Jul 11, 2023 - Technology

Encryption faces legal threats around the globe

Illustration of hand stopping arrow cursors

Illustration: Eniola Odetunde/Axios

Privacy advocates have a stacked agenda this summer as they fight legislative proposals in three key markets that threaten the security of encrypted messaging services.

What's happening: Policymakers in the U.S., the U.K. and the European Union are considering children's online safety bills that aim to provide law enforcement with a backdoor into encrypted services like WhatsApp and Signal.

  • Lawmakers in the U.K. are considering the Online Safety Bill this year, which would allow the country's communications regulator to scan for child sexual abuse materials in end-to-end encrypted messages.
  • Meanwhile, in the EU, policymakers are weighing a plan that would require any encrypted service provider to survey messages, videos and photos on their platforms for signs of child sexual abuse materials and to report suspicious items to the police.
  • And in the U.S., lawmakers returning from recess this week have been considering a handful of child-safety bills with similar provisions, including the EARN It Act and the Stop CSAM Act.

The big picture: End-to-end encryption protects conversations happening between users from being read by anyone other than those users — including the operators of these services. That can provide safety for activists, political dissidents and journalists.

  • It also makes end-to-end encrypted messaging services a popular choice for criminals, including malicious hacking groups and child predators.

Why it matters: Each region's government is deliberating and making final tweaks on these bills this summer — giving privacy advocates one last shot at getting amendments and exemptions to protect encryption tossed in.

Zoom in: Creating a backdoor just for law enforcement is technically impossible, encryption service providers argue. A backdoor couldn't be limited to just investigators: It could also be exploited by cybercriminals, terrorists and authoritarian regimes to spy on users' private conversations.

  • Apple even tried to pursue an alternative in 2021 where it would proactively scan encrypted iCloud photos for signs of child abuse imagery while preserving privacy — but it ultimately ditched the plan over privacy concerns.

The other side: Child safety advocates and law enforcement are looking for any help they can get to crack down on the growing problem of online child sexual abuse materials.

  • Between 2021 and 2022, reports of predators enticing children online to participate in sexual acts jumped 82%, the National Center for Missing & Exploited Children estimates.

What they're saying: "Law enforcement tends to think that tech companies are just ignoring the problem and not doing anything, but it's actually the opposite that's true," Andy Yen, CEO of encrypted email company Proton, told Axios.

  • "None of us are incentivized financially or otherwise to allow illegal activities to happen on our platforms," he added.

Between the lines: Encrypted messaging services struggle to publicly discuss the ways they're investigating child sexual abuse.

  • These services are often using techniques that ransomware and other cybercrime investigators use to track criminal activity — but divulging their exact techniques to the public could tip off perpetrators.

Yes, but: There's no silver bullet to crack down on child sexual abuse materials, so lawmakers should instead consider a more holistic approach that increases funding for investigators, said Greg Nojeim, senior counsel and director of the Center for Democracy and Technology's Security and Surveillance Project.

The intrigue: Privacy advocates face varying levels of difficulty in getting their message across to lawmakers this summer.

  • In the EU, internal legal advisers have already warned policymakers that their plan could face pushback in court.
  • In the U.S., Senate Majority Leader Chuck Schumer says online safety is one of his priorities heading into the next three weeks before August recess — although bills similar to the ones lawmakers are considering have struggled to get a floor vote in recent years.
  • And in the U.K., the House of Lords has several sessions scheduled this month to further review the Online Safety Bill.

Sign up for Axios’ cybersecurity newsletter Codebook here

Go deeper