Once again, it’s time to end encryption… for the children. That’s the message being put out by the UK’s National Society for the Prevention of Cruelty to Children (NSPCC). And that message is largely regurgitated word-for-word by Sky News:
In what it is calling the “biggest threat to children online”, the NSPCC (National Society for the Prevention of Cruelty to Children) says safeguards need to be introduced so police can access the data if needed.
“The proposals to extend end-to-end encryption on messaging platforms mean they are essentially putting a blindfold on itself” says Andy Burrows, head of the NSPCC’s child safety online policy.
“No longer will the social network be able to identify child abuse images that are being shared on its site, or grooming that’s taking place on its site.
“Because abusers know they will be able to operate with impunity, therefore it means that not only will current levels of abuse go largely undetected, but it’s highly likely that we’ll see more child abuse.”
Is it the “biggest threat?” That doesn’t seem likely, especially when others who are concerned about the welfare of children say encryption is actually good for kids.
Here’s Connect Safely, a nonprofit headed by Larry Magid, who is on the board National Center for Missing and Exploited Children (NCMEC), which operates a clearinghouse for child porn images that helps law enforcement track down violators and rescue exploited children:
Some worry that encryption will make it harder for law enforcement to keep us safe, but I worry that a lack of encryption will make it harder for everyone, including children, to stay safe.
Phones and other digital devices can contain a great deal of personal information, including your current and previous locations, home address, your contacts, records of your calls and your texts, email messages and web searches. Such information, in the hands of a criminal, can not only lead to a violation of you or your child’s privacy, but safety as well. That’s why it’s important to have a strong passcode on your phone as well as a strong password on any cloud backup services… But even devices with strong passwords aren’t necessarily hacker proof, which is why it’s important that they be encrypted.
And here’s UNICEF, which has long been involved with protecting children around the world:
There is no equivocating that child sexual abuse can and is facilitated by the internet and that endto-end encryption of digital communication platforms appears to have significant drawbacks for the global effort to end the sexual abuse and exploitation of children. This includes making it more difficult to identify, investigate and prosecute such offences. Children have a right to be protected from sexual abuse and exploitation wherever it occurs, including online, and states have a duty to take steps to ensure effective protection and an effective response, including support to recover and justice.
At the same time, end-to-end encryption by default on Facebook Messenger and other digital communication platforms means that every single person, whether child or adult, will be provided with a technological shield against violations of their right to privacy and freedom of expression.
Despite this being far more nuanced than the NSPCC is willing to admit, it’s helping push legislation in the UK which would result in less child safety, rather than more. The Online Safety Bill would place burdens on communication services to prove they’re making every effort to prevent child exploitation. And “everything” means stripping all users of end-to-end encryption because this protective measure means no one but the sender and receiver can see their communications.
The bill would make tech companies responsible for “failing” to police child porn — with “failure” determined by “aggravating factors” like, you guessed it, offering end-to-end encrypted communications.
The following questions will help ascertain key risk aggravating factors (this is not an exhaustive list). Do your services:
allow users to create, share, promote, repost or share sentiment on any type of content?
offer private messaging spaces (both in access-controlled groups and as 1-to-1 messages)?
offer ephemeral, encrypted or self-deleting content?
use end-to-end encryption to place user content out of reach of provider moderation systems?
offer features that enable exchange of rich media including video (stored and livestreamed), audio, images, link sharing (including via URL shortening services), virtual reality, location sharing and contact details on other platforms or services?
offer user profiles that facilitate adults finding and contacting children and that may enable real-world identification of vulnerable people, including children?
This legislation — and the cheerleading from entities like the NSPCC — doesn’t really do anything but turn tech companies into handy villains that are far easier (and far more lucrative) to punish. There’s not going to be an influx of child porn just because communications are now encrypted. As critics of encryption have pointed out again and again, Facebook reports thousands of illegal images a year. So, a lack of encryption wasn’t preventing the distribution of illicit images. Adding encryption to the mix is unlikely to change anything but how much is reported by Facebook.
We all use encryption. (I mean, hopefully.) Having access to encrypted communications hasn’t nudged most people into engaging in criminal activity. That the same tech that protects innocent people is utilized by criminals doesn’t make the tech inherently evil. It’s the people that are evil.
As for law enforcement, it will still have plenty of options. Plenty of images will still be detected because lots of people are lazy or ignorant and use whatever’s convenient, rather than what’s actually secure. Encryption won’t exponentially increase the amount of illicit content circulating the internet. If the FBI (and others) can successfully seize and operate dark web child porn sites, it’s safe to say law enforcement will still find ways to arrest suspects and rescue children, even if encryption may make it slightly more difficult to do so.