GCHQ experts offer solution to online child sexual abuse despite end-to-end encryption | Science & Technology News
Two senior technical directors at GCHQ, the UK’s cyber intelligence agency, have published a new paper analyzing how tech companies can protect children from online sexual abuse.
The effects of child sexual abuse can last a lifetime even when the abuse takes place online. Research by the Independent Agency for the Investigation of Child Sexual Abuse found that survivors often suffer from serious mental and physical health conditions in later life.
One of the challenges in addressing this online abuse is that more and more services offer end-to-end encryption, a technology that often undermines existing safety features that many companies use to detect child sexual abuse material.
But without using end-to-end encryption, any hacker or even legitimate authority – and perhaps even employees at the messaging company – who could gain access to the service’s internal controls will be able to read those messages.
Read more: Danielle Armitage waives her anonymity to warn others of what happened to her when she was 14
Danielle Armitage was groomed online and abused in person
The new paper was written by Dr Ian Levy, technical director at the UK’s National Cyber Security Center (NCSC) – a division of GCHQ – and Crispin Robinson, technical director of cryptographic analysis at GCHQ, both a trained mathematician and a career intelligence officer whose work involves dealing with child sexual abuse online.
They describe seven “harm archetypes” to shape problems in a new way, covering everything from children being groomed by offenders to adults sharing indecent images of shocking children and note that each of these harmful practices has a specific technical profile of how can be addressed in a particular way.
‘Children sexual abuse is a social problem’
In particular, it recommends reconsidering a recent controversial proposal by Apple of the pre-scan all iPhones for child sexual abuse material (CSAM) as a potential solution to some harm, if it is properly stored to protect against others.
Chief among the concerns of academics and security experts is that Apple’s system could be modified to search for non-CSAM images that may be of interest to government agencies. Company then indefinitely delay offer.
While the 67-page document is not intended to represent UK government policy, the authors admit it hopes to help develop policy on tackling online abuse on a global basis.
It was announced as the government’s Online Safety Bill faces extensive delays in part due to criticism over its unscientific approach to identifying the harms caused by internet users. may encounter while online.
The paper was completed long before the bill’s delay was published.
It comes when the government proposes to include an amendment that would give regulators the power to force technology companies to prevent child sexual abuse on their platforms.
Dr Levy and Mr Robinson write: “Child sexual abuse is a social problem not created by the Internet and combating it requires a whole-of-society response.
They added: “However, online activity allows offenders to scale their activities in a unique way, but also create entirely new online-only harms, their consequences It’s also catastrophic for the victim,” they added.
“We hope this paper will help the debate around combating child sexual abuse on end-to-end encrypted services, setting out clearly the details and complexity for the first time. of the problem.”
Read more: Internet watchdog detects record levels of child sexual abuse in 2021
‘Barriers to protect children are not technical’
The authors say that the issue is “much more complex than other government needs, such as special access” related to the previous collaboration in 2018.
The pair then wrote an article published on Lawfare, a popular US blog on national security, calling for a “more informed” debate about end-to-end encryption and “rights to privacy.” special access” that law enforcement may need to such services.
They proposed as a solution at the time to secretly introduce another end to these messaging services, ensuring that law enforcement could access the communications.
It’s just a hypothetical proposition, but it’s caused a lot of controversy and hasn’t been adopted by most platforms that offer end-to-end encryption.
It has successfully stimulated dozens of well-known articles discussing the merits of the idea, from academia, civil society and industry – although most of them are critical and do not offer any any solution to the problem described.
The authors hope their new paper invites more constructive engagement.
Andy Burrows, head of child safety online policy at the NSPCC, described the paper as a “significant and credible intervention” aimed at “breaking the false binary that fundamental rights of children to online safety can only be achieved at the expense of adult privacy.
“The report demonstrates that it is technically feasible to identify child abuse and grooming material in end-to-end encrypted products. It is clear that barriers to child protection are not Not because of technology but because technology companies don’t want to develop a balance that solves for their users.
“The Online Safety Bill is an opportunity to tackle ongoing child abuse on an industrial scale. Despite cryptic hints that the Bill could ‘break’ encryption, it’s clear is legislation that can encourage companies to develop technical solutions and provide safer and more private online services.”
