GCHQ experts explain how to tackle child sexual abuse online despite end-to-end encryption | Science and technology news
Two senior technical directors from GCHQ, the UK’s cyber intelligence agency, have released a new paper analyzing how tech companies can protect children from online sexual abuse.
The effects of child sexual abuse can last a lifetime, even when the abuse occurs online. Research by the Independent Inquiry into Child Sexual Abuse found that survivors often suffer from serious physical and mental health problems later in life.
One of the challenges in combating this online abuse is the growing number of services offering end-to-end encryption, a technology that often undermines the existing security features that many companies use to access child sexual abuse material recognize.
But without the use of end-to-end encryption, any hacker, or even a legitimate authority — and maybe even an employee of the messaging company — who could access the service’s internal controls would be able to read those messages.
READ ALSO: Danielle Armitage Forgoes Anonymity To Warn Others About What Happened To Her When She Was Just 14 Years Old
The new paper was created by Dr. Ian Levy, the technical director of the UK’s National Cyber Security Center (NCSC) – part of GCHQ – and Crispin Robinson, the technical director for cryptanalysis at GCHQ, both trained mathematicians and career intelligence officers whose work includes tackling sexual abuse of children on the internet.
They describe seven “harm archetypes” to frame the problem in a new way, covering everything from children being cared for by delinquents to adults sharing indecent pictures of children out of shock, noting that each of these malicious behaviors has a specific technical profile can be specifically addressed.
“Child sexual abuse is a societal problem”
In particular, it recommends reconsidering a recently controversial proposal by Apple from Preemptive scanning of all iPhones for Child Sexual Abuse Material (CSAM) as a potential solution to some harm if properly designed to protect against others.
In particular, academics and security experts feared that Apple’s system could be modified to look for non-CSAM images that could be of interest to government agencies. The company afterwards delayed indefinitely the application.
Although the 67-page document is not intended to outline UK government policy, the authors admit they hope to help develop a policy to combat online abuse on a global basis.
It comes as the government’s Online Safety Law faces a significant delay, in part due to criticism of its unscientific approach to defining the harms internet users can face online.
The paper was ready long before the bill’s delay was announced.
It comes as the government proposes to include an amendment that will give to the regulators the power to coerce tech companies to stop sexual abuse of children on their platforms.
dr Levy and Mr. Robinson write: “Child sexual abuse is a societal problem not created by the Internet, and tackling it requires a societal response.
“However, online activities uniquely allow perpetrators to scale their activities, but also enable entirely new online-only harms, the impact of which on victims is just as catastrophic,” they add.
“We hope that this paper will support the debate on tackling child sexual abuse in end-to-end encrypted services by clearly setting out for the first time the details and complexities of the problem.”
Read more: Record levels of child sexual abuse online in 2021, finds Internet Watchdog
“Child protection barriers are not of a technical nature”
The authors say the issue related to an earlier collaboration in 2018 is “much more complex than other government requirements, such as B. Exceptional Access”.
Then the two wrote an article published in Lawfare, a popular US national security blog, calling for a “more informed” debate about end-to-end encryption and the “extraordinary access” law enforcement agencies have to it services might need.
The solution they proposed at the time was to secretly roll out another end to these messaging services to ensure law enforcement could access the communications.
It was just a hypothetical proposal, but it proved highly controversial and was not adopted by most platforms offering end-to-end encryption.
It successfully provoked dozens of high-profile articles from academia, civil society and industry discussing the merits of the idea – although most of them were critical and offered no solutions to the problem outlined.
The authors hope that their new paper will encourage more constructive engagement.
Andy Burrows, head of online child safety policy at the NSPCC, described the paper as an “important and highly credible intervention” that “breaks the false truism that children’s fundamental right to online safety is only achieved at the expense of adult privacy.” can be.
“The report shows that it will be technically feasible to identify child abuse material and grooming in end-to-end encrypted billing products for their users.
“The Online Safety Act is an opportunity to fight child abuse on an industrial scale. Despite the breathless suggestions that the law could ‘break’ encryption, it is clear that the legislation can stimulate companies to develop technical solutions and provide safer and more private online services.”