NPCC warns Meta’s roll-out of end-to-end-encryption ‘putting safety of children at risk’

Meta has announced that end-to-end encryption will now be present by default in Messenger and Facebook.

The NPCC says Facebook has a “hugely positive” record of working with law enforcement in the UK and worldwide to protect children from child sex offenders.

However, it says this is being put at risk by Facebook’s roll out of end-to-end encryption, which will effectively “blind it to these horrific crimes taking place on its platform”.

“This will dramatically reduce their ability to provide law enforcement with the evidence they need to prosecute,” it added.

The Internet Watch Foundation (IWF) said it is “outraged” at Meta’s “catastrophic” decision to roll out end-to-end encryption, which it says will allow illegal and harmful content to spread undetected on its platforms.

“End-to-end encryption will mean Meta’s current apparatus for detecting known child sexual abuse imagery will be rendered useless, meaning the company will be unable to spot criminal material being spread through its channels,” the IWF said.

“Introducing this technology without first putting in place a solution to prevent this abuse is, in effect, providing a safe space for criminals to spread abuse imagery with impunity.”

The NPCC lead for child protection, abuse and investigation, Ian Critchley, said: “On average policing arrests 800 suspected offenders a month and safeguards on average 1,200 children a month in relation to child sexual exploitation (CSE) offences.

“There are staggering numbers of reports coming from social media companies with a large volume of them coming from Meta owned sites.

“However, the introduction of Meta’s new end-to-end encryption (E2EE) will have a dangerous impact on child safety. Meta will no longer be able to see messages from online groomers which contain child sexual abuse material and therefore they won’t be able to refer it to the police.

“Being able to identify the ways that criminals are targeting and grooming our children and vulnerable people online is vital. Not only can this evidence help secure prosecutions but it can also identify victims so police can bring an end to their exploitation.

“By introducing end to end encryption, social media companies are putting the safety of children at risk without providing an alternative, whilst also ignoring warnings from child safety charities and experts. There is a moral responsibility on media companies to ensure this does not happen.”

He added: “Policing is not against privacy or encryption in general, however, it cannot be done at the expense of a child’s safety. We know children will always be online and that paedophiles will continue to go to those same online spaces to target, groom and abuse them. We know that the problem is increasing all the time and the introduction of E2EE will lead to more children becoming victims and having their lives destroyed by something that was preventable.

“Our message to tech companies is simple: work with us and do not implement new technical designs that will stop you and law enforcement from protecting the public. It is imperative that the responsibility of safeguarding children online is placed with the companies who create spaces for them.

“I am also confident that OFCOM as the regulator of the Online Safety Act will ensure that Meta are held to account for child sexual abuse material being distributed on their platforms without the required and necessary safeguards being in place that E2EE will severely reduce.

“Policing will not stop in its fight against those who commit these horrific crimes. We cannot do this alone, so while we continue to pursue and prosecute those who abuse and exploit children, we repeat our call for more to be done by companies in this space.”

The NPCC says child sex offenders are “increasingly exploiting social media sites to abuse children”. Tech firms working with law enforcement is crucial to tackling online child sexual abuse.

It added: “Online platforms who claim to be responsible, and in particular those allowing users to discover people they don’t know, should not want to help criminals abuse others.

“We want companies like Facebook to remain shoulder to shoulder with UK law enforcement on the frontline of tackling child abuse. They can do this by continuing to detect and report abuse, then provide the evidence that enables policing to act.

“We are also clear that robust two factor authentication on devices, and age and identity verification procedures are vital in respect of encrypted services and platforms.

“It is the National Crime Agency’s (NCA) assessment, informed by research with offenders, that identity verification acts as a powerful disincentive to online offending.”

Susie Hargreaves OBE, chief executive of the IWF, said: “We are outraged Meta has chosen to prioritise the privacy of paedophiles over the safety of our children. We strongly urge other platforms not to follow this dreadful example.

“This catastrophic decision to encrypt messaging services, without demonstrating how protection for children won’t be weakened, will lead to at least 21 million reports of child sexual abuse going undetected. Meta is effectively rolling out the welcome mat for paedophiles.

“The company has a strong track record in detecting large amounts of child sexual abuse material before it appears on its platforms. We urge Meta to continue this vital protection. We know it already take steps to prevent malware within WhatsApp, an end-to-end encrypted messaging environment, so why can’t it use the same technology to do the same for child sexual abuse?

“What will Meta’s bosses say to children who have suffered sexual abuse, whose trauma will be compounded by their decision not to preserve their privacy? How will they justify turning a blind eye to this illegal and harmful content being spread via their platforms?

“It is now up to Ofcom to show its teeth and demonstrate it is serious about protecting the privacy and safety of some of the most vulnerable people in our society.”

She says there is strong evidence end-to-end encrypted apps are also favoured by criminals to contact, groom, and abuse children in the first place.

The NCA estimates that if Meta continues to roll out end-to-end encryption as planned, it would result in the loss of the vast majority of reports (92 per cent from Facebook and 85 per cent from Instagram) of detected child abuse that are currently disseminated to UK police each year.

James Babbage, Director General for Threats at the NCA, said: “It is hugely disappointing that Meta is choosing to roll out end-to-end encryption on Facebook Messenger. They have an important responsibility to keep children safe on their platform and sadly, this will no longer be possible.

“Today our role in protecting children from sexual abuse and exploitation just got harder.

“For years Meta has supported law enforcement by identifying and reporting instances of child sexual abuse to the National Center for Missing and Exploited Children in the US, as they are obliged to do under US law.

“NCA officers and our partners in policing work day in day out to analyse these reports and progress investigations. Together, we are safeguarding 1,200 children and arresting around 800 suspects every single month.

“Unfortunately, this important work is now at risk. As a result of Meta’s design choices, the company will no longer be able to see the offending occurring on their messaging platform, and law enforcement will no longer be able to obtain this evidence from them.

“This problem won’t go away; if anything it will likely get worse. Offenders will still use Facebook Messenger to send illegal material, and will use the vast quantity of data shared on the platform about children to select and groom future victims.

“The alternative safety measures developed by the company relying on metadata alone will rarely, if ever, produce sufficient evidence for a search warrant. This means that in practice, the volumes will be so great that they are likely to be of very little value.

“The onus should not be entirely on children to report abuse.

“The NCA, with our partners in the UK and overseas, will continue to do everything in our power, to safeguard children and identify offenders.”

Finnish child protection agency Suojellaan Lapsia (Protect Children) has published a report warning encrypted services and messaging apps are being used to contact children and view child sexual abuse material.

According to the report, perpetrators who view child sexual abuse imagery are likely to seek direct contact with a child afterwards.

The report says 37 per cent of respondents to their survey said that they have sought contact with a child, most of them using platforms on the open web to do so. The report says 25 per cent of respondents say that they have sought contact with a child via an encrypted messaging app.