End-to-end encryption should not apply to children’s accounts, Commissioner says

As of 21 December 2020, the European Electronic Communications Code (EECC) will extend the scope of the ePrivacy Directive to Over-The-Top (OTT) companies, which will remove the explicit legal basis for the main tech players such as Facebook Messenger to voluntarily scan online material for child sexual abuse unless national law allows them to do so. 

As a result, current practices to detect child abuse online by big tech firms interfere with certain provisions of the ePrivacy Directive.

Following her new report, Children’s Commissioner Anne Longfield warns the government that end-to-end encryption will put children at risk of grooming and abuse and prevent the sharing of reports with law enforcement.

“End-to-end encryption makes it impossible for the platform itself to read the contents of messages, and risks preventing police and prosecutors from gathering the evidence they need to prosecute perpetrators of child sexual exploitation and abuse, Longfield said.

She said: “I worry that this could be a cynical attempt on the part of some tech firms to side-step sanctions and litigation, especially as the UK Government prepares to establish a new legal ‘duty of care’ on companies towards their users.”

In September, the Commission decided to prepare a ‘temporary’ legislative proposal to ensure that OTT companies are not prevented from voluntarily detecting child sexual abuse. The interim law strategised by EU Commissioner for Home Affairs Ylva Johansson would grant tech companies an exemption from the code, allowing them to continue tracking child sexual abuse online until 31 December 2025.

A report on the proposal stated: “Online exchange of material depicting child abuse starts a vicious chain of criminal acts. Today’s proposal ensures that the current voluntary efforts of online communication providers to responsibly report can continue.”

The Children’s Commissioner also warns the government to be wary of big tech’s intentions around encryption, stating social media firms may be using encryption in a “cynical” attempt to “side-step sanctions and litigation”. However, Facebook is allegedly in favour of encryption and has been using it on its platforms since 2019. 

Privacy groups such as The Open Rights Group and the Electronic Frontier Foundation have spoken out in favour of end-to-end encryption, stating a ban on encryption would be bad for democracy. The Open Rights Group has also criticised charities calling for the Online Harms Bill regulator, likely Ofcom, to ban the use of end-to-end encryption unless they can meet the standards of a highly subjective “duty of care”.

They state, “Let’s be clear: any intentional undermining or compromising of encryption, even for legitimate purposes, weakens everyone’s security online,” continuing that, “child abuse material is a very serious concern, but it must not be presented as a reason to deny legitimate users the safety and privacy they deserve by right.” 

The Commission, under the EU Internet Forum, is assessing regulatory options to detect and report child sexual abuse in end-to-end encrypted electronic communications.