As Meta rolls out end-to-end encryption, police warn it is ‘no longer possible’ to keep children safe


Social media giant Meta announced Thursday that it has begun rolling out end-to-end encryption (E2EE) by default “for all personal chats and calls on Messenger and Facebook.”

This follows “years of investment and testing”. according to to Loredana Crisan, director of Messenger, who said the technology made the services “safer, more secure and more private”.

This decision will ensure that Meta users are protected against abusive legal demands from undemocratic governments. Overall, the company receives hundreds of thousands of government requests for user data each year, according to its Transparency Center – including thousands from Mexico in the first half of this year, of which only 56% were legitimate according to the company.

However, the implementation of end-to-end encryption, which means Meta cannot access the content of messages itself even if it has been legally ordered to do so, has caused huge concerns from users. law enforcement in democratic countries.

More than 87% of the UK’s 9,710 user data requests were responded to between January and June. A senior official at the UK’s National Crime Agency (NCA) said the decision was “extremely disappointing” and undermined the agency’s role in protecting children from sexual abuse and exploitation.

James Babbage Previously the head of Britain’s National Cyber ​​Force and now director general of threats at the NCA — said the social media company had “a significant responsibility to keep children safe on its platform and, unfortunately, this will not be no more possible “.

Meta currently submits thousands of reports each year to the U.S. National Center for Missing and Exploited Children (NCMEC) when it detects child predators on its platforms attempting to contact children, as well as millions of reports when users upload media containing sexual exploitation of children.

NCMEC warned that 70% of these reports – and between 85% and 92% according to the NCA – could be lost due to the implementation of E2EE, which they said would blind Meta monitoring teams to content revealing abusive behavior.

The company in turn claims that it is able to use other signals such as chat and message metadata to detect predators, similar to the tools it uses with WhatsApp.

But British security officials have argued that these signals are insufficient, noting that the bar is much lower for Meta to ban users based on suspicious signals than it is for law enforcement to pursue violators and protect the children.

Officials also argue that unlike WhatsApp – where a person needs to know another user’s number beforehand in order to contact them – the Meta platform is designed to help people discover other users.

According to the UK government, Meta’s reports to NCMEC led to more than 2,500 arrests and the protection of almost 3,000 children in the UK alone in 2017.

“This only concerns one country. It’s only a year away. This is based on references from a single company. That’s what we stand to lose,” said Chloe Squires, then director of national security at the Home Office.

The NCA estimates that there are between 680,000 and 830,000 adults in the UK “who pose some degree of sexual risk to children”.

Meta introduced a number of safety devices to secure the accounts of minor children, and says that in parallel with the development of new technologies to protect children, it works with industry and non-governmental organizations to regularly maintain these updates.

Babbage said: “Company-developed alternative security measures that rely solely on metadata will rarely, if ever, produce sufficient evidence for a search warrant. This means that in practice the volumes will be so large that they will likely have very little value. The onus should not be solely on children to report abuse.

Labyrinth Protocol

Although Meta has long used the Signal protocol to secure messaging for WhatsApp users, as explained in a white paper explaining how the company implements E2EE, the new system on its social media platforms will also use what the company calls its Labyrinth Protocol to manage server-side message storage.

A Meta spokesperson said the server-side storage system would not allow Meta to decrypt messages for law enforcement by adding another endpoint. They added that the protocol had been extensively reviewed by cryptography experts, including Matthew Green of Johns Hopkins University and Cooper Quintin of the Electronic Frontier Foundation.

The UK government has campaigned for years against Meta’s introduction of the technology, with Squires – now director-general of Homeland Security – in writing to the U.S. Senate Judiciary Committee in 2019.

In his written testimony, Squires attempted to gain congressional support for the UK’s technical capability notice regime, introduced in the Investigatory Powers Act (2016), which could allow the UK government to require Meta to preserve its ability to convey message content when served separately with a warrant.

Like before reported According to Sky News, there are major concerns over whether such power could be used on a US-based company without congressional approval.

An amendment to the Investigatory Powers Act is currently underway examined by Parliament intends to extend the scope of the law to explicitly cover a service like Meta providing “a telecommunications service to persons in the United Kingdom”.

The law also includes a legal obligation for companies not to make changes that would later make it impossible to comply with a technical capability notice, although Meta’s rollout on Thursday precedes this amendment taking effect.

Get more information with the

Future saved

Intelligence cloud.

Learn more.

No previous articles

No new articles

Alexandre Martin

Alexander Martin is the UK editor of Recorded Future News. He was previously a technology journalist for Sky News and is also a member of the European Cyber ​​Conflict Research Initiative.

Leave a comment