Child protection organisations have sent a joint letter urging Facebook CEO Mark Zuckerberg to halt plans to bolster encryption on its platforms, warning it will make it harder to catch child abusers.
The worldwide coalition, which includes the NSPCC, Barnardo’s and Child USA, has called on Facebook to build “safeguards” into its encryption to ensure Facebook and law enforcement can continue to monitor for child exploitation.
End-to-end encryption means that only those involved in the conversation can read the messages. It is already in use on Facebook-owned WhatsApp, but Facebook wants to add it to Facebook Messenger and Instagram Direct.
NSPCC Chief Executive Peter Wanless said: “Facebook may be happy to shut their eyes to abuse but they can’t close their ears to this unanimous concern shown by international experts.
“Mark Zuckerberg has a choice whether to allow sexual abuse to soar on his sites or listen to those from all over the world asking him to rethink how to implement encryption without putting children at risk.”
A Facebook spokesman told the BBC that protecting the wellbeing of children on its platform was “critically important” to it.
“We have led the industry in safeguarding children from exploitation and we are bringing this same commitment and leadership to our work on encryption,” he said.
“We are working closely with child-safety experts, including NCMEC [the US National Center for Missing and Exploited Children], law enforcement, governments and other technology companies, to help keep children safe online.”
Facebook encryption plans: Balancing privacy and security
A Freedom of Information request sent by the NSPCC to 32 UK police forces last year showed that Facebook, Instagram and WhatsApp were used in child abuse image and online child sexual offences an average of 11 times a day.
The NCMEC estimates that Facebook’s end-to-end encryption plans could see 70% of reports being lost. This would be the equivalent of 11 million child exploitation reports being lost a year, the 129-strong coalition said.
Proponents of end-to-end encryption say it protects users from criminal activities, such as cyber-stalking and phishing. It is also used by human rights activists and journalists to avoid persecution.
Jake Moore, cybersecurity specialist at ESET and a former police computer forensics officer, said it’s “about striking the right balance”, but warned Facebook users would be at risk to cybercriminals without end-to-end encryption.
“Encryption is the backbone of the internet. Without it you lose all security and if you create a backdoor you in effect break the internet,” he told Verdict.
“There is an ongoing encryption battle between law enforcement and the technology companies but it’s all about striking the right balance.
“I think Facebook is right to make their applications secure, which in fact helps protect its users. There are many security features in place to help them and there is a lot the public can learn about these platforms before trying to eavesdrop. Taking away encryption allows cybercriminals to view sensitive data which creates more problems in the long run.
“Arguably, if Facebook was to allow access to its messaging platforms, many users could simply move to other more privacy-focused applications.”
Tom Van de Wiele, principal security consultant at Finnish cybersecurity firm F-Secure, echoed the benefits of end-to-end encryption. He told Verdict that “reimplementing” the ability to scan for child sexual abuse material in a Facebook end-to-end encryption environment would, with current technology, “push this functionality to the end points”.
“Whatever change is made in the future, the impact on privacy will have to be assessed first, as well as scenarios where the sender and receiver can disable or render the functionality moot,” he said. “In the meantime, we have to make sure that lawmakers and politicians do not create a platform using a slippery slope approach – unelected officials or self-created best practices in order to gain blanket access to our data in and from countries all around the world.
“Technology changes a lot slower than politics and any right, freedom or certain private information that is given away once, is gone for good.”