Home secretary Suella Braverman is stepping up pressure on Meta over its plans to roll out end-to-end encrypted message services on Facebook and Instagram.
The government claims that plans by the social media company to introduce encrypted messaging services will have a “catastrophic impact” on the ability of police to detect and prosecute child sexual abuse.
Braverman is challenging Meta to “urgently commit” to using technology to introduce safety measures to protect children from sexual abuse or to abandon its planned roll-out of end-to-end encrypted (E2EE) messaging services.
The home secretary’s campaign is backed by charities, including the NSPCC, the Marie Collins Foundation and the Internet Watch Foundation.
“Meta has failed to provide assurances that they will keep their platforms safe from sickening abusers. They must develop appropriate safeguards to sit alongside their plans for end-to-end encryption,” said Braverman. “I have been clear time and time again, I am not willing to compromise on child safety.”
Tech firms claim Online Safety Bill will undermine encryption
Braverman’s intervention comes as the controversial Online Safety Bill, which gives communications regulator Ofcom powers to require encrypted messaging providers to install “accredited technology” to scan messages for illegal content, was passed into law.
Technology companies and civil society groups argue that the new powers will introduce weaknesses that undermine encryption and could be exploited by hackers and rogue nation states.
Companies that offer encrypted messaging and email, including Proton, Signal and Element, have threatened to pull out of the UK if the plans are enacted.
“If Meta implements end-to-end encryption as planned, it will make their platforms less safe for children and massively reduce our collective ability to protect them” James Babbage, NCA
Meta has announced plans to move its Facebook and Instagram messaging services to end-to-end encryption by the end of this year.
The National Crime Agency (NCA) said that if Meta proceeds with its plans to introduce encryption, the loss of criminal referrals from Facebook Messenger and Instagram Direct services could mean that thousands of criminals could go undetected.
NCA director general James Babbage said Meta has supported law enforcement by referring instances of sexual abuse to the authorities.
“However, if Meta implements end-to-end encryption as planned, it will make their platforms less safe for children and massively reduce our collective ability to protect them,” he said. “We are not asking for new or additional law enforcement access, we simply ask that Meta retains the ability to keep working with us to identify and help prevent abuse. This collaboration remains absolutely vital.”
No evidence of how Meta will protect children
The home secretary’s intervention came after she raised concerns with Meta in a joint letter with child safety experts, law enforcement, survivors and child safety charities in July 2023.
In the letter, Braverman asked Meta for detailed evidence of how it would be able to protect child safety if it encrypted its messaging services. According to the Home Office, Meta was unable to provide the evidence asked for, raising concerns that Meta does not have robust plans in place to protect the safety of children.
Braverman is urging Meta to use its “technological prowess” to develop systems capable of detecting child abuse material in its encrypted messaging services while still maintaining “the utmost privacy for users”.
The government-funded campaign No Place To Hide released letters and videos written and presented by abuse survivors to the founder of Meta, Mark Zuckerberg, calling on him to rethink Meta’s plans to extend its use of encrypted messaging.
In a video released today, abuse survivor Rhiannon-Faye McDonald, who was abused and blackmailed by someone she met online aged 13, asks Zuckerberg not to put children’s safety at risk by going ahead with end-to-end encryption.
“As a survivor of child sex abuse, I more than anyone want to know that my privacy is protected. I am also not opposed to E2EE in principle, as long as there are safeguards which mean it does not harm children and put them at risk,” she says.
Measures in the Online Safety Bill, under Section 122, known as the “spy clause”, will allow the regulator Ofcom to require technology companies to introduce “accredited” technology to scan encrypted messages and data for illegal content.
The proposals have alarmed encrypted email and message providers, including Signal, Element and Proton, which have threatened to withdraw their services from the UK if Ofcom enacts its powers.
They have raised concerns, along with cryptographers, academics and civil society groups, that the plans will weaken encryption and introduce security vulnerabilities that could be exploited by hackers, hostile nation states or abusers.
Meta denies home office claims
Meta said that contrary to the home office claims it had provided the government with detailed evidence about safety measures for its encrypted messaging services in July.
“The overwhelming majority of Brits already rely on apps that use encryption to keep them safe from hackers, fraudsters and criminals. We don’t think people want us reading their private messages so have spent the last five years developing robust safety measures to prevent, detect and combat abuse while maintaining online security,” a spokesperson said.
Meta’s safety measures, published in a report today, include, restricting people over 19 from messaging teens who don’t follow them and using technology to identify and take action against malicious behaviour.
“As we roll out end-to-end encryption, we expect to continue providing more reports to law enforcement than our peers due to our industry leading work on keeping people safe,” the spokesperson said.
Preserving privacy while detecting illegal content
During the passage of the Online Safety Bill in the House of Lords, junior minister Stephen Parkinson said regulators would not use powers in the bill to require tech companies to scan encrypted messages until it was “technically feasible” to do so.
Police and government officials argue that Meta has the resources and the expertise to develop technology that can both maintain privacy and detect child sexual abuse, but claim it has not been willing to engage on the topic.
The government has funded proof-of-concept technologies through its Safety Tech Challenge Fund, which aims to find ways to preserve privacy while detecting illegal material.
One of these technologies is SafetoWatch software, which runs on a phone or computer and uses machine learning which it claims can identify previously unknown child sexual abuse content in real time to prevent it being seen or recorded.
“We urge companies looking to introduce end-to-end encryption to their services to think carefully about the impact on younger, vulnerable users, and to build in the safety features we’d expect in other areas of our lives” Susie Hargreaves, Internet Watch Foundation
The company that developed the technology, SafetoNet, has been able to embed it in the operating system of an Android phone and claims to detect and block abuse images after they arrive from an encrypted message service or before they are sent.
Another technology being put forward is client-side scanning, which relies on software installed on a mobile phone or a computer to scan messages for known abuse images. Government experts argue that similar technology is already used by Microsoft and Apple to check the security of their customers’ passwords by comparing them with lists of known leaked passwords without the password leaving the device.
Another technology, known as Secure Multiparty Computing, also makes it possible to run calculations to compare an image on a phone with a list of known bad images without the image leaving the phone, according to government experts.
Home Office experts believe Facebook and Instagram pose a particular threat to children because they allow abusers to search for and contact potential victims. Although Facebook makes the accounts of children under 16 private by default, third-party services make it possible for people to locate account holders under 16.
The Home Office estimates that 14 million reports of potential child abuse could be lost if Meta goes ahead with its plans, significantly increasing the risk of child exploitation or other serious harm.
Susie Hargreaves, chief executive of the Internet Watch Foundation, said there was a danger of “switching off the lights” on child sexual abuse if Meta went ahead. “We urge companies looking to introduce end-to-end encryption to their services to think carefully about the impact on younger, vulnerable users, and to build in the safety features we’d expect in other areas of our lives,” she added.
Peter Wanless, chief executive of the NSPCC, said abusers attempt to move people from open platforms to encrypted services. “We hear from Childline and survivors how offenders actively move children they have targeted on open platforms to end-to-end encrypted services to groom and ultimately abuse them,” he said. “Victims say this amounts to their privacy and safety rights being eroded.”