In the UK, the government and a group of aid organizations are urging the public to pressure Facebook not to put an “end-to-end password” (E2EE) on its messaging service Messenger.
It is stated that if Facebook introduces the “ultra-secure messaging system”, more children will be at risk of harassment online.
The public debate is expected to be fierce. Privacy advocates and tech companies say the system is essential for personal privacy and data security.
The struggle that started in the UK is being watched closely, as many governments around the world want to put an end to end-to-end encryption as it stands.
For years, the UK, Australia, Canada, New Zealand, the US, India and Japan, as well as Interpol and the UK’s crime-fighting agency NCA, have criticized the technology.
Meanwhile, billions of people using WhatsApp, iMessage and Signal have adopted end-to-end encryption technology.
Encryption, a method of scrambling data to make what is written unreadable. We use encryption technology on the Internet every day, without even realizing it.
The little padlock in the top corner of your internet browser, for example, indicates that the information you send and receive on the BBC’s servers is encrypted. This means that anyone who gets hold of the data cannot read it.
This is especially important for sensitive internet transactions such as internet banking and e-mail.
The system works by agreeing a secret password between a website or application and our devices. All information we send to the relevant services over the Internet is encrypted before being sent.
When it reaches the company we communicate with, it is deciphered with the secret password agreed upon.
Everyone welcomes this type of encryption, because it protects our information from hackers and criminals while we surf the Internet.
However, this data can be read by the companies that process the information, and the security forces or the police can request any message the company hides from the companies.
What is end-to-end encryption?
This is part of the daily evidence-gathering activities of police around the world to apprehend convicts and suspects.
End-to-end encryption goes one step further. The secret code agreed upon by the sender and receiver is so secret that even the company processing the data does not know the code.
This means that only the recipient can decode messages, photos and calls.
The easiest way to understand how the system works is to imagine that you want to receive a letter in the mail that only you can read.
You’re sending someone a box whose key only you own. They put their letters inside and when they close the box they lock it. Then they send you the one-of-a-kind key to unlock. The digital version of the lock box is known as the “Public key”, while the key unique to you is called your “private key”.
The system is loved by those who care about their privacy, as it hides data from everyone. Even the messaging company cannot decipher the data you send.
But authorities dislike this system as they have no way to read messages, view photos or listen to conversations even if they suspect criminal activity.
Is end-to-end encryption dangerous?
The UK campaign focuses on potential dangers to children.
A spokesperson for the campaign, called No Place to Hide, says engaging E2EE is “losing the ability to detect those who abuse children online.”
They say the police won’t be able to read any messages that abusers can send to children via Facebook Messenger.
“We are calling on social media platforms to make a commitment that they will only engage end-to-end encryption when they have the technology to prevent children from being compromised as a result,” a campaign spokesperson said.
According to the U.S. National Center for Missing and Exploited Children (NCMEC), 21.7 million reports were received in 2020 that content showing child sexual abuse was shared on social media.
Opponents say that 14 million of these reports would not be received if end-to-end encryption was more widely used.
They also want to work with tech companies to find solutions to protect children and privacy at the same time.
What does Facebook say?
Meta delayed its plans to launch the end-to-end technology on Facebook Messenger and Instagram in November until 2023, after pressure from child safety groups.
“As a company that has connected billions of people around the world and found industry-leading technologies, we are committed to protecting people’s private communications and keeping them safe online,” said Antigone Davis, Meta’s Global Head of Security at the time.
The company has announced a series of measures to protect children. These include artificial intelligence that detects unusual patterns in messaging behavior and automatically turns anyone under the age of 18 into a “private account” or “friends only” account.
Is there a way to make both parties happy?
Since this debate began in 2017, governments and charities have been calling for a technological way for security forces to read end-to-end encrypted messages.
But many cybersecurity experts say it’s impossible to create a security force vacuum or “backdoor” without undermining the core principles of the technology.
Users will have to believe that their security forces will not abuse the secret backdoor password.
This is worrying for countries where end-to-end encryption is the only way people can communicate securely and without censorship.
If the UK government can persuade Meta to come up with a new kind of system, there is no doubt that it will spread to end-to-end encrypted applications used by billions of people in many parts of the world.