Tugendhat criticises Facebook encryption plan

Security minister urges the company to implement strong safety measures to prevent a significant risk to child safety

Security minister Tom Tugendhat has criticised Meta for its upcoming implementation of end-to-end (E2E) encryption on Facebook Messenger and Instagram Direct planned for later this year.

During a speech at the annual conference of the Policing Institute for the Eastern Region on Tuesday, the minister expressed concern that Meta's choice to encrypt messages on its platforms would enable child abusers to engage in their activities without fear of being caught.

He strongly urged the company to implement strong safety measures prior to expanding encryption, in order to prevent a "significant risk to child safety."

Mr Tugendhat argued that Facebook and Instagram platforms account for more than 80% of global referrals to the National Center for Missing and Exploited Children (NCMEC), indicating that if encryption is implemented for these services, approximately 20 million suspected cases of child sexual abuse each year would remain unreported.

"To predators, social media sites like Facebook and Instagram are a one-stop shop," Tugendhat said. "Without leaving Meta's ecosystem they can choose their target...do their research...start a conversation with them...and transfer that conversation onto a private messaging service.

"And that's exactly what they do - in their thousands."

The minister didn't pull his punches.

"Some will have heard the words I have used today as being particularly critical of one company, they are right. I am speaking about Meta specifically and Mark Zuckerberg's choices particularly. These are his choices, these are our children. He is not alone in making these choices, other companies have done too."

E2E encryption is already employed in Meta's WhatsApp messaging service, where users are required to have each other's phone numbers in order to initiate communication.

Tugendhat cautioned that with the introduction of E2E encryption on Meta's platforms, the company would lose the ability to detect grooming activities, thereby putting tens of thousands of children at risk of exploitation.

According to Tugendhat, the National Crime Agency (NCA) estimates that in the UK alone, there are up to 850,000 individuals who pose a sexual risk to children, encompassing both offline and online offenses.

"Of course, in reality the scale of the threat our children face is much larger," the minister said.

He further stated that if Meta proceeds with encryption, the government will initiate advertising campaigns to alert parents about the potential risks associated with using the apps. Tugendhat indicated that the campaign would be deployed across various media channels such as print, online, and broadcast, and its primary objective would be to urge technology companies to assume responsibility and make decisions that prioritise the well-being of users.

Meta argues that apps utilising encryption are essential for individuals to safeguard themselves against hackers, criminals, and fraudsters.

"We don't think people want us reading their private messages so have developed safety measures that prevent, detect, and allow us to take action against this heinous abuse, while maintaining online privacy and security," the company said. Last year, Will Cathcart, head of WhatsApp at Meta, said that if the UK Government's new Online Safety Bill compels the firm to stop E2E encryption, it may have no choice but to shut down WhatsApp in the country.

The Online Safety Bill, which is currently being reviewed by Parliament, includes provisions that grant communication regulator Ofcom the authority to instruct platforms to employ accredited technology for scanning message contents.

In an open letter to Prime Minister Rishi Sunak in November, security experts and privacy advocates expressed their concerns about the danger the Online Safety Bill presents to end-to-end encryption.

The letter's signatories said that UK residents and companies now rely more heavily than ever on E2E encryption to secure themselves, and the Government must ensure the Bill does not impair encryption in private communications. The government responded by clarifying that the Online Safety Bill does not entail a prohibition on E2E encryption, nor does it mandate services to compromise the strength of encryption.