End-to-end encryption would make Facebook a ‘honeypot’ and a ‘superplatform’ for paedophiles, according to one official at the National Crime Agency (NCA).
Rob Jones, director of threat leadership at NCA, criticised the social network for its plans to introduce the security standard to both Facebook Messenger and Instagram, which Facebook also owns.
End-to-end encryption ensures only the two participants of a chat stream can read messages, and no one in between – not even the company that owns the service.
Jones called end-to-end encryption – which is already used on Facebook-owned WhatsApp – a ‘high-risk experiment’ and a ‘disaster for child safety and law enforcement’.
He said the communications system puts the ‘pursuit of profit above the safety of the people on their platform, particularly children’.
There is even a ‘very real risk’ that more child sex offenders could move to Facebook if end-to-end encryption is installed on the platform, according to Jones.
He also revealed that the NCA had received just under 24,000 child abuse tip-offs from Facebook and Instagram last year, but only 308 from WhatsApp.
The figures suggest that more criminals go undetected on WhatsApp because it features end-to-end encryption.
End-to-end encryption ‘poses an existential threat to child protection’, a senior National Crime Agency (NCA) official has claimed
Facebook’s founder Mark Zuckerberg announced plans for end-to-end encryption on Messenger and its wider family of apps (including Instagram) in spring 2019 – but the change has been heavily delayed and is still yet to be enforced.
Facebook wouldn’t comment on Friday regarding when exactly it plans to bring end-to-end encryption to Messenger and Instagram, describing it as a ‘long-term project’.
Its plan has since attracted criticism from the likes of Home Secretary Priti Patel and Detective Chief Superintendent Kevin Southworth, head of Britain’s squad of anti-terrorist, as well children’s charity NSPCC.
NCA has also long been highly critical about the proposed move.
‘There is a stark difference between a platform that refers content and a platform that can’t,’ Jones told the Times.
‘If the end-to-end model is based on WhatsApp, I’m worried. It feels like a high-risk experiment.
‘The lights go out and you’re effectively guessing what’s going on in that platform.’
Up to now, Facebook has been ‘a huge help’ to lawful investigations and child safeguarding, Jones said.
In 2019, Facebook made 15.8 million global referrals of child sex abuse material.
‘But their plans will create a haven for child sex offenders to congregate to target children,’ Jones added.
‘It’s not too late for Facebook to change their mind.’
Facebook built end-to-end encryption into WhatsApp after the company acquired it for about $19 billion in 2014.
WhatsApp has consistently and proudly reiterated its commitment to end-to-end encryption.
‘Strong encryption is a necessity in modern life,’ WhatsApp says. ‘We will not compromise on security because that would make people less safe.’
The ‘unbreakable digital lock’ keeps the contents of messages secure and viewable to no-one except the sender and the recipient.
Despite being much touted by WhatsApp as a leading security standard for online messaging, it means company staff can’t identify child sex offences in the form of messages and video sent between the abuser and the victim.
Facebook CEO Mark Zuckerberg (pictured). Facebook-owned WhatsApp already has end-to-end encryption, but Zuckerberg wants to introduce it to its wider family of apps, which also includes Messenger and Instagram
On WhatsApp, whether or not the abuser is caught relies on tip-offs stemming from the child being abused.
Facebook, meanwhile, relies on a combination of algorithms and staff people to detect illegal activity – such as sexual abuse of minors.
But introducing end-to-end encryption to Facebook Messenger and Instagram, which also has an in-built messaging stream, will shut these detection methods out.
Speaking at a virtual press earlier this month, Jones pointed out that the proposed move ‘poses an existential threat to child protection’ and appears to put profits ahead of the safety of its users.
Jones said that Facebook’s ‘balance between business objectives and public protection is wrong’.
‘They appear to be putting profit, and the pursuit of profit, above the safety of the people on their platform, particularly children.’
His comments followed the sentencing of prolific paedophile David Wilson, 36, at Ipswich Crown Court for 96 child sex abuse offences on February 10.
Wilson used fake social media profiles to pose as girls and get young boys to send him indecent images, and he approached up to 5,000 boys online.
Andy Burrows, NSPCC head of child safety online policy, said: ‘Wilson’s prolonged campaign of sexual abuse was exposed following a large-scale investigation by the NCA.
‘If it wasn’t for the evidence provided by Facebook this would not have been possible and many more children could have been exploited.
‘Despite this case highlighting the importance of tech companies being able to detect and disrupt abuse on their sites, Facebook still wants to proceed with end-to-end encryption which could prevent its moderators from uncovering prolific abuse.’
In 2020, Facebook also sent 12 million CyberTips to the US National Centre for Missing and Exploited Children, which receives industry referrals before disseminating them to law enforcement agencies to investigate.
Jones said Facebook has ‘invoked tooling on their network which detects these images’ and refers them to law enforcement, which he called ‘great’.
But end-to-end encryption ‘effectively locks them out of their own network and locks them out of their own product and the material that’s on that network’ he added.
WhatsApp has consistently and proudly reiterated its commitment to end-to-end encryption
‘What it creates is a private space where people like Wilson can masquerade as children, engage with children, groom them and potentially develop either coercive control of that individual and get them to abuse themselves and send images to them, or to meet them in the real world and abuse them directly themselves.’
The NCA is asking to ‘maintain a position where Facebook can access their own material and report unlawful abuse of children online to the NCA and to international law enforcement’.
A Facebook company spokesperson told MailOnline: ‘Child exploitation and grooming have no place on our platforms.
‘Facebook has led the industry in developing new ways to prevent, detect, and respond to abuse and we will continue to work with law enforcement to combat criminal activity.
‘End-to-end encryption is already the leading technology used by many services to keep people safe online and we will continue to invest in finding more ways to detect and fight these heinous crimes.’
‘WhatsApp already bans around 300,000 accounts each month suspected of sharing child exploitative imagery, and has increased the amount of reports provided to child safety authorities with further technology developments.’
In his 2019 blog post announcing plans to bring end-to-end encryption to Facebook, Zuckerberg said there was a balance to be found between privacy from end-to-end encryption and protecting people.
He said he’d spoken with dissidents who told him that encryption is ‘the reason they are free, or even alive’.
‘On balance, I believe working towards implementing end-to-end encryption for all private communications is the right thing to do,’ Zuckerberg wrote.