Getty Images | Olemedia
The long-running battle over encryption between tech companies and law enforcement continues, with law enforcement agencies around the world calling on Meta to cancel plans for end-to-end encryption of Facebook and Instagram messages.
End-to-end encryption (often called “E2EE”) boosts security and privacy for all users, whether law-abiding or not. But government officials have long opposed plans to make the technology more widely available, citing the risk that terrorists, sex traffickers, child abusers, and other criminals will use encrypted messages to evade law enforcement.
The latest call to abandon encryption plans was made today by the Virtual Global Taskforce, a consortium of 15 law enforcement agencies including two from the US: the FBI and ICE Homeland Security Investigations. The task force focuses specifically on child sexual abuse; other members include Europol and agencies from the UK, Canada, Colombia, Australia, New Zealand, Kenya, the Philippines, the United Arab Emirates, the Netherlands, and South Korea.
“The announced implementation of E2EE on Meta platforms Instagram and Facebook is an example of a purposeful design choice that degrades safety systems and weakens the ability to keep child users safe,” the global task force said in a statement on the UK National Crime Agency’s website.
“Meta is currently the leading reporter of detected child sexual abuse to NCMEC,” the task force said, referring to the US-based National Center for Missing & Exploited Children. Meta hasn’t provided any indication “that any new safety systems implemented post-E2EE will effectively match or improve their current detection methods,” according to the group.
“The abuse will not stop just because companies decide to stop looking,” the group also said, accusing Meta and other tech companies of “blindfolding themselves to child sexual abuse.”
End-to-end encryption is available in Facebook Messenger and Instagram as an option, but the law enforcement statement was likely spurred by Meta’s plan to turn the security feature on by default in Facebook Messenger sometime this year. The Meta-owned WhatsApp already has end-to-end encryption enabled by default.
Meta: People don’t want us reading private messages
When contacted by Ars, Meta provided a statement in response to the Virtual Global Taskforce:
Most Americans already rely on apps that use encryption to safely transfer money, talk to doctors, and communicate privately. We don’t think people want us reading their private messages, so have developed safety measures that prevent, detect and allow us to take action against this heinous abuse, while maintaining online privacy and security. As we continue to roll out our end-to-end encryption plans, we remain committed to working with law enforcement and child safety experts to ensure that our platforms are safe for young people.
A Meta spokesperson said the company’s plan to make end-to-end encryption the default in Facebook Messenger is still on track to be completed this year. “End-to-end encryption is already optional on Messenger. Our plan is to fully roll it out, and make it default for Messenger users, sometime in 2023. We provide regular updates on our progress,” Meta said. The plan for default end-to-end encryption applies to Instagram messages, too, but the Instagram rollout may not happen in 2023, the spokesperson said.
Apple has had long-running disputes with the US government over encryption, and Facebook has faced a steady drumbeat of calls to remove encryption the past few years. “Since about 2018 the main narrative of law-enforcement and intelligence agencies has been that the end-to-end cryptography in messenger products such as WhatsApp makes life too easy for sexual predators, while the introduction of end-to-end encryption in Facebook Messenger is now claimed to pose an additional risk to children,” said a 2022 paper by Ross Anderson, a security expert and professor at the University of Cambridge.
Task force: Tech firms “blindfold” themselves
The Virtual Global Taskforce statement cited the case of UK-based sex offender David Wilson, who was sentenced to 25 years in prison in 2021. Wilson used Facebook “to contact thousands of children, grooming hundreds of victims using fake online profiles,” while pretending to be a teenage girl, the statement said.
“The successful prosecution of Wilson and the resulting safeguarding of hundreds of children was possible because law enforcement were able to access the evidence contained within over 250,000 messages through Facebook. In an E2EE environment, it is highly unlikely this case would have been detected,” the task force said.
The group of law enforcement agencies made it clear that its anti-encryption message isn’t intended only for Meta.
“The Virtual Global Taskforce is calling for all industry partners to fully appreciate the impact of implementing system design decisions that result in blindfolding themselves to child sexual abuse (CSA) occurring on their platforms, or reduces their capacity to identify CSA and keep children safe,” the group said.
“Moral reasons” to implement encryption
Many security experts have argued against calls to remove encryption or provide “backdoors” requested by law enforcement.
“The complexity of today’s Internet environment, with millions of apps and globally connected services, means that new law enforcement requirements are likely to introduce unanticipated, hard to detect security flaws,” a group of computer science and cryptography researchers wrote in 2015. “Beyond these and other technical vulnerabilities, the prospect of globally deployed exceptional access systems raises difficult problems about how such an environment would be governed and how to ensure that such systems would respect human rights and the rule of law.”
Anderson’s 2022 paper argued that end-to-end encryption should “remain available for moral reasons.”
“Pervasive surveillance, without warrant or suspicion, is contrary to human-rights law, just like torture,” he wrote. “Arguments in its favour must be treated with great suspicion and cannot be conceded on utilitarian grounds. Agencies tasked with defending the rules-based international order should defend the basic rights of their own citizens, including the rights of children, rather than seek to undermine them. The rule of law must take precedence over ‘national security.'”
Meta’s latest update on its encryption progress was in January. “Over the next few months, more people will continue to see some of their chats gradually being upgraded with an extra layer of protection provided by end-to-end encryption. We will notify people in these individual chat threads as they are upgraded,” the company said.
Meta didn’t say exactly when in 2023 it will make end-to-end encryption the default. “Building a secure and resilient end-to-end encrypted service for the billions of messages that are sent on Messenger every day requires careful testing. We’ll provide updates as we continue to make progress towards this goal over the course of 2023,” it said.
