Insights UK Home Office publishes guidance on end-to-end encryption and child safety

According to the Guidance, there were almost 35,000 offences in the UK relating to online indecent images of children in 2022, an increase of 13% from the previous year. Many social media companies scan their platforms for child sexual abuse material (e.g. images, videos and grooming conversations) (“CSAM”) and report it to the National Centre for Missing and Exploited Children (“NCMEC”) which passes on the information to relevant law enforcement agencies.  These reports lead to a significant number of arrests and result in many children being safeguarded.

End-to-end encryption (“E2EE”) is a secure communication system where messages can only be seen by the sender and receiver, so it is used, for example, in online banking. Some social media companies are, or are proposing to, use E2EE in private messaging. The government is concerned that this will pose a risk to child safety as companies will no longer be able to scan and report CSAM appearing within these private messaging services. In particular, NCMEC estimates that up to 70% of its referrals from Meta would be lost following the roll-out of E2EE.

The government is not opposed to E2EE but wants to ensure that it is implemented in a way that maintains or enhances the identification and prevention of child sexual abuse. Other safety features do not sufficiently protect children. Age verification methods are not yet strong enough and privacy and content filtering tools, whilst on the right track, are not considered sufficient to protect children from these harms. The ability to report harmful content is also of limited use as children often do not understand that they are being groomed.

The Online Safety Bill will impose obligations on social media companies to put in place systems to tackle CSAM, even in the case of E2EE messaging, and Ofcom will be able to require companies to use accredited technology or to develop technology to tackle CSAM, with the power to impose fines for a failure for breaches of the legislation. In the Guidance, the Government recommends that social media companies should build on the proof-of-concept tools developed by the Safety Tech Challenge Fund, a UK government funded challenge programme, designed to detect CSAM across E2EE environments whilst upholding user privacy.

For the Guidance, click here.