ar130405 - Fotolia

IT professionals wary of government campaign to limit end-to-end encryption

Members of the Chartered Institute of IT, the professional body for technology professionals in the UK, warn against limiting end-to-end encryption

IT professionals have spoken out against a government-backed campaign to limit end-to-end encryption, arguing that it will not make the world safer and is likely to cause more harm than good.

In a survey carried out by BCS, The Chartered Institute for IT, 78% of industry professionals said they did not believe restricting the use of end-to-end encryption (E2EE) in messaging would protect users.

The poll of 1,000 IT professionals was launched in response to the UK government-backed No Place to Hide campaign, which warns that further roll-out of end-to-end encryption would make it more difficult to police child sexual abuse.

The Home Office-backed campaign claims that social media sites are “willfully blindfolding” themselves to child sexual abuse by introducing end-to-end encryption on messaging services.  

Meta, the owner of Facebook, has come in for particular criticism over its plans to introduce end-to-end encryption to its Instagram and Facebook messenger services.

End-to-end encryption is already widely available in messaging apps such as Signal, Telegram, Wickr and Meta’s WhatsApp, which offer varying degrees of security, depending on how they are configured.

A steering group of charities, led by Barnardo’s, the Lucy Faithful Foundation, the Marie Collins Foundation and SafeToNet, are driving the work. Police forces, including the National Crime Agency (NCA), are also backing the campaign.

“Rolling out end-to-end encryption without safety measures in place would be like turning the lights off on the ability to identify child sex abusers online. These plans will mean that social media companies can no longer see the abuse that happens on their platforms,” the campaign groups said in January.

Ukraine war – not the time to weaken security

BCS director of policy Bill Mitchell said: “Whilst we can appreciate the government’s aim is to make the internet a safer place, a balance has to be struck when it comes to end-to-end encryption.

“Now is not the time to weaken technology that is so fundamentally important to our security. There should be more exploration of the alternatives before we go down the road of rolling back E2EE, especially in this time of war, when secure messaging is a vital tool for truth-telling across the world.”

According to the poll, 66% of specialists said restricting end-to-end encryption would have a negative impact on protecting society at large.

Encrypted messaging has since become increasingly important to the people of Ukraine, with a large rise in usage being reported, including by journalists, the BCS said.

Some 70% of IT professionals were not confident it was possible to have both truly secure encryption and the ability to check encrypted messages for criminal material.

Risk to confidentiality

Many industry experts said they were worried about the possibility of increased surveillance from governments, police and the technology companies that run the online platforms. Other concerns were around the protection of financial data from hackers if end-to-end encryption was undermined.

There were concerns that wider sharing of “secret keys”, or centralised management of encryption processes, would significantly increase the risk of compromising the confidentiality they are meant to preserve.

BCS’s Mitchell said: “It’s odd that so much focus has been on a magical backdoor when other investigative tools aren’t being talked about. Alternatives should be looked at before limiting the basic security that underpins everyone’s privacy and global free speech.”

Government and intelligence officials are advocating, among other ways of monitoring encrypted material, technology known as client-side scanning (CSS) that is capable of analysing text messages on phone handsets and computers before they are sent by the user.

Proposals by Apple to compel iPhone users to accept updates that would automatically and covertly search shared images for possible abuse material and send reports to Apple or law enforcement agencies were condemned by 14 top computer scientists and cryptographers in October last year.

They concluded in a research paper, Bugs in our pockets: The risks of client-side scanning, published by Columbia University, that the plans were unworkable, vulnerable to abuse, and a threat to safety and security, citing more than 15 ways in which states or malicious actors, and even targeted abusers, could turn the technology around to cause harm to others or society.

The No Place to Hide campaign states: “We are not opposed to end-to-encryption in principle and fully support the importance of strong user privacy. Instead, our campaign is calling for social media companies to work with us to find a solution that protects privacy, without putting children at even greater risk.”

Read more about the debate on end-to-end encryption

Read more on IT legislation and regulation

Data Center
Data Management