UK Home Secretary Priti Patel will badmouth Facebook’s use of end-to-end encryption on Monday evening as she links the security technology with paedophilia, terrorism, organised crime, and so on.
The ever-popular politician will say at the National Society for the Prevention of Cruelty to Children (NSPCC) event: “Sadly, at a time when we need to be taking more action, Facebook are pursuing end-to-end encryption plans that place the good work and progress achieved so far [on fighting the issue of child abuse] in jeopardy.”
Patel’s speech is intended to kickstart a fresh round of government campaigning against end-to-end encryption, as previewed by Wired a few weeks ago.
The British state is hostile towards end-to-end encryption; the idea of people being able to communicate privately without the government listening in seems intolerable to Whitehall. Bureaucrats’ favoured way of campaigning against messaging apps’ adoption of E2E encryption is to depict it as actively putting children into harm’s way.
Wired wrote that advisory firm PA Consulting has been paid by the Home Office to write a report talking up how E2E encryption protects “adults’ privacy at the expense of children’s safety.” In particular, the report will claim that methods for government agencies to read people’s messages in the E2E era will “almost certainly be less effective than the current ability to scan for harmful content.”
Zoom’s end-to-end encryption isn’t actually end-to-end at all. Good thing the PM isn’t using it for Cabinet calls. Oh, for f…
In a prepared statement, a Facebook spokesperson said E2E encryption’s “rollout on our messaging services is a long-term project and we are building strong safety measures into our plans.”
Law enforcement agencies claim that E2E encryption would make it more difficult for them to investigate crimes at all levels. Last year the National Crime Agency revealed the depth of splits within the establishment; the agency claimed a sex offender “wouldn’t have been caught” if Facebook had enabled E2E encryption, but also revealed that classic join-the-dots policing led to his identification and arrest.
Neither does E2E always pose a significant speedbump to police nowadays. French and Dutch police took down the Encrochat E2E phone network by deploying malware to all of its users that copied the contents of their handsets back to police-controlled servers. There is no reason in principle that this couldn’t be done under strict judicial pre-authorisation against named individual suspects in the UK.
Closer to home, 400,000 arrest, fingerprint, and DNA records were accidentally deleted by bungling Home Office officials, suggesting that time and effort spent railing against social media companies is better spent on teaching and reinforcing the basics of police record-keeping and investigatory techniques.
The only fully-thought-out plan for snooping on E2E encrypted chats was put forward by the National Cyber Security Centre’s technical chief, Ian Levy, who suggested police were automatically added to every single messaging app conversation as a “ghost user.” The Western infosec world laughed it out of the room. ®