In an open letter to Mark Zuckerberg, ECPAT International, our members and over a hundred child rights organisations from across the globe warn about the consequences of encrypting Facebook Messenger. It can lead to more severe and extensive sexual abuse and exploitation of children and crimes will become much more difficult to investigate. Here is the full letter.
Dear Mr Zuckerberg,
As a coalition of child protection organisations and experts from all parts of the world, we are writing to express our significant concerns about your company’s proposals to implement end-to-end encryption across your messaging services.
Unfortunately, Facebook has not yet satisfied us that our deeply held concerns will be satisfactorily addressed. We, therefore, urge you not to proceed with the rollout until and unless you can demonstrate there will be no reduction in children’s safety as a result of this decision.
Do not proceed until and unless you can demonstrate there will be no reduction in children’s safety as a consequence.
Strong encryption plays a hugely valuable role in keeping citizens and their data safe. We fully recognise that users of online services have a legitimate interest in ensuring their data is protected, and there seems to be a growing appetite for users to have greater control over how their data is used by tech companies. However, as you have stated yourself, Facebook has a responsibility to work with law enforcement and to prevent the use of your sites and services for sexual abuse, including grooming, the sharing of child abuse images, and children being coerced into sending self-generated images and videos.
Facebook has a responsibility to work with law enforcement and to prevent its platform from being misused.
In your blogpost of 7th March 2019, you recognised that:
‘there are real safety concerns to address before we can implement end-to-end encryption across all of our messaging services. When billions of people use a service to connect, some of them are going to misuse it for truly terrible things like child exploitation, terrorism, and extortion. But we face an inherent trade-off because we will never find all of the potential harm we do today when our security systems can see the messages themselves.’
We urge you to recognise and accept that an increased risk of child abuse being facilitated on or by Facebook is not a reasonable trade-off to make. Children should not be put in harm’s way either as a result of commercial decisions or design choices. Unless demonstrably successful mitigations can be put in place, it seems likely that the consequence will be more serious and sustained sexual abuse on Facebook’s virtual properties.
At present, Facebook undertakes market-leading initiatives to identify and remove the most serious illegal content. In 2018, Facebook made 16.8 million reports to the National Center for Missing and Exploited Children (NCMEC). In the UK alone, this led to 2,500 arrests and 3,000 children being safeguarded. However, NCMEC estimates that as a result of end-to-end encryption, some 70 per cent of Facebook’s reports – equivalent to 12 million reports globally – could be lost. At a time when we could be looking to build upon years of sophisticated initiatives, Facebook instead seems inclined to blindfold itself.
As child protection experts, we cannot overstate the strength of our concerns.
As child protection experts, we cannot overstate the strength of our concerns. Whereas today Facebook’s products are primarily used by groomers to make initial contact with children, before migrating them to less scrupulous messaging or live-streaming sites, end-to-end encryption will embolden abusers to initiate and rapidly escalate abuse directly on Facebook’s services.
If Facebook Messenger and Instagram Direct are both seamlessly integrated into large open platforms, abusers will be able to exploit existing design aspects to make easy and frictionless contact with large numbers of children, and then rapidly progress to sending end-to-end encrypted messages. This presents an unacceptable risk to children, and would arguably make your services unsafe.
Given the scale of these concerns, we call on Facebook to take the following measures:
- invest in safety measures which can demonstrate that the introduction of end-to-end encryption results in no net reduction to children’s safety, including the ability of Facebook to scan for child abuse images and identify and disrupt abuse taking place on or through its services;
- demonstrate a willingness to embed a voluntary duty of care to protect children in your design decisions on encryption;
- consult widely with child protection experts, governments and law enforcement, so we can be satisfied any proposed mitigations are effective;
- agree to share necessary data with governments and child protection experts to determine the effectiveness of your mitigation strategy, and the impact that encryption has on threat behaviours;
- not proceed with the rollout of end-to-end encryption until you can ensure any proposed mitigations have been fully tested, and will adequately address our concerns.
We would be pleased to work closely with you to ensure that Facebook can deliver the benefits of end-to-end encryption without compromising your ability to disrupt abuse, and that of law enforcement to safeguard children and bring offenders to justice.
We trust you will respond meaningfully to the very serious concerns expressed in this letter, and agree to work productively to ensure children’s safety on Facebook is not in any way jeopardised.
ECPAT International, many ECPAT network members, NSPCC, NCMEC and other experts, full list of signatories here.
New York Times: Child-Welfare Activists Attack Facebook Over Encryption Plans
A crisis at its breaking point – 45 million online child sexual abuse images reported in 2018
More about online child sexual exploitation