Last year, Facebook announced that it would stitch the technical infrastructure of all of its chat apps – Messenger, WhatsApp and Instagram – together so that users of each app can talk to each other more easily.

The plan includes slathering the end-to-end encryption of WhatsApp – which keeps anyone, including law enforcement and even Facebook itself, from reading the content of messages – onto Messenger and Instagram. At this point, Facebook Messenger supports end-to-end encryption in “secure connections” mode: a mode that’s off by default and has to be enabled for every chat. Instagram has no end-to-end encryption on its chats at all.

“As you would expect, there is a lot of discussion and debate as we begin the long process of figuring out all the details of how this will work,” Facebook has said – including, of course, the fact that law enforcement would be shut out of viewing messages on yet more chat apps.

That discussion now includes an open letter, signed by 129 child protection organisations around the world and sent to CEO Mark Zuckerberg on Thursday. The groups, led by the UK’s National Society for the Prevention of Cruelty to Children (NSPCC), are urging the company to stop its plans until “sufficient safeguards” are in place.

According to news outlets that have seen the letter, it says that Facebook could be building on “years of sophisticated efforts” to protect children online, but is instead “inclined to blindfold itself.”

More from the letter:

We urge you to recognise and accept that an increased risk of child abuse being facilitated on or by Facebook is not a reasonable trade-off to make. Children should not be put in harm’s way either as a result of commercial decisions or design choices.

The NSPCC said in December 2019 that police in the UK recorded over 4,000 instances – an average of 11 per day – where Facebook apps were used in child abuse image and online child sexual offenses during the prior year.

The group warned that end-to-end encryption on all of its messaging apps will allow child abuse to go undetected, unless Facebook first puts clear safeguards in place, saying that encrypted messaging creates “hiding places” for child abuse.

The platform will no longer be able to see and report illegal content to law enforcement, so police will be left working in the dark.

More serious child abuse will likely take place on Facebook-owned apps as abusers won’t have to move their victims off the platform to other encrypted ones to groom them.

Government pushback against encryption

While some digital rights groups have applauded Facebook’s move to stronger encryption, some governments – those of the US, Britain and Australia – have not. In December 2019, the US Congress told Facebook and Apple that they had better put backdoors into their end-to-end encryption, or laws will be passed that force tech companies to do so.

In their open letter, the child protection groups told Facebook that they recognise users’ legitimate interest in ensuring that their data is protected, but that doesn’t negate the platform’s responsibility to help in investigations:

However, as you yourself have stated, Facebook has a responsibility to work with law enforcement and to prevent the use of your sites and services for sexual abuse.

In January, the UK’s Information Commissioner’s Office (ICO) published a code to ensure that online companies protect kids from harm, be it showing kids suicidal content, grooming by predators, illegal collection and profiteering off of children’s data, or all the “smart” toys and gadgets that enable children’s locations to be tracked and for creeps to eavesdrop on them.

In Thursday’s open letter to Facebook, child protection groups urged Facebook to back off of its encryption plans until safeguards for children’s safety are in place.

Facebook’s response

David Miles, Facebook’s head of safety for Europe, the Middle East and Africa, said in a statement that encryption does, in fact, protect people:

Strong encryption is critically important to keep everyone safe from hackers and criminals.

…and that Facebook will work on protecting children online as part of the long slog to getting end-to-end encryption everywhere:

The rollout of end-to-end encryption is a long-term project; protecting children online is critically important to this effort and we are committed to building strong safety measures into our plans.

Miles said that Facebook is already working with law enforcement, government and tech companies to keep children safe online.

Not the first letter Facebook’s received

In October 2019, three governments warned Facebook that it had better end – or at least pause – its “encryption on everything” plan.

US Attorney General William Barr and law enforcement chiefs of the UK and Australia signed an open letter calling on Facebook to pause until it figures out a way to give law enforcement officials backdoor access so they can read messages.

“No,” Facebook said – with all due respect to law enforcement and its need to keep people safe.

Facebook responded by releasing its own open letter, penned in response to Barr.

In the letter, WhatsApp and Messenger heads Will Cathcart and Stan Chudnovsky said that any backdoor access into Facebook’s products created for law enforcement would weaken security and let in bad actors who would exploit the access. That’s why Facebook has no intention of complying with Barr’s request that the company make its products more accessible, they said:

The ‘backdoor’ access you are demanding for law enforcement would be a gift to criminals, hackers and repressive regimes, creating a way for them to enter our systems and leaving every person on our platforms more vulnerable to real-life harm.


Beratung Consulting

Beratung Consulting are dedicated to Security solutions and are a trusted Sophos Partner.

Sophos Authorised Partner