Facebook encryption plans could increase risk of online child abuse, MPs told
Facebook’s planned introduction of end-to-end encryption could ‘turn the lights out for law enforcement’ fighting online child sex abuse, MPs have heard.
Senior figures from the National Crime Agency (NCA) and the Internet Watch Foundation (IWF) told the Home Affairs Select Committee they are yet to see assurances from Facebook on the issue.
Facebook has previously announced plans to fully encrypt communications in its Messenger app as well as Instagram Direct – on top of WhatsApp, which is already encrypted – meaning no-one apart from the sender and recipient can read or modify the messages.
The social network said the system is designed to improve user privacy on its services.
However, Robert Jones, director of threat leadership at the NCA told the committee that such a system would make it far more difficult to detect abuse.
“I’m deeply concerned about the Facebook proposals. We have articulated those concerns to Facebook through policy officials and directly with them through bilateral meetings,” he said.
“What Facebook has been unable to explain is how, when you apply the end-to-end encryption model and you lose that insight and ability to look at hash values, to look at text, all of those things, how they will replace that with a regime that doesn’t effectively turn the lights out for law enforcement and prevents us from getting that insight.”
Mr Jones said it was known that contact via Facebook featured in many grooming cases, and this change could be seen by offenders as an opportunity to operate undetected.
“Offenders will look at things like Facebook, WhatsApp – anything with an end-to-end model and will realise very, very quickly that there is now less ability to inspect material on that platform,” he said.
“They are very clever, they are very cynical, they exchange tradecraft on the dark web and this will be a topic of conversation for them. So we’re deeply concerned – we’ve articulated why, in an evidence-based way, and I am worried for the future.”
Mr Jones said he hoped senior figures inside Facebook would be “gripped” by the issue, but added: “I don’t see anything publicly which describes their position in terms of mitigating that risk.”
Susie Hargreaves, chief executive of the IWF – the child online safety charity – said the group worked closely with Facebook on a number of programmes around mitigating abuse online and had urged the firm to publicly address the issue.
“We are also very, very concerned about the intention to encrypt Messenger and the impact that will have on the victims of online child sexual abuse and we are calling for equivalency,” she told MPs.
“So basically, we are asking Facebook to give assurances that child protection will not be hampered and that children and victims will be protected in some way, and as yet, none of us have seen any of those assurances. So I think across the whole child protection sphere, we are all concerned about the encryption of Messenger.”
Asked about the wider social media industry’s general response to tackling online child sexual abuse, Mr Jones said it was clear the sector needed to do more, arguing there was no excuse why more was not being done given the detection technology available to the major platforms.
He added that the response of social media firms was being “hampered by a lack of regulation”, and both he and Ms Hargreaves said the Government’s proposed Online Harms regulation was vital to improving this response.
In response to the evidence, NSPCC senior policy officer Rosy Roche called for the Government to speed up the bringing forward of Online Harms legislation.
“The NCA are right that tech’s response to online child abuse is being hampered by a lack of regulation and this unaccountability would not be tolerated for other industries,” she said.
“Police data shows that over half of recorded online grooming offences in England and Wales involved Facebook-owned apps, which makes it all the more important for Mark Zuckerberg to halt his plans to encrypt messaging services until and unless he can guarantee children’s protection.
“It’s time for the Government to urgently press ahead with laws that will create a regulator with the power to hold tech directors criminally accountable if their company’s design choices allow sexual abuse against children.”
Social media’s response to the issue of online fraud was also criticised during the committee session, with Commander Karen Baxter, the head of economic crime at the City of London Police telling MPs “stronger engagement” from the firms was needed on the issue of online fraud.
She said getting timely information around online fraud cases can be a “difficult road” and there were “significant delays” in the process which needed ironing out.
Graeme Biggar, the director-general of the National Economic Crime Centre added that major platforms needed to do more to communicate the risk of online scams and improve reporting procedures, saying “taking down sites being used for fraud isn’t as slick as it could be at the moment”.
When asked if fraud should be included as part of the Online Harms legislation, Commander Baxter said: “Without a shadow of a doubt.”