Meta encryption plans must consider child safety – crime agencies


In an open letter, the Virtual Global Taskforce, an international coalition of 15 law enforcement agencies, including the FBI, asks Meta to reconsider plans to encrypt direct messages on Messenger and Instagram.

But what about the children? This is the mantra law enforcement around the world keeps repeating every time they want to highlight the alleged need to snoop on internet users’ private messages on various apps.

The so-called Virtual Global Taskforce, made up of 15 agencies and chaired by the British National Crime Agency, is no different. It argues Meta’s plans to implement end-to-end encryption (E2EE) to Facebook and Instagram messages would hinder efforts to the proliferation of child sexual abuse material online.

ADVERTISEMENT

The open letter, published on the National Crime Agency’s website, is calling for “all industry partners to fully appreciate the impact” of encrypting direct messages. Apparently, law enforcement thinks this decision would reduce our ability to “keep children safe.”

Meta committed to the plan

E2EE is already used in WhatsAPP but is being expanded for use in Facebook Messenger and Instagram. The feature is already available to millions, however, full implementation is expected by the end of 2023.

Encrypting direct messages on the platforms prevents anyone other than the intended recipient being able to intercept the communications, and that’s what the global coalition of law enforcement agencies doesn’t like.

“There is no doubt that encryption plays an important role in safeguarding privacy, however this must be balanced with the importance of safeguarding children online,” the taskforce said in the letter.

The decision to encrypt direct messages is called “an example of a purposeful design choice that degrades safety systems and weakens the ability to keep child users safe.”

A case study of David Wilson, one of the most prolific child sexual abuse offenders the National Crima Agency has ever investigated, is also cited in the letter. Wilson was jailed in 2021 for abusing 52 children.

“The successful prosecution of Wilson and the resulting safeguarding of hundreds of children was possible because law enforcement were able to access the evidence contained within over 250,000 messages through Facebook. In an E2EE environment, it is highly unlikely this case would have been detected,” the letter says.

ADVERTISEMENT
end-to-end
Law enforcement agencies do not like end-to-end encryption. Image by Shutterstock.

However, Meta says it is committed to the encryption plan. In a statement to the Guardian, the company’s spokesperson said: “The overwhelming majority of Brits already rely on apps that use encryption. We don’t think people want us reading their private messages, so have developed safety measures that prevent, detect and allow us to take action against this heinous abuse, while maintaining online privacy and security.”

In the case of Wilson, Meta says it had developed – and used – detection systems not reliant on the content of private messages so “it’s misleading and inaccurate” to say that encryption would not have allowed the firm to identify the abuser’s account.

Concerns over Online Safety Bill

Tech companies, Meta included, have also been opposing the United Kingdom’s Online Safety Bill (OSB). Ministers want the UK’s communications regulator, commonly known as Ofcom, to be able to ask the platforms to monitor users – the goal again is to root out child abuse images.

The government says it is possible to have both privacy and child safety. But WhatsApp, Signal and other messaging services have also published an open letter and said that the proposed regulatory regime would undermine E2EE and enhance what they call “mass surveillance.”

"Weakening encryption, undermining privacy and introducing the mass surveillance of people's private communications is not the way forward,” the letter published on Thursday said and added that the OSB, in its current form, opens the door to “routine, general and indiscriminate surveillance” of personal messages.

The tech sector has allies in the Parliament. Lord Kamall, a conservative peer, wrote this week that the OSB was “laudable in intent, but raised a number of questions.”

"Weakening encryption, undermining privacy and introducing the mass surveillance of people's private communications is not the way forward,”

Meta spokesperson.

“There is a wide consensus on protecting children from pornography and ensuring that neither they nor vulnerable adults are exposed to illegal content,” Lord Kamall said.

ADVERTISEMENT

“However, while most of us want our daily communications, now conducted almost entirely over the internet, to be secure, an unintended consequence of the bill may make apps more vulnerable to attack or interception by bad actors.”

Callum Voge, a senior government affairs and advocacy advisor at the Internet Society, a global nonprofit organization fighting for open and secure internet, also recently told Cybernews in an interview that endangering E2EE would actually make everyone, including children, less safe.

“When you weaken encryption, European internet users are put at risk – and that includes children. That's online scams, cyberattacks, even physical attacks facilitated by the online environment,” Voge said.

“It's really important to emphasize that it's not a linear kind of trade-off as in sacrificing our privacy to keep children safer. It's not a trade-off. We always want to remind people that children also rely on encryption for different types of harm – cyberattacks, impersonation of their contacts.”