ar130405 - Fotolia
IT professionals wary of government campaign to limit end-to-end encryption
Members of the Chartered Institute of IT, the professional body for technology professionals in the UK, warn against limiting end-to-end encryption
IT professionals have spoken out against a government-backed campaign to limit end-to-end encryption, arguing that it will not make the world safer and is likely to cause more harm than good.
In a survey carried out by BCS, The Chartered Institute for IT, 78% of industry professionals said they did not believe restricting the use of end-to-end encryption (E2EE) in messaging would protect users.
The poll of 1,000 IT professionals was launched in response to the UK government-backed No Place to Hide campaign, which warns that further roll-out of end-to-end encryption would make it more difficult to police child sexual abuse.
The Home Office-backed campaign claims that social media sites are “willfully blindfolding” themselves to child sexual abuse by introducing end-to-end encryption on messaging services.
Meta, the owner of Facebook, has come in for particular criticism over its plans to introduce end-to-end encryption to its Instagram and Facebook messenger services.
End-to-end encryption is already widely available in messaging apps such as Signal, Telegram, Wickr and Meta’s WhatsApp, which offer varying degrees of security, depending on how they are configured.
A steering group of charities, led by Barnardo’s, the Lucy Faithful Foundation, the Marie Collins Foundation and SafeToNet, are driving the work. Police forces, including the National Crime Agency (NCA), are also backing the campaign.
“Rolling out end-to-end encryption without safety measures in place would be like turning the lights off on the ability to identify child sex abusers online. These plans will mean that social media companies can no longer see the abuse that happens on their platforms,” the campaign groups said in January.
Ukraine war – not the time to weaken security
BCS director of policy Bill Mitchell said: “Whilst we can appreciate the government’s aim is to make the internet a safer place, a balance has to be struck when it comes to end-to-end encryption.
“Now is not the time to weaken technology that is so fundamentally important to our security. There should be more exploration of the alternatives before we go down the road of rolling back E2EE, especially in this time of war, when secure messaging is a vital tool for truth-telling across the world.”
According to the poll, 66% of specialists said restricting end-to-end encryption would have a negative impact on protecting society at large.
Encrypted messaging has since become increasingly important to the people of Ukraine, with a large rise in usage being reported, including by journalists, the BCS said.
Some 70% of IT professionals were not confident it was possible to have both truly secure encryption and the ability to check encrypted messages for criminal material.
Risk to confidentiality
Many industry experts said they were worried about the possibility of increased surveillance from governments, police and the technology companies that run the online platforms. Other concerns were around the protection of financial data from hackers if end-to-end encryption was undermined.
There were concerns that wider sharing of “secret keys”, or centralised management of encryption processes, would significantly increase the risk of compromising the confidentiality they are meant to preserve.
BCS’s Mitchell said: “It’s odd that so much focus has been on a magical backdoor when other investigative tools aren’t being talked about. Alternatives should be looked at before limiting the basic security that underpins everyone’s privacy and global free speech.”
Government and intelligence officials are advocating, among other ways of monitoring encrypted material, technology known as client-side scanning (CSS) that is capable of analysing text messages on phone handsets and computers before they are sent by the user.
Proposals by Apple to compel iPhone users to accept updates that would automatically and covertly search shared images for possible abuse material and send reports to Apple or law enforcement agencies were condemned by 14 top computer scientists and cryptographers in October last year.
They concluded in a research paper, Bugs in our pockets: The risks of client-side scanning, published by Columbia University, that the plans were unworkable, vulnerable to abuse, and a threat to safety and security, citing more than 15 ways in which states or malicious actors, and even targeted abusers, could turn the technology around to cause harm to others or society.
The No Place to Hide campaign states: “We are not opposed to end-to-encryption in principle and fully support the importance of strong user privacy. Instead, our campaign is calling for social media companies to work with us to find a solution that protects privacy, without putting children at even greater risk.”
Read more about the debate on end-to-end encryption
- John Carr, a child safety campaigner backing a government-funded campaign on the dangers of end-to-end encryption to children, says tech companies have no choice but to act.
- Information commissioner criticises government-backed campaign to delay end-to-end encryption.
- Government puts Facebook under pressure to stop end-to-end encryption over child abuse risk.
- Former UK cyber security chief says UK government must explain how it can access encrypted communications without damaging cyber security and weakening privacy.
- Barnardo’s and other charities begin a government-backed PR campaign to warn of the dangers end-to-end encryption poses to child safety. The campaign has been criticised as ‘one-sided’.
- Apple’s plan to automatically scan photos to detect child abuse would unduly risk the privacy and security of law-abiding citizens and could open up the way to surveillance, say cryptographic experts.
- Firms working on the UK government’s Safety Tech Challenge suggest scanning content before encryption will help prevent the spread of child sexual abuse material – but privacy concerns remain.
- Private messaging is the front line of abuse, yet E2EE in its current form risks engineering away the ability of firms to detect and disrupt it where it is most prevalent, claims NSPCC.
- Proposals by European Commission to search for illegal material could mean the end of private messaging and emails, says MEP.
Read more on IT legislation and regulation
-
Crime agency criticises Meta as European police chiefs call for curbs on end-to-end encryption
-
Tech firms cite risk to end-to-end encryption as Online Safety Bill gets royal assent
-
Parliament passes sweeping Online Safety Bill but tech companies still concerned over encryption
-
Braverman puts pressure on Meta to pause end-to-end encryption plans