The UK is trying to stop Facebook’s end-to-end encryption


The UK is planning a new attack on end-to-end encryption, with the Home Office set to spearhead efforts designed to deter Facebook from further rolling out the technology into its messaging apps.

Interior Minister Priti Patel plans to deliver a keynote address at a child protection charity event focused on exposing the perceived evils of end-to-end encryption and calling for stricter regulation of the technology. At the same time, a new report will say that technology companies must do more to protect children online.

Patel will lead a panel discussion on April 19 hosted by the National Society for the Prevention of Cruelty to Children (NSPCC), according to a draft invitation seen by WIRED. The event is set to be deeply critical of the encryption standard, making it difficult for researchers and technology companies to monitor communications between people and detect child bullying or illegal content, including images of terror or child abuse.

End-to-end encryption works by securing communications between those who participate in them: only the sender and receiver of the messages can see what they say and the platforms that provide the technology cannot access the content of the messages. Technology has become increasingly standard in recent years with WhatsApp and Signal using end-to-end encryption by default to protect people’s privacy.

The Home Office move comes as Facebook plans to implement end-to-end encryption on all of its messaging platforms, including Messenger and Instagram, prompting fierce debate in the UK and elsewhere about the alleged risks involved. technology represents for children.

During the event, the NSPCC will release a report on end-to-end encryption from PA Consulting, a UK company that has advised the UK Department of Digital Culture and Sports Media (DCMS) on the upcoming regulation of online security. A first draft of the report, seen by WIRED, says that increased use of end-to-end encryption would protect adult privacy at the expense of children’s safety, and that any strategy adopted by tech companies to mitigate the effect from end-to-end encryption – the ultimate encryption will be “almost certainly less effective than the current ability to search for harmful content.”

The report also suggests that the government develop a regulation “expressly directed at encryption,” in order to prevent technology companies from “designing[ing] move away ”your ability to control illegal communications. It recommends that the upcoming online safety bill, which will impose a duty of care on online platforms, force tech companies to share data about child abuse online, rather than voluntarily.

The online security bill is expected to require companies whose services use end-to-end encryption to demonstrate how effectively they address the spread of harmful content on their platforms, or risk fines from the communications authority Ofcom, which will be in charge. to enforce the rules. As a last resort, Ofcom could require a company to use automated systems to remove illegal content from its services.

The NSPCC says this setup doesn’t go far enough to control encryption: In a statement issued last week, the charity urged digital secretary Oliver Dowden to strengthen the proposed regulation, preventing platforms from being deployed from one extreme. to another. End encryption until they can demonstrate that they can safeguard children’s safety. Currently, Facebook addresses the circulation of child sexual abuse content on WhatsApp by removing accounts that display banned images in their profile photos or groups whose names suggest illegal activity. WhatsApp says it bans more than 300,000 accounts per month that it suspects of sharing child sexual abuse material.

“Ofcom will have to pass a series of tests before it can act on a regulated platform,” says Andy Burrows, NSPCC’s director of online child safety policy. “This is about being able to require evidence of serious and sustained abuse, which will be practically very difficult to do because end-to-end encryption will remove a significant amount from the reporting stream.”

.

Source link