The UK is planning a new attack on end-to-end encryption, with the Home Office taking charge of efforts designed to discourage Facebook from further rolling out the technology to its messaging apps.
Home Secretary Priti Patel plans to deliver a keynote speech at a child protection charity event aimed at exposing the perceived ills of end-to-end encryption and calling for stricter regulation of the technology. At the same time, a new report will say technology companies need to do more to protect children online.
Patel will lead an April 19 roundtable hosted by the National Society for the Prevention of Cruelty to Children (NSPCC), according to a draft invitation from WIRED. The event will be highly critical of the coding standard, making it more difficult for researchers and technology companies to monitor communication between people and detect childcare or illegal content, including images of terror or child abuse.
End-to-end encryption works by securing communications between those involved – only the sender and recipient of messages can see what they say and platforms that, provided the technology cannot access message content. The technology has become increasingly standard with WhatsApp and Signal in recent years with standard end-to-end encryption to protect people’s privacy.
The move from the Home Office comes as Facebook plans to roll out end-to-end encryption on all of its messaging platforms – including Messenger and Instagram – sparking heated debate in the UK and elsewhere about the alleged risks that technology brings to children.
At the event, the NSPCC will unveil a report on end-to-end encryption by PA Consulting, a UK company that has advised the UK Department for Digital Culture Media and Sport (DCMS) on upcoming online security regulations. An early version of the report, seen by WIRED, says that an increasing use of end-to-end encryption would protect adult privacy at the expense of children’s safety, and that any strategy followed by technology companies to mitigate the effect of end-to-end encryption. End encryption will “almost certainly be less effective than the current ability to scan for malicious content.”
The report also suggests that the government is enacting regulations that “explicitly target encryption” to prevent technology companies from “engaging” engineers.[ing] away ”their ability to control illegal communications. It recommends that the forthcoming Online Safety Act – which imposes a duty of care on online platforms – makes it mandatory for technology companies to share online child abuse data, rather than voluntarily.
The online security law is expected to require companies whose services use end-to-end encryption to demonstrate how effectively they address the spread of malicious content on their platforms – or risk being fined by the communications authority Ofcom, which provides the will be in charge. of enforcement of the rules. As a last resort, Ofcom could require a company to use automated systems to remove illegal content from their services.
The NSPCC says this setup doesn’t go far enough to curb encryption: In a statement released last week, the charity urged its digital secretary, Oliver Dowden, to bolster the proposed regulation, preventing that platforms end end-to-encryption until they can demonstrate that they can ensure the safety of children. Facebook is currently tackling the circulation of child sexual abuse content on WhatsApp by removing accounts that show banned images in their profile photos, or groups whose names suggest illegal activity. WhatsApp says it bans more than 300,000 accounts per month that it suspects share child sexual abuse material.
“Ofcom will have to pass a series of tests before it can take action on a regulated platform,” said Andy Burrows, NSPCC’s chief online child safety policy. “That’s about being able to demand evidence of serious and persistent abuse, which is going to be very difficult in practice as end-to-end encryption will take a significant portion of the reporting flow.”