Encryption: ‘We must have equivalency; It’s all about the implementation’

I’ve written several blogs outlining our position on the implementation of a form of encryption, DNS over HTTPS, over the last few months. You can find them here, here and here.

The debate surrounding the increasing use of encryption is raging. It’s complex and often revolves around two pillars; privacy and security. But there should be a third equally weighted pillar; child protection. Specifically, protection from sexual abuse.

It’s perfectly fair and reasonable to expect our personal information to be private, and to be protected from criminals whilst online.

At the Internet Watch Foundation (IWF), our focus is to find and remove child sexual abuse material from the internet. We want to protect people. We protect abuse victims by removing this imagery and by providing tools and services to internet companies so they can stop people accessing such images, whilst ensuring that they are quickly removed. Those same tools and services protect everyday people from stumbling across those images; evidence of such horrific abuse that users can never unsee. We also protect internet companies; child sexual abuse imagery is bad for business.

For us, encryption is about both how we can help technology companies to ensure that our personal information is protected online, and ensure that crimes against children cannot take place behind a veil of encryption.

Our position on encryption is very simple:

• Encryption is a good thing for adults and children in protecting their personal information, but care must be taken on how, when, and where it is implemented.
• Equivalency is needed. In short, the child protection measures in place now should exist in the encrypted world. The IWF has worked for 24 years to help create and share tools and services/data sets which hinder and stop the distribution of child sexual abuse imagery online. These tools are used by internet companies across the world. Encryption should not sacrifice the use of child protection measures that are already in place and effective. Why potentially reduce child protection by implementing encryption without considering its impact?
• The IWF is a trusted organisation which can bring together industry, civil society, law enforcement, and government. We can give a voice to victims of child sexual abuse in this debate. It’s vital that child protection organisations with technical expertise are involved in these discussions, able to assist with solutions, and underline any complications that developments may have for their work.

We believe that people are entitled to their privacy, to express their own opinions and ideas without fear of persecution, and live free from the threat of criminal infiltration into their personal information. Alongside this, we believe that no one has the right to exploit encrypted channels to distribute or view horrifying, invasive and graphic images of the sexual abuse of children. Any future implementation of encryption should reflect this.

We should not build a world which enables, legitimises, or makes it easier to view or distribute imagery of child sexual abuse. We must work together; civil society, government, and law enforcement to develop technology that is safe for users. The Information Commissioner’s Office (ICO) ‘Age appropriate Design Code’ is a first, critically important step in supporting industry to build a sustainable online environment which safeguards children. Such ethos must be extended to protect victims of child sexual abuse from having their abuse shared more widely, haunting them as they grow.

In previous blogs, I have laid out our fears surrounding the implementation of DNS over HTTPS. I have explained the potentially catastrophic impact of its implementation, and the issues it raises around informed user consent, the opaque nature of technical development and the need for policy input when developing technical standards. These points remain just as relevant as we move forward.

As the UK’s incoming legislation surrounding online harms develops, so will this debate. Historically, the innovation and pace of the development of technology has brought great joy to our lives, and right now, we are at a crossroad with a unique opportunity to make our internet safer. We cannot miss this chance, and passively watch as the digital world turns into a tool facilitating widespread suffering.