#NoPlaceToHide…for dumb ideas like backdoor end-to-end encryption and privacy invasion
Government attempts to weaken cryptography to allow general surveillance are not new: they date back at least to Chip Clipper 1993. Likewise, claims that children will be harmed by strong cryptography also date back many years. When Apple tightened its phone encryption in 2014, the Chicago Police Department’s Chief of Detectives said, “Apple will become the phone of choice for the pedophile.“Nevertheless, even against this backdrop of constant attacks, the UK government’s attempt to use moral and emotional blackmail to weaken end-to-end (e2e) encryption is spectacular in its recklessness.
As part of his #NoPlaceToHide campaign, he launched a new website. Although not mentioned by name, the primary concern is Facebook’s plans to add e2e encryption to Messenger and Instagram, something the UK Home Secretary described as “not acceptable“. Partly due to pressure from the UK government, Facebook’s plans are currently pending until 2023.
The general message of the #NoPlaceToHide site is: “We say to social media platforms: don’t give child molesters a place to hide.” Looking at the logos on the homepage, you might think that this campaign is an initiative of well-known UK organizations in this field. But at the very bottom of the page, in small print, we read: “The campaign is funded by the UK Government and has been developed by a steering group of child safety organizations with support from M&C Saatchi. The steering group was not paid to participate.
An article on Rolling Stone revealed that the UK government was spending half a million pounds – around $650,000 – on an advertising campaign alarmist on the “dangers” of e2e communications. The campaign designers noted that most of the audience had never heard of e2e encryption, meaning “people can be easily swayed” on the issue. The following “publicity stunt” is an example of how the British government intends to influence them:
“A glass box is installed in a public space,” notes the presentation. “Inside the box, there are two actors; a child and an adult. The two strangers. The child is sitting playing on his smart phone. At the other end of the box, we see an adult sitting in a chair also on his phone, typing.
“The adult looks at the child occasionally, knowingly. Intermittently throughout the day, the “Privacy Glass” will light up and the previously clear glass box will turn opaque. Passers-by won’t be able to see what’s going on inside. In other words, we create a sense of unease by hiding what the child and adult are doing online when their interaction cannot be seen.
Paul Bernal, Professor of Information Technology Law at UEA Law School, wrote an explanation of why kids need both encryption and anonymity
The reason children need anonymity and encryption is fundamental. It’s because they need privacy, and with the current state of the internet, anonymity and encryption are the primary privacy protectors. More fundamentally than that, we need to remember that everyone needs privacy. This is especially true for children, as privacy is about power. We need privacy from those who have power over us – an employee needs privacy from their employer, a citizen from their government, everyone needs privacy against criminals, terrorists, etc. For children, this is especially intense, as many types of people have power over children. By their nature, they are more vulnerable, which is why we instinctively want to protect them. We need to understand, however, what this protection could and should really mean.
Embarrassingly for the UK government, its own privacy expert, the Information Commissioner’s Office, agree with Bernard, writing that “E2EE plays an important role in both protecting our privacy and online safety. It makes children safer online by preventing criminals and abusers from sending them harmful content or access their photos or location.
Jim Killock, executive director of the Open Rights Group, believes the scare campaign is aimed at softening public opinion ahead of amendments to the UK Online Safety Bill which would allow the government to install backdoors in e2e encrypted messaging apps. He’s probably right, even though the #NoPlaceToHide says, “We’re not opposed to end-to-end encryption, as long as it’s implemented in a way that doesn’t put children at risk.” This is the same old request for digital magic beans that will somehow preserve full-strength e2e encryption, but also allow authorities to access what is encrypted. In fact, this appeal is even worse than the previous ones, because it is worded in such a way as to make the request reasonable and any refusal to comply seems unreasonable.
That’s not the only questionable aspect of the new site. Twice we are told that “an estimated 14 million reports of suspected online child sexual abuse could be lost each year” if e2e encryption is introduced. But the security expert Alec Muffette dug a little deeper and found a number of serious problems with the application. Firstly, 14 million appears to be a global figure, not a purely UK one. Second, many reports are duplicates; the true figure for new and malicious abuses is likely around 350,000, possibly as low as 1,900, according to Muffett. Too much, certainly, but a situation quite different from that portrayed by the British government. Additionally, even with strong e2e encryption in place, there is various workarounds which can be used to obtain information needed by law enforcement. Fortunately, on the internet there is #NoPlaceToHide for blatantly deceptive and manipulative campaigns that can be investigated and exposed by people working from the facts, not just playing on naturally strong emotions.
Image selected by Mikhail Vasiliev.