require companies whose services use end-to-end encryption to show how effectively they are tackling the spread of harmful content on their platforms – or are at risk of being fined by the communications authority Ofcom, who will be in charge of enforce the rules. As a last resort, Ofcom could require a company to use automated systems to separate illegal content from its services.
The NSPCC says this setting does not go far enough to control cryptography: in a statement released last week, the charity asked digital secretary Oliver Dowden to strengthen the proposed regulation, preventing platforms from being implemented at the cutting edge. the tip finishes the encryption until they can demonstrate that they can protect the safety of children. Facebook currently combats the circulation of child sexual abuse content on WhatsApp by removing accounts that display prohibited images in their profile photos or groups whose names suggest illegal activity. WhatsApp says it prohibits more than 300,000 accounts per month that it suspects of sharing child sexual abuse material.
“Ofcom will have to go through a series of tests before it can act on a regulated platform,” said Andy Burrows, head of online child safety policy at the NSPCC. “It’s about being able to demand evidence of serious and sustained abuse, which will be pretty much difficult to do because end-to-end encryption will take a significant part of the reporting flow.”