Photo by Towfiqu barbhuiya / Unsplash

Europol and National Crime Agency slam Meta over end to end encryption rollout

Meta helps bring together police chiefs… to slate Meta

Police chiefs across Europe have slammed Meta and other tech companies for rolling out “privacy measures” that will make it harder for authorities to counter organized crime and child abusers.

The call for “industry and governments to take action against end-to-end encryption rollout” came at a meeting in London over the weekend, and four months after Meta said it was “rolling out default end-to-end encryption for personal messages and calls on Messenger and Facebook.”

At the time Meta declared that it had “worked closely with outside experts, academics, advocates and governments to identify risks and build mitigations to ensure that privacy and safety go hand-in-hand.”

But police chiefs clearly don’t feel Meta has worked closely enough with them.

The joint declaration says law enforcement and the tech industry have “a shared duty to keep the public safe, especially children.” This depends on tech companies “reactively” providing data on suspected criminals using their services, as well as tech firms' ability to “proactively” identify criminal activity on their platforms, particularly around threats to children.

But, it continued, “We are, therefore, deeply concerned that end to end encryption is being rolled out in a way that will undermine both of these capabilities.”

The extension of encryption meant that “Companies will not be able to respond effectively to a lawful authority. Nor will they be able to identify or report illegal activity on their platforms.”

Societies should not tolerate spaces that are “beyond the reach of law enforcement” or allow themselves to be “blinded to crime” it continued.

“We do not accept that there need be a binary choice between cyber security or privacy on the one hand and public safety on the other. Absolutism on either side is not helpful,” the declaration said.

NCA: Child abuse does not stop just because companies choose to stop looking

The NCA said that Director General Graeme Biggar and Europol Executive Director Catherine de Bolle emphasised “the need for technology companies to maintain law enforcement’s lawful access to data, and to ensure their operating systems, devices and applications are safe by design.”

Biggar added, “Child abuse does not stop just because companies choose to stop looking.”

The rollout of encryption meant that “the vast majority of reports (92% from Facebook and 85% from Instagram) that are currently disseminated to UK police each year will be lost as a result of this decision” the agency claimed.

For its part, Meta told The Stack in a statement that, “The overwhelming majority of Brits already rely on apps that use encryption to keep them safe from hackers, fraudsters, and criminals.”

It insisted it was developing “robust safety measures” centred around online abuse, though this is unlikely to comfort police agencies targeting organized crime.

It added, “As we roll out end-to-end encryption, we expect to continue providing more reports to law enforcement than our peers due to our industry leading work on keeping people safe.” 

The extension of encryption is a massive headache for governments and law enforcement. Cracking the Encrochat network provided an intelligence bonanza for authorities battling organized crime.

The UK government is tying itself in knots trying to force online platforms to give law enforcement access to “encrypted” services.

However, this usually serves to demonstrate how little legislators – at least - understand technology, raising the possibility of other essential services being compromised. And it presents the prospect of services choosing to freeze out the UK entirely rather than produce services that meet Westminster’s demands.