The UK government's war on end-to-end encryption continues, with home secretary Priti Patel declaring that it represents a 'grotesque betrayal' of children.
Patel's comments follow a recent announcement from Meta that it will extend the end-to-end encryption (E2EE) already used in WhatsApp to direct messages sent from Facebook Messenger and Instagram early next year.
However, claiming that E2EE limits the ability of police to investigate child abuse, Patel urges the company to withdraw its plans.
"The consequences of inadequate protections – especially for end-to-end encrypted social media platforms – would be catastrophic," she writes.
"A great many child predators use social media platforms such as Facebook to discover, target, and sexually abuse children. These protections need to be in place before end-to-end encryption is rolled out around the world. Child safety must never be an afterthought."
In her article, Patel cites a recent discussion paper from GCHQ and the National Cyber Security Centre (NCSC), which argues in favor of client-side scanning (CSS) as a way to cut the Gordian knot.
CSS involves scanning images on the user's device, rather than in the cloud, looking for 'hashes' – unique digital signatures – of known images of child abuse or other prohibited material. But it's far from a magic bullet.
Last summer, Apple announced plans to introduce CSS but immediately came under fire for reasons both technical and ethical. When creating hashes, there's a certain amount of fuzziness to make sure that criminals can't simply change a pixel or two to evade detection – and this naturally leads to a high number of false positives.
Meanwhile, in a paper published last week, researchers at Imperial College London tested five perceptual hashing algorithms and found that 99.9 percent of images were able to successfully bypass the system undetected whilst preserving the content of the image.
"By design, perceptual fingerprints change slightly with a small change in the image, something which, we showed, makes them intrinsically vulnerable to attacks," comments co-author Shubham Jain. "For this reason, we do not believe these algorithms to be ready and deployed for general use."
More sinister is the possibility of expanding the list of prohibited material to anything a government fancies.
"President Xi will want to know who has photos of the Dalai Lama, or of men standing in front of tanks; and copyright lawyers will get court orders blocking whatever they claim infringes their clients’ rights," commented Ross Anderson, professor of security engineering at the University of Cambridge.
However, by advocating the introduction of CSS, Patel appears to be rowing back a little from the government's previous position that E2EE was simply unacceptable in all circumstances. This may indicate a recognition of the fact that the tide of public opinion is turning.
While the UK government's attempts to pitch E2EE as enabling child abusers and terrorists have in the past been largely successful, the issues are very different on the other side of the pond.
While Meta says that its E2EE test has been planned for quite a while, the timing is noteworthy: the company recently provided police with the direct messages of a 17-year-old accused of having an illegal abortion in Nebraska.
It's something that wouldn't have been possible with E2EE and which has sparked significant outrage in the US – and which means the 'think of the children' narrative is now starting to play out very differently in the US from the UK.
Vehement as her statements are, Patel's apparent new opinion that CSS might make E2EE more acceptable represents quite a row-back and may show a recognition of the fact that public opinion is against her – and that can only be a good thing.
More from Cybernews:
Subscribe to our newsletter