The National Crime Agency has said that end-to-end encryption risks “turning the lights out” for law enforcers trying to prevent child abuse, after the UK data watchdog said failure to introduce strongly encrypted messaging poses a risk to children.
The NCA said referrals from social media companies led to 500 arrests and safeguarded 650 children every month in the UK, but that will become “much more challenging” to achieve under widespread use of end-to-end encryption.
The NCA was responding to an intervention by the Information Commissioner’s Office (ICO) in the debate over end-to-end encryption, which is taking place against a backdrop of plans by Mark Zuckerberg’s Facebook Messenger and Instagram apps to incorporate end-to-end encryption on messages next year. The ICO said on Friday that delaying the introduction of end-to-end encryption in communications put everyone at risk, including children, saying that it played an important role in safeguarding privacy and online safety.
Nevertheless, Rob Jones, a director general at the NCA, said: “Strong encryption protects users’ privacy and can provide many benefits, but any move to E2EE [end-to-end encryption] also needs to include measures which maintain the ability to protect children and identify images of abuse. A jump to E2EE without this capability risks turning the lights out for law enforcement worldwide.”
Last year the NCA, which fights serious and organised crime, said serial sex offender David Wilson had used Facebook Messenger and claimed he might have escaped justice if his messages had been end-to-end encrypted.
Jones said tipoffs from tech companies on illegal content played a significant role in combatting abuse. “The nub of the cyber tip regime, used by industry to report child sexual abuse, is content and that allows a very fast dynamic law enforcement response because it enables us to develop suspicion, belief or in other jurisdictions, probable cause. That content will go if the current privacy model lands in the way it’s been described. So all those tips are at risk – all of those tips.”
Stephen Bonner, the ICO’s executive director for innovation and technology, said on Friday that accessing encrypted content was not the only way to catch abusers. He pointed to other methods used by law enforcement including infiltrating abuse rings, listening to reports from children targeted by abusers and using evidence from convicted abusers.
Child safety campaigners have said the encryption plans would prevent law enforcement and tech platforms from seeing messages by ensuring that only the sender and recipient can view their content – a process known as end-to-end encryption. This week a new government-backed campaign was launched saying strong encryption risked “blindfolding” social media companies to abuse.
People’s data in the UK is covered by the General Data Protection Regulation, which states that encryption is one of the security measures that processors and controllers of data – like social media companies – should consider in relation to keeping data secure.