Claims that child abuse justifies intrusion
Mobile network operators (MNOs) should install technology to bypass end-to-end encryption so that security agencies can snoop on phones, according to discussion at the UK’s Government Communications Headquarters (GCHQ) and the National Cyber Security Centre (NCSC).
The discussion paper making these suggestions, written by GCHQ’s technical director of cryptanalysis Crispin Robinson and NCSC’s technical director Ian Levy, was unveiled this week by privacy activist Reclaim The Net. The paper makes the case that “client-side scanning” would protect children and still maintain privacy. Client-side scanning uses tools that monitor content for suspicious activity without having to upload the private messages to a central server.
“We’ve found no reason why client-side scanning techniques cannot be implemented safely in many of the situations one will encounter,” the authors have claimed. Any concerns over client-side scanning are based on fixable flaws and the involvement of multiple non-government organisations (NGOs) could ensure that no government is using scanning tools to spy on people, it is argued. Encryption would ensure sure that the service providers do not see the images that are sent for human moderation.
The discussion paper calls for detailed policies from the government, arguing that “discussing the subject [of client-side scanning] in generalities, using ambiguous language or hyperbole, will almost certainly lead to the wrong outcome.”
However, privacy advocates feel the proposals would still compromise the advantages of end-to-end encryption. Cryptography expert Alec Muffet, who championed Facebook’s Messenger encryption, said the discussion paper entirely ignores the risk that their proposals threaten the privacy of billions of people worldwide. “It’s weird that they frame abuse as a societal problem yet demand only technological solutions for it. Perhaps it would be more effective to use their funding to adopt harm-reduction approaches, hiring more social workers to implement them?” Muffet told The Guardian.
Both Robinson and Levy, authors of the paper, have previously suggested controversial policies. In 2018, they backed the ghost protocol which would allow GCHQ to silently spy on all mobile messages. “It’s relatively easy for a service provider to silently add a law enforcement participant to a group chat or call,” they said. “This [is] no more intrusive than the virtual crocodile clips that our democratically elected representatives and judiciary authorise today.”