The rise of end-to-end encryption (E2EE) for consumer apps has become a hot topic - blurring the lines between privacy and safety and sparking debates about the challenges faced by law enforcement agencies and the importance of protecting individual privacy.
The latest in the debate sees Meta CEO Mark Zuckerberg and the UK government going head-to-head over plans to introduce end-to-end encryption into all applications owned by the Silicon Valley giant.
Whilst the likes of Meta and Apple move forward with their plans to provide complete user privacy, the emerging UK Online Safety Bill requires technology companies to provide a ‘technical backdoor’ to allow law enforcement agencies to access illegal material.
As the world watches on, it’s a fight to the death it seems with Zuckerberg threatening to leave the UK market if forced to back down on his plans.
The very nature of end-to-end encryption is to safeguard individual privacy, prevent unauthorised access to personal data, and ensure only intended recipients can decipher the information shared. To compromise that level of security, even in support of criminal convictions (particularly in cases involving national security threats and child safety) many privacy advocates say it undermines an individual's fundamental right to privacy.
Besides, if scanning technology were introduced (aside from weakening the spirit of encryption), it may not always be accurate or helpful for law enforcement. Think back to Google’s mishaps with finding false-positive CSAM on a father’s Android or Apple’s delayed CSAM detection feature. The New York Times also reported on instances where Google, Microsoft, Yahoo, and DuckDuckGo failed to detect abusive materials, and refused to remove them upon receiving reports.
However, these exceptions are not trivial matters and those who oppose the actions of Meta are fearful of the repercussions should personal privacy prevail over the ability to protect vulnerable individuals and prevent unlawful activities.
The government has a responsibility to protect its citizens from terrorism and crimes against children. And whilst the Online Safety Bill proposal may present personal concerns, the short and long-term outcomes of preventing crimes like terrorism and sexual exploitation of children will far outweigh any breach of privacy.
In the words of Erik Neuenschwander, Apple’s Privacy Chief, with regards to their 2019 attempt at CSAM detection, “If you’re storing a collection of C.S.A.M. material, yes, this is bad for you. But for the rest of you, this is no different.”
Neither side of the argument is looking to budge. Is there a way forward?
Balancing privacy and safety is not a straightforward task. It is likely to make the job of law enforcement a bit more challenging, but it is not impossible by any means.
A middle-ground solution backed by many privacy advocates is to increase funding, resources, and education for specialised online crime units of law enforcement. With increased artillery of technological knowledge and funding, online crime could be fought without introducing widespread cyber risks–although, it’s not a perfect solution.
The technology exists today and enables engineers and authorised data scientists to securely query sensitive information without ever decrypting the underlying data. It may not placate the fervent naysayers on either side of the argument but it would certainly ensure a world that can fundamentally respect an individual's right to privacy without sacrificing its ability to investigate and fight crime.