The UK home secretary, Priti Patel, has warned Facebook that its plans to introduce end-to-end encryption on Facebook Messenger and Instagram are “unacceptable”. She claims that the technology will allow child abuse to continue online and prevent police catching offenders.
The warning came at an event hosted by UK children’s charity NSPCC to debate the trade-off between safety and privacy. The charity warned that “private messaging is where most child sexual abuse happens online” and claimed that end-to-end encryption will increase the risk of abuse and stymie attempts to uncover and prevent it. Here’s what you need to know.
What is end-to-end encryption?
In general, encryption involves mathematically encoding data, in this case Facebook or Instagram messages, so that only someone with a secret key can read it. The technique relies on mathematical puzzles that require a gargantuan amount of processing power to break without the key.
A message sent online may have no encryption at all, or it may be passed to a third party to be encrypted and decrypted before and after transmission. In either scenario, there are points at which other people, including law enforcement or hackers, can swoop in and intercept a message.
End-to-end encryption is different because the message is encrypted on the user’s device and only decrypted at the other end by the recipient. In theory, nobody except the sender or the receiver can read what was sent.
Why is that a problem?
The NSPCC claims that this technology is dangerous and will prevent websites and apps from spotting abuse, and law enforcement from investigating and prosecuting crimes. But lots of services already use end-to-end encryption, such as Signal and Facebook-owned WhatsApp.
State security agencies had been caught requesting “back doors” that allow them to bypass the encryption systems of big tech companies. In fact, a 2019 letter to Facebook CEO Mark Zuckerberg from Priti Patel, the US attorney general and Australia’s home affairs minister requested that end-to-end encryption not be launched across its messaging services “without including a means for lawful access to the content”. But the risk is that the back door is misused by governments to monitor citizens. It may even be discovered and abused by malicious third parties.
Why does Facebook want encryption?
Facebook told New Scientist that it sees end-to-end encryption as important to keep people safe from hackers and criminals. In a 2018 blog post, Gail Kent at Facebook, who previously spent two decades at the UK’s National Crime Agency, said that banning end-to-end encryption would remove an important layer of security for hundreds of millions of law-abiding people, but also “would not stop bad actors from using end-to-end encryption since other, less responsible services are available”.
How does Facebook assist law enforcement?
Facebook uses a variety of techniques to spot and report illegal activity on its platforms. In 2018, the company made 16.8 million reports to the US National Center for Missing & Exploited Children (NCMEC), and the National Crime Agency estimates that this led to 2500 arrests in the UK.
Nonetheless, the NCMEC estimates that if end-to-end encryption were implemented in all web services it would lose more than half of its tip-offs about illegal activity.
Is there an alternative approach?
Even with end-to-end encryption, there are ways for law enforcement to intercept messages when the stakes are high enough. Messages in transit may be hard to decrypt, but they can be intercepted at the other end once decrypted by the intended recipient. The UK’s Investigatory Powers Act gives intelligence agencies and police the power to hack computers and phones to access, change or destroy data. This could involve digging out the private keys used to encrypt messages, allowing them to be read after interception or just directly reading the messages on the device.
More on these topics: