New campaign aims to stop more encrypted apps

Getty Images A stock image of a child using a smartphoneGetty Images

A new government-backed campaign is calling on tech giants to stop rolling out end-to-end-encryption (E2EE).

Messaging apps like WhatsApp and Signal already use E2EE, and Meta plans to deploy it in Facebook Messenger, but the No Place to Hide campaign says it makes it harder to detect child abuse.

When messages are sent using E2EE, only the sender and receiver can read them, not law enforcement or the app owners.

However, Meta believes it can protect children without altering encryption.

Launching the campaign on Tuesday, a spokesperson said that rolling out E2EE would be "like turning the lights off on the ability to identify child sex abusers online".

They added: "We're calling on social media platforms to make a public commitment that they will only implement end-to-end encryption when they have the technology to ensure children's safety won't be put in jeopardy as a result."

The campaign added that it wanted to work with tech companies to find solutions that protected children and privacy.

The campaign says figures from the US National Center for Missing and Exploited Children (NCMEC) show 21.7 million reports of child sexual abuse material were made in 2020 across social media platforms.

They say that the NCMEC data suggests 14 million reports of suspected online child sex abuse could be lost every year if further roll out of encryption is not stopped.

No Place To Hide A still from a No Place to Hide videoNo Place To Hide
A campaign video suggests online grooming might be missed if encrypted

The campaign is led by a steering group of charities Barnardo's, the Lucy Faithfull Foundation, the Marie Collins Foundation and safety-technology company SafeToNet.

And it is made up of a coalition of "child safety campaigners, charities, tech experts and survivors of child sex abuse" brought together by communications company M&C Saatchi and backed by the Home Office.

'Technically impossible'

Many experts have questioned the idea that it is possible to have both secure encryption and check the content of encrypted messages for child abuse content.

Jim Killock, of digital campaigning organisation Open Rights Group, told the BBC it was "technically impossible" and any weakening of encryption would expose users to danger.

"Encryption protects us from scams, blackmail and criminal abuse of personal messages, so the government needs to face up to the fact that it is choosing to help criminals," he said.

Ciaran Martin, the former head of the National Cyber Security Centre, in a speech in November said the idea that it was possible both have well-functioning end-to-end-encryption and give law enforcement targeted access to messages was "technological 'cakeism'".

However, the Home Office told the BBC: "The UK government supports encryption, and believes that E2EE can be implemented responsibly in a way which is consistent with public safety.

"Our view is that online privacy and cyber-security must be protected, but that these are compatible with safety measures that can ensure the detection of child sexual exploitation and abuse."

While the campaign doesn't explicitly say it, a key concern of the government has been Meta's planned E2EE rollout of in Facebook Messenger and Instagram direct messages - a plan the tech giant has delayed until 2023

Meta argues it can roll out encryption unchanged while deploying other systems to keep children safe.

Antigone Davis, its global head of safety, said: "The overwhelming majority of Brits already rely on messaging services which use end-to-end encryption to keep them safe from hackers, fraudsters and criminals.

"We agree on the need for strong safety measures that work with encryption and are building these into our plans."

The company pointed out it already banned suspicious profiles, restricted adults from messaging children they're not connected with and made under-18s' accounts private or "friends only".

The company said it was working with experts and law enforcement and taking its time to get the rollout of E2EE right.

Presentational grey line
Analysis box by Joe Tidy, Cyber reporter

The E2EE debate has been bubbling away for years with fierce arguments between policy-makers around the world and privacy campaigners.

Meanwhile most of us have paid no attention.

We've all embraced the likes of WhatsApp and Signal into our daily lives, none the wiser that these apps are now part of the battleground in a huge fight launched on Tuesday in the UK.

With billions of people already using E2EE apps, some would argue that the cat is already out of the bag.

Clearly the government feels that the battle is not truly lost until Meta implements the technology to Messenger.

But what it is asking for is, in the view of many cyber-security experts, impossible.

If there's a so-called "backdoor" built into the E2EE technology then it undermines the system itself, they say.

So after years of trying to convince tech giants directly, the hope is that a broad appeal to the public will be the thing that finally persuades Meta and others to either invent a new way around the system that satisfies the authorities, or finish end-to-end once and for all.

Presentational grey line