Europol

Crime agency criticises Meta as European police chiefs call for curbs on end-to-end encryption

Law enforcement agencies step up demands for ‘lawful access’ to encrypted communications

Social media company Meta has come under fire as European police chiefs step up pressure against governments and tech companies over the use of end-to-end encryption to secure email and messaging services.

Police chiefs from 32 countries, including the UK, said in a declaration published on 21 April that tech companies were rolling out end-to-end encryption in a way that undermines the ability of law enforcement agencies to investigate crime.

The intervention comes as Parliament is in the final stages of introducing new powers under the Investigatory Powers Act that technology companies say could be used to prevent the deployment of end-to-end encryption without back-door access.

The National Crime Agency singled out Meta’s plans to deploy end-to-end encryption on its Facebook and Instagram services, raising fears it could lead to the loss of millions of reports annually of suspected child abuse.

NCA director Graeme Biggar said that while encryption can be hugely beneficial and protect the public from crime, technology companies were putting people at risk through their “blunt and increasingly widespread” roll-out of end-to-end encryption. “They cannot protect their customers as they are no longer able to see illegal behaviour on their own systems,” he said. “Child abuse does not stop just because companies choose to stop looking.”

The NCA argues that the “vast majority “of suspicious activity reports provided to UK police will be lost if Meta continues with its plans to provide encryption services on Instagram and Facebook.

Meta is responsible for the majority of referrals of suspicious activity by tech companies to the US National Centre for Missing and Exploited Children (NMEC).

Safeguarding children

Content from Facebook and Instagram has helped British police forces in safeguarding 1,200 children and arresting 800 suspects a month.

Europe’s police chiefs are also warning that in addition to making it difficult for tech companies to see what is being sent on their own networks, end-to-end encryption will hamper law enforcements’ ability to lawfully access data from technology companies to investigate serious crimes.

A declaration ratified by 32 European police forces in London and published on 21 April, said that police do not accept there has to be a binary choice between cyber security and privacy and public safety. “Our view is that technical solutions do exist; they simply require flexibility from industry as well as from governments,” it said. “We recognise that the solutions will be different for each capability, and also differ between platforms.

“We therefore call on the technology industry to build in security by design, to ensure they maintain the ability to both identify and report harmful and illegal activities, such as child sexual exploitation, and to lawfully and exceptionally act on a lawful authority,” it added.

Europol executive director Catherine de Bolle said: “Our homes are becoming more dangerous than our streets as crime is moving online. To keep our society and people safe, we need this digital environment to be secured.

“Tech companies have a social responsibility to develop a safer environment where law enforcement and justice can do their work,” she said. “If police lose the ability to collect evidence, our society will not be able to protect people from becoming victims of crime.”

The declaration followed an informal meeting of European police chiefs hosted by the National Crime Agency on 18 April. It was ratified by the UK; the 27 member states of the European Union; Norway; Switzerland; Iceland; and Liechtenstein.

Proposals will weaken security

Technology companies and cryptography experts, including a former chief executive of the national cyber security centre, have criticised claims that it is possible to provide police access to the contents of encrypted communications without weakening security or introducing back doors that could be exploited by hostile nation states or criminals.

A spokesperson for Meta said the company had developed tools to keep teenagers safe on its platforms and to identify malicious behaviour.

“The overwhelming majority of Brits already rely on apps that use encryption to keep them safe from hackers, fraudsters, and criminals. We don’t think people want us reading their private messages so have spent the last five years developing robust safety measures to prevent, detect and combat abuse while maintaining online security,” the spokesperson said.

“As we roll out end-to-end encryption, we expect to continue providing more reports to law enforcement than our peers due to our industry leading work on keeping people safe,” the spokesperson added.

Cryptowars: Read more about the debate over end-to-end encryption

Read more on Privacy and data protection

CIO
Security
Networking
Data Center
Data Management
Close