Encryption: ‘We must have equivalency; It’s all about the implementation’

Published:  Thu 6 Feb 2020

I’ve written several blogs outlining our position on the implementation of a form of encryption, DNS over HTTPS, over the last few months. You can find them here, here and here.

The debate surrounding the increasing use of encryption is raging. It’s complex and often revolves around two pillars; privacy and security. But there should be a third equally weighted pillar; child protection. Specifically, protection from sexual abuse.

It’s perfectly fair and reasonable to expect our personal information to be private, and to be protected from criminals whilst online.

At the Internet Watch Foundation (IWF), our focus is to find and remove child sexual abuse material from the internet. We want to protect people. We protect abuse victims by removing this imagery and by providing tools and services to internet companies so they can stop people accessing such images, whilst ensuring that they are quickly removed. Those same tools and services protect everyday people from stumbling across those images; evidence of such horrific abuse that users can never unsee. We also protect internet companies; child sexual abuse imagery is bad for business.

For us, encryption is about both how we can help technology companies to ensure that our personal information is protected online, and ensure that crimes against children cannot take place behind a veil of encryption.

Our position on encryption is very simple:

  • Encryption is a good thing for adults and children in protecting their personal information, but care must be taken on how, when, and where it is implemented.
  • Equivalency is needed. In short, the child protection measures in place now should exist in the encrypted world. The IWF has worked for 24 years to help create and share tools and services/data sets which hinder and stop the distribution of child sexual abuse imagery online. These tools are used by internet companies across the world. Encryption should not sacrifice the use of child protection measures that are already in place and effective. Why potentially reduce child protection by implementing encryption without considering its impact?
  • The IWF is a trusted organisation which can bring together industry, civil society, law enforcement, and government. We can give a voice to victims of child sexual abuse in this debate. It’s vital that child protection organisations with technical expertise are involved in these discussions, able to assist with solutions, and underline any complications that developments may have for their work.

We believe that people are entitled to their privacy, to express their own opinions and ideas without fear of persecution, and live free from the threat of criminal infiltration into their personal information. Alongside this, we believe that no one has the right to exploit encrypted channels to distribute or view horrifying, invasive and graphic images of the sexual abuse of children. Any future implementation of encryption should reflect this.

We should not build a world which enables, legitimises, or makes it easier to view or distribute imagery of child sexual abuse. We must work together; civil society, government, and law enforcement to develop technology that is safe for users. The Information Commissioner’s Office (ICO) ‘Age appropriate Design Code’ is a first, critically important step in supporting industry to build a sustainable online environment which safeguards children. Such ethos must be extended to protect victims of child sexual abuse from having their abuse shared more widely, haunting them as they grow.

In previous blogs, I have laid out our fears surrounding the implementation of DNS over HTTPS. I have explained the potentially catastrophic impact of its implementation, and the issues it raises around informed user consent, the opaque nature of technical development and the need for policy input when developing technical standards. These points remain just as relevant as we move forward.

As the UK’s incoming legislation surrounding online harms develops, so will this debate. Historically, the innovation and pace of the development of technology has brought great joy to our lives, and right now, we are at a crossroad with a unique opportunity to make our internet safer. We cannot miss this chance, and passively watch as the digital world turns into a tool facilitating widespread suffering.

Tags

IWF’s Dan Sexton explains vital role new European proposal could have in preventing the widespread sexual abuse, rape, and sexual torture of child victims online

IWF’s Dan Sexton explains vital role new European proposal could have in preventing the widespread sexual abuse, rape, and sexual torture of child victims online

Dan explains the vital role the proposal could have in preventing the widespread sexual abuse, rape, and sexual torture of child victims online

1 June 2022 Blog
IWF calls for changes to Bill to ensure it does not disrupt current mechanisms for stopping child sexual abuse on the internet

IWF calls for changes to Bill to ensure it does not disrupt current mechanisms for stopping child sexual abuse on the internet

Today (May 24), the Online Safety Bill begins its next stage as MPs begin the line-by-line scrutiny of the legislation.

24 May 2022 Blog
Not all Encryption is the same: social media is not ready for End-to-End Encryption

Not all Encryption is the same: social media is not ready for End-to-End Encryption

IWF CTO Dan Sexton explains the differences in the technology behind the debate.

14 March 2022 Blog