Certain uses of encryption technology pose challenges to public safety, including to highly vulnerable members of society such as sexually exploited children, according to a statement issued earlier this week by the United States Department of Justice and signed by six other nations.
The communique warns that a company’s ability to identify and respond to illegal content and activity including child sexual exploitation or abuse, violent crime, and terrorist propaganda and planning, could be “severely undermined” by end-to-end encryption “that precludes lawful access to the content of communications in any circumstances”.
Use of end-to-end encryption could also prevent law enforcement agencies from investigating serious crimes and protecting national security by accessing content “where necessary and proportionate” and “where there is lawful authority to do so”.
The statement, which was prompted by proposals to apply end-to-end encryption across major messaging services, is undersigned by representatives from the US, UK, Australia, New Zealand, Canada, India and Japan.
A 2019 “Global Threat Assessment” report by the WePROTECT Global Alliance – a coalition of 97 countries, 39 large tech companies and 41 civil society organisations dedicated to ending the online sexual exploitation of children – stated that:
“Publicly-accessible social media and communications platforms remain the most common methods for meeting and grooming children online. In 2018, Facebook Messenger was responsible for nearly 12 million of the 18.4 million worldwide reports of CSAM [child sexual abuse material to the US National Center for Missing and Exploited Children (NCMEC)]. These reports risk disappearing if end-to-end encryption is implemented by default, since current tools used to detect CSAM [child sexual abuse material] do not work in end-to-end encrypted environments.”
In a joint statement released in December 2019, the US and EU said that: “the use of warrant-proof encryption by terrorists and other criminals – including those who engage in on-line child sexual exploitation – compromises the ability of law enforcement agencies to protect victims and the public at large”, despite acknowledging the importance of encryption in ensuring cyber security and fundamental rights such as privacy.
This week’s communique calls upon tech companies to embed the safety of the public in system designs to enable companies to take action against illegal content and activity and facilitate the investigation and prosecution of offences; to allow law enforcement to access content in “a readable and usable format where an authorisation is lawfully issued, is necessary and proportionate’; and to consult with governments to facilitate legal access.
The statement concludes: “We reiterate that data protection, respect for privacy and the importance of encryption as technology changes and global Internet standards are developed remain at the forefront of each state’s legal framework. However, we challenge the assertion that public safety cannot be protected without compromising privacy or cyber security. We strongly believe that approaches protecting each of these important values are possible and strive to work with industry to collaborate on mutually agreeable solutions.”
Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.
Reserve your place today and gain access to the entire event free of charge. With all sessions available to view live or on-demand, you can build a personalised agenda based on your key focus topics and make the event fit around your work schedule.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.