The Government supports strong encryption, which is used by billions of people every day for services such as banking, commerce and communications.
However, we are concerned that end-to-end encryption has created significant and avoidable barriers to companies being able to identify and prevent activity by terrorists, child abusers or serious criminals who are using their products or services to cause harm.
Facebook’s proposals to apply end-to-end encryption to its messaging platforms by default presents significant challenges. On 4 October 2019, the Home Secretary published an open letter to Mark Zuckerberg requesting that Facebook does not implement its proposals without ensuring that there is no reduction to user safety and without including a means for law enforcement to obtain lawful access to the content of communications.
What is the Government proposing?
As set out in the open letter to Mark Zuckerberg, we have called on the company to:
- Embed the safety of the public in system designs, thereby enabling it to continue to act against illegal content effectively with no reduction to safety, and facilitating the prosecution of offenders and safeguarding of victims.
- Enable law enforcement to obtain lawful access to content in a readable and usable format.
- Engage in consultation with governments to facilitate this in a way that is substantive and genuinely influences its design decisions.
- Not implement the proposed changes until it can ensure that the systems they would apply to maintain the safety of their users are fully tested and operational.
What is Facebook proposing?
Facebook has acknowledged that its plans will remove its access to content, which it currently monitors for safety purposes. Mark Zuckerberg has said that “We face an inherent trade-off because we will never find all the potential harm we do today when our security systems can see the messages themselves.”
They have suggested that increased use of machine learning, artificial intelligence and user reporting will help mitigate the potentially very significant impact of the proposals.
Why is this not satisfactory?
Machine learning and artificial intelligence are a key element in advancing the detection of illegal material effectively. But they don’t take away the need for access to content. More than 99% of the content Facebook takes action against – both for child sexual exploitation and terrorism – is identified by its own safety systems and access to content, rather than by reports from users.
In 2018, Facebook made 16.8 million reports of child sexual exploitation and abuse to the US National Center for Missing & Exploited Children (NCMEC); NCMEC estimates that 12 million of these reports would be lost if the company pursues its plan to implement end-to-end encryption.
The UK National Crime Agency (NCA) estimates that in 2018 NCMEC reporting from Facebook will have resulted in more than 2,500 arrests by UK law enforcement and almost 3,000 children safeguarded in the UK.
Would you consider legislation to address this issue?
Our preferred solution is to work with Facebook to ensure that it does not implement the proposals in a manner which would diminish user safety, and without including a means for law enforcement to obtain lawful access to the content of communications.
What about other platforms?
This is not exclusive to one company. However, risks to public safety from Facebook’s proposals are exacerbated in the context of a single platform that would combine inaccessible messaging services with open profiles, providing unique routes for prospective offenders to identify and groom our children.
What about privacy?
Law enforcement and other agencies must, in certain circumstances, be able to access data, with strong and independent authorisation and oversight.
We do not agree with the assertion that there is a binary choice between security and privacy.
We assess that it is possible to develop a lawful, exceptional access solution which would not disproportionately increase cyber-security risk or undermine individuals’ privacy. Last November, the UK Government – through GCHQ – published an article on the national security blog Lawfare, setting out the principled approach we will take to working with companies on these issues. It supports ‘exceptional access systems’ being completely under the control of the company.
Read more about what the Government is doing to tackle Online CSEA.