Public funds to used for government-backed advertising campaign against end-to-end encryption, but security experts argue against the move
The British government is restarting its ongoing campaign against encryption, much to the frustration of those within the tech and security industries.
The ‘NoPlaceToHide’ advertising campaign, back by the government and public funds, launched on Tuesday with the claim that stopping end-to-end encryption will prevent child abusers from hiding online.
WhatsApp, Signal and Telegram already use end-to-end encryption, and Meta (Facebook) is also planning to roll it out on Facebook Messenger. But for years now the UK government (and other governments) have threatened to take action against encryption in general.
Governments around the world have been stung into action by a combination of law enforcement and child safety campaigners, who have for years railed against technology companies for permitting the encryption of potentially valuable data belonging to criminals and/or terrorists.
The Children’s Commission for England has previously warned that end-to-end encryption is threatening children’s safety online.
The central thrust of that report’s argument, is that plans by social media firms to increase the use of encrypted messages, would make it impossible for platforms to monitor content (which is kinda of the whole point about encryption).
In 2018 the UK’s National Crime Agency (NCA) listed encryption as one of the technologies making criminals’ jobs easier, as it makes it more difficult for law enforcement organisations to “collect intelligence and evidence”.
Therefore governments around the world have repeatedly pressured the tech industry to create so called backdoors to encryption systems.
In August 2018 for example the US government pressured Facebook to break its Messenger app, so law enforcement could listen to a suspect’s voice conversations in a criminal probe.
And in late 2019, the United States, UK, and Australian governments signed an open letter to Facebook alleging encryption helps child abuse, and demanded an encryption ‘backdoor’
CEO Mark Zuckerberg at the time stoutly defended his decision to encrypt the company’s messaging services.
That said, in August 2021 Facebook was reportedly recruiting artificial intelligence researchers in order to learn how to analyse the content of encrypted messages without having to decrypt them – so called ‘homomorphic encryption’.
Now in 2022, the ‘NoPlaceToHide’ advertising campaign is once again repeating this argument.
A campaign spokesperson told the BBC that rolling out E2EE would be “like turning the lights off on the ability to identify child sex abusers online.”
“We’re calling on social media platforms to make a public commitment that they will only implement end-to-end encryption when they have the technology to ensure children’s safety won’t be put in jeopardy as a result,” the spokesperson added.
The campaign added that it wanted to work with tech companies to find solutions that protected children and privacy.
“Social media has many benefits and is an important part of life for many people,” said the campaign, and admitted that end-to-end encryption is valuable technology designed to keep people’s data and conversations safe.
“We are not opposed to end-to-encryption in principle and fully support the importance of strong user privacy,” it claimed. “Instead, our campaign is calling for social media companies to work with us to find a solution that protects privacy, without putting children at even greater risk.”
It said however it is seeking to stop some “social media platforms planning to introduce end-to-end-encryption, which scrambles messages so that only the sender and receiver can see what is being shared.”
But the tech industry has long argued that banning encryption is a fundamental mistake, and shows a lack of understanding about how the technology works.
“The ongoing privacy vs security debate itself is dangerous and puts users at risk with very conflicting information,” noted Jake Moore, the former Head of Digital Forensics at Dorset Police who is now the Global Cybersecurity Advisor at ESET, who run the campaign Safer Kids Online.
“When the government suggests that the removal of encryption in fact helps child safety, it fuels the argument that it is damaging,” said Moore. “However, it is simply not true and in fact weakens the security and privacy of millions of people and businesses.”
“If large, popular messaging platforms are forced to remove encryption, the criminals that the government are targeting will be savvy enough to use already available alternatives which will not come under the same jurisdiction,” said Moore. “It may even push the children the government are wanting to protect into using these third party alternatives in the name of privacy and encryption.”
“This endless argument seems to be going round in circles highlighting that security is being completely misunderstood by the government,” said Moore. “Without the use of encryption, there are far bigger problems at risk.”
As the arguments continue to rage about encryption, there are rumours that certain Western intelligence agencies do have the ability to crack some forms of encryption.
Back in 2013, leaks from Edward Snowden hinted that US and UK intelligence agencies had covertly implanted zero-day flaws in widely used security software and had broken encryption used by the most popular websites and online services.
It is thought the American NSA and British GCHQ already have the supercomputing power to crack 512-bit encryption in just a few minutes.
The NSA is widely believed to be capable of breaking 1024-bit encryption as well.