This week, the U.K. government launched an unprecedented and deceptive effort to kill off end-to-end encryption. They’ve hired a fancy ad agency to convince people that encrypted messages are dangerous to children.
The explicit goal of the “No Place to Hide” campaign, launched on Tuesday, is to prevent Facebook from expanding its use of end-to-end encryption. Currently, Facebook’s WhatsApp messaging system uses end-to-end encryption, but other communications systems, including Facebook Messenger, are scanned and checked against a US government database, run by the National Center for Missing and Exploited Children (NCMEC), which identifies child abuse images.
Over the weekend, Rolling Stone magazine revealed details of how the M&C Saatchi ad agency pitched this campaign to the U.K. government’s Home Office. The Home Office is paying the advertising agency £534,000, or $724,000 in U.S. currency, to promote the messages on social media and seek placement on popular British television shows.
The ad agency has also proposed a “visual PR stunt,” in which it will install a glass box in a public space where an adult actor will sit next to a child actor, each using smartphones. Gradually the box will become opaque. The point of this bizarre display, according to M&C Saatchi, is to make watchers uncomfortable—apparently because they can’t constantly keep tabs on the actors in the box—and “force Facebook to evaluate their sense of responsibility.”
Of course, an opaque box with people inside is also known as a “house,” as Stanford’s Riana Pfefferkorn pointed out in her blog post about the U.K. anti-encryption push. “The goal of this propaganda campaign is to turn the UK public’s opinion against their own privacy, not just in their electronic conversations, but even in the home, where the right to privacy is strongest and most ancient,” she wrote.
Facebook Messenger scans its messages and provides NCMEC millions of reports of images of possible child abuse, including about 75,000 reports from the U.K. This increased scanning is primarily responsible for what law enforcement agencies in the U.S. and U.K. have called an increase in online child abuse—but the scanning isn’t even accurate. According to Facebook’s own analysis, more than 75% of reports are likely not “malicious,” and are shared for other reasons, such as “outrage or in poor humor." That seriously calls into question the U.K. Home Office’s claims that allowing Facebook to encrypt more messages will be “catastrophic for child safety.”
Fortunately, the Home Office’s ham-handed campaign falls flat. It’s been met with scorn and derision on social media, but that’s not all. Today, the UK government’s own Information Commissioner’s Office, an agency charged with protecting data privacy, pointed to encryption’s “important role both in safeguarding our privacy and online safety” and dismissed the campaign. “Until we look properly at the consequences, it is hard to see any case for reconsidering the use of E2EE – delaying its use leaves everyone at risk, including children.”
This is just the latest iteration of a long effort by U.S. and U.K. law enforcement agencies to force private companies to scan all user messages sent online. Each iteration of the effort—from the anti-encryption EARN IT Act of 2020, to the pressure campaign NCMEC ran against Apple iMessage last year—has faced overwhelming public opposition.
Each year, more people understand that end-to-end encryption is vital to having a safe and private life online. Without strong encryption, we won’t have true privacy in the digital world. That would mean messages—including those sent by children—will be vulnerable to abuse by criminals, hostile governments, and domestic abusers. Without the ability to have a private conversation, we can’t have a sphere for real free speech, and democracy will be under threat.
We’ve been telling Facebook to push forward with its plans to expand encryption for years now, and we hope they finish the job soon. When it comes to encryption and privacy, people get why it’s important. In the short run, we expect the U.K. government’s anti-encryption campaign to fade away. In the long run, we hope the lawmakers and law enforcement leaders on both sides of the Atlantic who keep blasting encryption in the name of “protecting children” change their tune—or are compelled to do so by a public that demands real privacy and security.