Priti Patel v Facebook is the latest in a 30-year fight over encryption
Governments have been clashing with tech companies for decades over user privacy
Priti Patel has stepped up an international campaign to force Facebook to reverse its plans to merge its messaging apps and encrypt all communications between users, arguing such plans make it harder to safeguard children. But despite the intensity of the home secretary’s call for action, there’s little new ground broken in the encryption wars.
“We cannot allow a situation where law enforcement’s ability to tackle abhorrent criminal acts and protect victims is severely hampered,” Patel told an event organised by the NSPCC children’s charity on Monday afternoon. “Simply removing accounts from platforms is nowhere near enough.”
Her comments are the latest push in a fight that goes back almost 30 years. The broad issue is the same as ever: governments and law enforcement are worried about what is being said on communications platforms they cannot easily monitor, while technology companies argue that the nature of encryption means they have to provide privacy for everyone or no one.
This time, though, the territory is slightly different. Facebook’s decision in 2020 to begin merging its various messaging platforms has added a sense of urgency. The move, which started when Messenger and Instagram merged in August, will eventually put those two platforms and WhatsApp all on the same network, with all chats being encrypted between them.
In a statement, Facebook said: “Child exploitation has no place on our platforms and Facebook will continue to lead the industry in developing new ways to prevent, detect and respond to abuse. End-to-end encryption is already the leading security technology used by many services to keep people safe from hackers and criminals. Its full rollout on our messaging services is a long term project and we are building strong safety measures into our plans.”
Hard as it is to convince technology companies to turn off encryption, it may be somewhat easier to convince them not to turn it on in the first place. And the NSPCC hopes that that conversation will be more successful if it avoids the same mistakes its precursors took. “We want to move away from this being seen as a vexing unresolvable tradeoff of an argument that pits the needs and the wishes of adults against those of children,” says Andy Burrows, the head of the charity’s Online Harms project. “What we want to move towards is a reset that results in a settlement that can balance the privacy and safety needs of all users.”
What that settlement would look like is unclear. The government has not repeated last decade’s calls to push for a law-enforcement-only backdoor into encrypted messaging apps, after such a demand was roundly rejected by an industry as technologically impossible. (The nature of end-to-end encryption, which prevents anyone but the sender and recipient from reading communications, is such that any backdoor would work not just for police but for anyone else who discovered it, from hackers to foreign intelligence agencies.)
Instead, the UK government and others have focused on their goals, rather than demanding specific methods to achieve them. “During my own recent discussions with my counterparts in the US, Canada, Australia and New Zealand, we were absolutely united and calling upon the industry to ensure that services are safe by design,” Patel said. “Companies themselves should do more, and can do more, to endorse and transparently implement the CFAA voluntary principles on child sexual abuse,” she added, referring to the new set of guidelines published last year by the five countries calling for better protection of children online.
However, Jim Killock, the executive director of the Open Rights Group, still sees the calls as “a kind of solutionism: people picking a particular way of solving a problem and saying: ‘This is how we must do things, this is the only way that we can deliver this result, it has to be this way.’”
“It is clear,” Killock adds, “that the privacy and security of both children and adults is served by security technologies including end-to-end encryption. So the question is: are there other ways to deal with the very real issues around circulation of child abuse material?”
“We cannot allow a situation where law enforcement’s ability to tackle abhorrent criminal acts and protect victims is severely hampered,” Patel told an event organised by the NSPCC children’s charity on Monday afternoon. “Simply removing accounts from platforms is nowhere near enough.”
Her comments are the latest push in a fight that goes back almost 30 years. The broad issue is the same as ever: governments and law enforcement are worried about what is being said on communications platforms they cannot easily monitor, while technology companies argue that the nature of encryption means they have to provide privacy for everyone or no one.
This time, though, the territory is slightly different. Facebook’s decision in 2020 to begin merging its various messaging platforms has added a sense of urgency. The move, which started when Messenger and Instagram merged in August, will eventually put those two platforms and WhatsApp all on the same network, with all chats being encrypted between them.
In a statement, Facebook said: “Child exploitation has no place on our platforms and Facebook will continue to lead the industry in developing new ways to prevent, detect and respond to abuse. End-to-end encryption is already the leading security technology used by many services to keep people safe from hackers and criminals. Its full rollout on our messaging services is a long term project and we are building strong safety measures into our plans.”
Hard as it is to convince technology companies to turn off encryption, it may be somewhat easier to convince them not to turn it on in the first place. And the NSPCC hopes that that conversation will be more successful if it avoids the same mistakes its precursors took. “We want to move away from this being seen as a vexing unresolvable tradeoff of an argument that pits the needs and the wishes of adults against those of children,” says Andy Burrows, the head of the charity’s Online Harms project. “What we want to move towards is a reset that results in a settlement that can balance the privacy and safety needs of all users.”
What that settlement would look like is unclear. The government has not repeated last decade’s calls to push for a law-enforcement-only backdoor into encrypted messaging apps, after such a demand was roundly rejected by an industry as technologically impossible. (The nature of end-to-end encryption, which prevents anyone but the sender and recipient from reading communications, is such that any backdoor would work not just for police but for anyone else who discovered it, from hackers to foreign intelligence agencies.)
Instead, the UK government and others have focused on their goals, rather than demanding specific methods to achieve them. “During my own recent discussions with my counterparts in the US, Canada, Australia and New Zealand, we were absolutely united and calling upon the industry to ensure that services are safe by design,” Patel said. “Companies themselves should do more, and can do more, to endorse and transparently implement the CFAA voluntary principles on child sexual abuse,” she added, referring to the new set of guidelines published last year by the five countries calling for better protection of children online.
However, Jim Killock, the executive director of the Open Rights Group, still sees the calls as “a kind of solutionism: people picking a particular way of solving a problem and saying: ‘This is how we must do things, this is the only way that we can deliver this result, it has to be this way.’”
“It is clear,” Killock adds, “that the privacy and security of both children and adults is served by security technologies including end-to-end encryption. So the question is: are there other ways to deal with the very real issues around circulation of child abuse material?”
