Crime agency crticises Meta as European police chiefs call for curbs on end-to-end encryption
Law enforcement agencies step up demands for “lawful access” to encrypted communications
The social media company, Meta, has come under fire as European police chief’s step up pressure against governments and tech companies over the use of end-to-end encryption to secure email and messaging services.
Police chiefs from 32 countries, including the UK, said in a declaration published on 21 April that tech companies were rolling out end-to-end encryption in a way which undermines the ability of law enforcement agencies to investigate crime.
The intervention comes as Parliament is in the final stages of introducing new powers under the Investigatory Powers Act that technology companies say could be used to prevent the deployment of end-to-end encryption without back-door access.
The National Crime Agency singled out Meta’s plans to deploy end-to-end encryption on its Facebook and Instagram services, raising fears that it could lead to the loss of millions of reports annually of suspected child abuse.
NCA Director Graeme Biggar said that while encryption can be hugely beneficial and protect the public from crime, technology companies were putting people at risk through their “blunt and increasingly widespread” roll-out of end-to-end encryption.
“They cannot protect their customers as they are no longer able see illegal behaviour on their own systems. Child abuse does not stop just because companies choose to stop looking,” he said.
The NCA argues that the “vast majority “of suspicious activity reports provided to UK police will be lost if Meta continues with its plans to provide encryption services on Instagram and Facebook.
Meta is responsible for the majority of referrals of suspicious activity by tech companies to the US National Centre for Missing and Exploited Children (NMEC).
Content from Facebook and Instagram have helped British police forces in safeguarding 1,200 children and arresting 800 suspects a month.
Europe’s police chiefs are also warning that in addition to making it difficult for tech companies to see what is being sent on their own networks, end-to-end encryption will hamper law enforcements’ ability to lawfully access data from technology companies to investigate serious crimes.
A declaration ratified by 32 European police forces in London and published on 21 April, said that police do not accept there has to be a binary choice between cyber security and privacy and public safety.
“Our view is that technical solutions do exist; they simply require flexibility from industry as well as from governments. We recognise that the solutions will be different for each capability, and also differ between platforms,” it said.
“We therefore call on the technology industry to build in security by design, to ensure they maintain the ability to both identify and report harmful and illegal activities, such as child sexual exploitation, and to lawfully and exceptionally act on a lawful authority,” it said.
Europol Executive Director Catherine de Bolle said: “Our homes are becoming more dangerous than our streets as crime is moving online. To keep our society and people safe, we need this digital environment to be secured.”
“Tech companies have a social responsibility to develop a safer environment where law enforcement and justice can do their work. If police lose the ability to collect evidence, our society will not be able to protect people from becoming victims of crime,” she added.
The declaration followed an informal meeting of European police chiefs hosted by the National Crime Agency on 18 April. It was ratified by UK, 27 member states of the EU, Norway, Switzerland, Iceland and Liechtenstein.
Cryptowars: Read more about the debate over end-to-end encryption
- Ofcom will consult on standards to enforce new powers, but tech companies remain concerned about the impact of the bill’s ‘spy clause’, which could require them to scan encrypted messages
- Technology companies say reassurances by government ministers that they have no intention of weakening end-to-end encrypted communication services do not go far enough.
- BCS, The Chartered Institute for IT, argues the government is seeking a technical fix to terrorism and child abuse without understanding the risks and implications.
- Government boosts protection for encryption in Online Safety Bill but civil society groups remain concerned.
- CEO of encrypted messaging service Element says Online Safety Bill could pose a risk to the encrypted comms systems used by Ukraine.
- Tech companies and NGOs urge rewrite of Online Safety Bill to protect encrypted comms.
- Protecting children by scanning encrypted messages is ‘magical thinking’, says Cambridge professor.
- Proposals for scanning encrypted messages should be cut from Online Safety Bill, say researchers.
- GCHQ experts back scanning of encrypted phone messages to fight child abuse.
- Tech companies face pressure over end-to-end encryption in Online Safety Bill.
- EU plans to police child abuse raise fresh fears over encryption and privacy rights.
- IT professionals wary of government campaign to limit end-to-end encryption.
- John Carr, a child safety campaigner backing a government-funded campaign on the dangers of end-to-end encryption to children, says tech companies have no choice but to act.
- Information commissioner criticises government-backed campaign to delay end-to-end encryption.
- Government puts Facebook under pressure to stop end-to-end encryption over child abuse risk.
- Former UK cyber security chief says UK government must explain how it can access encrypted communications without damaging cyber security and weakening privacy.
- Barnardo’s and other charities begin a government-backed PR campaign to warn of dangers end-to-end encryption poses to child safety. The campaign has been criticised as ‘one-sided’.
- Apple’s plan to automatically scan photos to detect child abuse would unduly risk the privacy and security of law-abiding citizens and could open up the way to surveillance, say cryptographic experts.
- Firms working on UK government’s Safety Tech Challenge suggest scanning content before encryption will help prevent the spread of child sexual abuse material – but privacy concerns remain.
- Private messaging is the front line of abuse, yet E2EE in its current form risks engineering away the ability of firms to detect and disrupt it where it is most prevalent, claims NSPCC.
- Proposals by European Commission to search for illegal material could mean the end of private messaging and emails, says MEP.
Originally published at ECT News