Ebene Magazine – The government is pressuring Facebook to stop end-to-end encryption because of child abuse risks

0
1

Home Secretary Priti Patel will use a conference organized by the NSPCC today to warn that end-to-end encryption will severely affect the ability of tech companies to monitor illegal content, including child abuse and terrorism.

The Intervention by the interior minister is the latest salvo in a long-standing battle between ministers and secret services against the growth of end-to-end encryption.

Patel will discuss the “next steps to ensure child protection” at a round table organized by the NSPCC When it comes to end-to-end encryption, “speak out and warn that the end of encryption could deprive law enforcement agencies of millions of reports of activity that could put children at risk.

 » Unfortunately, at a time when we are tracking us need to take more action, end-to-end encryption plans that jeopardize the good work and progress made so far, « will they anticipate saying.

« The insult will continue, the images of children being molested will multiply – but the company intends to use end-to-end encryption that prevents any access to messaging content to blind for this problem. « 

The Home Office estimates that 12 million reports of potential child abuse could be lost if Facebook implements end-to-end encryption on Facebook Messenger and Instagram, increasing the risk of exploitation Children or other serious harm.

The NSPCC will present research at the event, which will be attended by experts from the fields of child protection, civil society and law enforcement from the UK, USA, Canada, Ireland and Australia to show that more than half of adults in the UK believe that children can be recognized for abuse of bil This is more important than the protection of privacy.

End-to-end encryption is often used by Internet messaging services such as Signal, Telegram, e-mail services such as Protonmail and mailbox.org as well as WhatsApp messaging Service used by Facebook to protect the privacy of personal information and messages.

A report released today by the NSPCC based on research by PA Consulting argues that technology companies are compromising adult privacy at the expense of their duty to care for children Priority. The executive director of NSPCC, Peter Wanless, argues that end-to-end encryption is the technology used by social media companies to identify and care and sexual images of child abuse Detecting abuse in private messages could render it « unusable. » « Private messaging is at the forefront of child sexual abuse, however the current debate about end-to-end encryption carries the risk of leaving children unprotected where there is most harm, « he said.

According to NSPCC, Facebook’s proposals for end-to-end encryption are End encryption is particularly risky as snow groomers can use the platform to contact children in large numbers and trick them into sending pictures in encrypted chats and video calls.

« We need a coordinated response across society But ultimately, government must be a guard rail that protects children’s users when technology companies compromise them with dangerous design decisions, « said Wanless.

There is widespread concern that any attempt to compromise the end-to-end – Weaken encryption, for example by adding government-accessible « back doors » that compromise the security of ordinary people who are not suspected of any crime. </ End-to-end encryption plays an important role in protecting people's security by protecting financial transactions, avoiding fraud and extortion, or allowing them to privately discuss their sexuality or religious beliefs.

Jim Killock, The executive director of the Open Rights Group, an online advocate for privacy and freedom of speech, said restricting end-to-end encryption would put ordinary people at greater risk on the Internet.

« Everyday encryption doesn’t work only about data protection, but also about your basic security. It’s about avoiding fraud, avoiding blackmail and being able to use these products for financial or business transactions, « he told Computer Weekly.

 » It’s about being less able to worry about abusive partners and people to protect domestic violence, « he said. « Or being able to use communication services to safely and safely explore your sexuality, religious beliefs, or any other number of things in a private space. »

« End-to-end encryption is. » already the leading security technology used by many services to prevent people from hacking and stealing their private information. The full implementation of our messaging services is a long-term project and we are building strict security measures into our plans, « said a spokesman.

Facebook is removing profiles, pages and Instagram groups that share sexualized pictures of children or make inappropriate comments contain. In 2019, Facebook’s WhatsApp encrypted messaging service removed around 250,000 suspicious profiles.

That year, the company began experimenting with pop-up alerts to warn people entering search terms related to child exploitation or going viral Share content on child exploitation.

The NPSCC will argue at the meeting that the end-to-end encryption debate should not be an “either-or” argument skewed in favor of adult privacy but children’s safety and privacy rights.

Wanless said the focus should be on the impact of end-to-end encryption on the ability of technology companies to detect and disrupt abuse early on, rather than on the ability law enforcement agencies to access communications.

The charity’s concerns were promptly supported by government ministers who quietly have not threatened with sanctions against Facebook if the aim is not to combat child abuse on its platforms.

In March 2021, the government announced that it would introduce an online security law that would make social media companies a statutory « duty of care » The communications regulator OFCOM will have the power to fine companies of up to £ 18 million, or 10% of their global sales, for failing to take action against communications that are conducive to terrorism, the sale of drugs and Guns and child sexual abuse is used.

There is nothing in the government’s interim codes of conduct that specifically prohibits encryption. However, ministers argue that end-to-end encryption does not exempt tech companies like Facebook from child due diligence.

OFCOM can also instruct tech companies to implement technical fixes when there is no other practical way to to solve the problem.

In March, Minister of Culture Oliver Dowden told a press conference that the government was working with Facebook to solve the problem but had « all options on the table », including new laws. </ The government has the power to issue secret orders to the company, forcing it to establish a "permanent feature" for intelligence and law enforcement that allows remote access to messages sent through Facebook Messenger.

Technical Capability Notices (TCNs), introduced under the Investigatory Powers Act 2016, give the government the power to instruct companies to terminate their Break encryption or introduce government-developed malware. Employees face a maximum sentence of five years in prison for disclosing the existence or contents of such an order.

Jim Killock of the Open Rights Group said the government would be able to surrender TCN against Facebook in order to to prevent UK users from offering end-to-end encryption.

For example, the order could require Facebook to negotiate with the government before making changes to Facebook Messenger, which would make it difficult for the state to post messages the platform.

« It could all happen in secret. There is no need for public disclosure. Facebook would have no choice but to maintain these measures for UK users, « he said.

The intelligence community reported a growing trend towards the use of encryption to protect communications following the publication of the Snowden documents in 2013.

This has resulted in a decrease in the amount of electronic communications they can access, according to the 2015 State Investigative Review.

The UK and US have the ability to use submarine cables over the internet Collect and analyze mass transmitted messages and are legally empowered to receive communications from Internet and telephone companies.

The Minister of the Interior, Priti Patel, was the government’s most vocal minister to urge law enforcement and intelligence agencies to access encrypted messages Receive communications offered by Facebook and other companies.

The campaign against the end-to-end encryption was immediately endorsed by ministers and intelligence agencies from the Five Eyes states, the UK, the US, New Zealand, Australia and Canada and other countries.

The in a number of notices made over the years Explanations have focused on the impact of encryption on the ability of intelligence and law enforcement agencies to oversee the most serious crimes of child molestation and terrorism.

However, restricting end-to-end encryption would also restrict communications by those who who are suspected of having committed no crime open to harvest and analysis by GHCQ and its US equivalent, the NSA.

This has polarized the debate between law enforcement and those who are concerned are that weakening encryption will compromise the security of law-abiding citizens.

Ross Anderson, Pro Professor of Security Engineering at the University of Cambridge, said that intelligence and security agencies seem to want to capture communications traffic from people’s phones rather than service providers and telecommunications companies.

« Networking is now less effective because of the Snowden reveals a lot of traffic is encrypted. The capture on the server depends either on whether paperwork is required for a particular user or whether the service provider’s content filter is causing something interesting, « he said.

The NSPCC said it was in the best interests of tech companies to have a technical solution that enables them to continue using technology to interrupt abuse « in a consistently encrypted world ».

In its report, the NSPCC proposes technical solutions that prevent the spread of illegal content on social media and at the same time – at least partially – could protect user privacy.

One possible solution is to use software on phones or computers to create digital signatures – or hashes – of images uploaded by people to messaging services, and to compare it to a database of illegal content signatures.

Ross Anderson said it passed There is a risk that such filters could also offer secret services a back door into people’s cell phones so that they can access messages, make voice calls or switch on the microphone of a cell phone remotely to overhear a conversation.

Cell phones or computers can with software that creates a digital signature of images and compares them to the signatures of malicious content stored in a database on the device before they are encrypted. The technology could be integrated into operating systems. It is not clear how feasible it would be to update the database. There is a risk that users will reverse engineer or undermine the detection tools.

The software sends both the hash signature of a user message and the encrypted message to a server. The server verifies the hash signature against a database of illegal images before the encrypted message is released.

A « back door » allows service providers or government agencies to access a server in order to decrypt and access the content of a particular communication evaluate. The method creates a vulnerable access point that malicious hackers can exploit while reducing privacy.

Technology companies could create a « secure enclave » in the cloud that can decrypt communications and inspect the content before re-encrypting it. It offers the same level of data protection as end-to-end encryption, provided that the service is not compromised.

An advanced technology known as homomorphic encryption enables the computation of encrypted data without first decrypting it . It is possible to create a hash signature of the images and match this with hashes of images in a service while the message is being transmitted. Technology is currently too slow to be put to practical use.

Governments have urged technology companies to develop services that make child protection a priority. One example is the social media company Tik Tok, which has blocked access to messages for children under the age of 16 and prevents users from sending direct messages with photos or videos.

Source: End-to-End report Encryption – Understanding the Impact on Child Safety Online « by NSPCC based on research by PA Consulting.

January 20, 2021 Home Secretary Priti Patel meets with Facebook to discuss » Facebook encryption suggestions and other relevant topics to discuss ”.

April 3, 2021 Facebook’s security chief says in an interview with the Telegraph that Facebook would not encrypt its Facebook Messenger until 2022 at the earliest.

October 11, 2020 The US Secretary of the Interior, Priti Patel, Secretary of the Interior Priti Patel, signed a statement calling on tech companies to provide law enforcement with lawful access to content in a readable and usable format . They argue that end-to-end encryption undermines the ability of tech companies to monitor illegal content.

June 2020 Home Secretary Priti Patel warns a meeting of ministers from the Five Eyes countries (UK, US, New Zealand, Australia and Canada) that the threat of terrorism and online child abuse would increase if Facebook and similar companies continued their plans for an end-to-end encryption October 4, 2019 by Home Secretary Priti Patel and the US Attorney General William Barr and Australian Home Secretary Peter Dutton sign an open letter to Facebook CEO Mark Zuckerberg asking him to suspend end-to-end encryption plans. Facebook should ensure that encryption does not increase the risk of harm or prevent legitimate access to communication content.

July 30, 2019 The Home Secretary and Attorney General of the United Kingdom, United States, Australia, New Zealand and Canada issue a communique in asking tech companies to give the government legitimate access to encrypted services. .

March 6, 2019 Mark Zuckerberg, CEO of Facebook, announces plans for end-to-end encryption for messaging and declares that the future is private.

November 2018 Ian Levy, Technical Director of the National Cyber ​​Security Center, part of GCHQ, argued that technology companies could use « virtual alligator clips » to enable intelligence agencies to list targeted encrypted communications. « In the end, everything is still encrypted throughout, but this particular communication has an additional » end « , » he wrote in an influential article.

May 28-29. August 2018 Ministers from Australia, Canada, New Zealand, the UK and the US warn that the inability of intelligence and law enforcement agencies to legitimately access encrypted data and communications is challenging law enforcement agencies.

July 31, 2017 Home Secretary Amber Rudd warns in a comment on the Telegraph that the inability to gain access to « encrypted data limits the ability to stop terrorist attacks and bring criminals to justice ». She said it was not about creating « back doors » for encryption, but that there were opportunities to compromise between technology-friendliness and security.

June 23, 2017 Karen Bradley, then Home Secretary and Minister of Culture, met with Sheryl Sandberg, Facebook Chief Operating Officer to discuss progress in an industry-led forum on fighting terrorist content online, end-to-end encryption, and working with law enforcement.

February 23, 2015 Mike Rogers, the director general of the US National Security Agency, uses a cyber security conference to defend government plans to access data from US technology companies. He argues that « back doors » would not kill encryption or damage privacy.

Alex Stamos, Yahoo’s chief information security officer, criticizes Rogers and compares the plan to « drilling holes in a windshield ». Rogers refuses to say whether Yahoo should create backdoors for Russia and China if they create similar laws.

February 13, 2015 Apple CEO Tim Cook warns of « dire consequences » if government attempts to Weakening encryption leads to privacy sacrifices. “We still live in a world where not all people are treated equally. Too many people do not feel free to practice their religion or to express their opinion or to love who they choose, « he said.

Prime Minister David Cameron in January 2015 said after the terrorist attacks in Paris that a future government was needed British intelligence agencies will have legal powers to break into encrypted communications of suspected terrorists.

October 16, 2014 FBI Director James Comey gives a speech at the Brookings Institute and says he is no longer looking for a « back door » for encrypted systems, but after a « front door ». The proposal has been widely criticized.

September 2014 Europol reports in its Internet Organized Crime Threat Assessment (iOCTA) that “law enforcement must be equipped with the tools and techniques required to cope with the increasing and extensive encryption and anonymization to deal with. ”

This e-guide examines the links between ransomware attacks, data breaches and identity theft. First, Nicholas Fearn examines the double blackmail phenomenon and gives some inside advice on how to stop it, while we explore the top five ways backups can protect against ransomware in the first place.

By submitting my email Address, I confirm that I have read and accept the terms of use and the declaration of consent.

As CIOs use more and more digital technologies, it is important that they determine the current status of their legacy systems and …

Roota Almeida, CISO at Delta Dental in New Jersey and Delta Dental in Connecticut, talks about the cybersecurity threats they …

Scottish Water’s head of enterprise architecture explains how executive collaboration and software tools …

SSH is important, but standard installations can be costly. Auditing and key management are among the top SSH best practices for …

SOC teams can have the latest and greatest cybersecurity tools, but if they don’t have the right training, it’s not enough … </ The FBI has accessed computers – without the knowledge or consent of the owners – to remove hundreds of web shells that were in …

One of the most recent SASE-related integrations from Aruba is that based on Silver Peak SD-WAN, Threat Defense and the ClearPass Policy Manager. …

Wi-Fi 6 is only part of the entire corporate network. Companies need to evaluate several network components in order to …

Cloud-native networks aim to prioritize business requirements and make networks more efficient. Learn more about the …

The right processing technology can benefit your data center. Learn about advances in CPU technology, current vendors …

DPUs are often run on network packets to move information around the data center instead of supporting processing workflows. Get a …

Intel launches third generation Xeon Scalable processors that increase security and accelerate overall data center utilization by 46% …

The compilation of highly qualified data Governance teams can be challenging. Discover the Team Members Required and Best Practices …

Data quality provider Soda had a busy 2021 building new services and raising funds to help organizations identify and …

The former Uber -Product manager and current CEO and co-founder of a startup outlines the challenges and opportunities of …

All rights reserved,
Copyright 2000-2021, TechTarget
Privacy Policy

Cookie settings

Do not sell my personal information

Ref: https://www.computerweekly.com

QU’EN PENSEZ-VOUS?

[comment]

PUB

Laisser un commentaire, votre avis compte!

[gs-fb-comments] [comment-form]

Laisser un commentaire, votre avis compte!