INHOPE - Association of Internet Hotline Providers | What is Encryption?
Article
Educational Articles

What is Encryption?

End-to-end encryption (E2EE) is a privacy feature used on many messaging services, making it impossible for anyone except the sender or receiver to view the content of a message.

It works by scrambling the data of a message once it has been sent and requiring a decryption key to unscramble it. Only the sender and recipient of the message have the decryption key, meaning not even the platform owner or law enforcement can access the data without access to the devices the message was sent or received.

How does Encryption relate to CSAM?

The majority of online communication is innocent. However, we know from well-known cases that individuals have used online messaging services to share Child Sexual Abuse Material (CSAM) or groom children online.

The expansion of E2EE across online messaging services makes the online spread of CSAM and grooming activities harder to detect. This is because current technologies used to detect these behaviours, including photo matching technologies, or machine learning tools which identify patterns of language, do not work on encrypted data. Personal security is extremely important, and so are measures to improve privacy online. However, efforts to preserve online privacy should never obstruct investigations into child sexual abuse and exploitation online.

INHOPE member NCMEC has received a total of over 180 million reports of child sexual exploitation through their hotline CyberTipline, with 99% of reports being submitted by electronic service providers. The organisation therefore estimates that the implementation of end-to-end encryption could drastically impact the number of reports they receive. E2EE also creates challenges for Law Enforcement in gathering data to prosecute an individual or in obtaining a warrant to search an offender’s device. In a study conducted by NetClean, nearly half of the surveyed police officers reported that encryption is the biggest challenge they face in child sexual abuse investigations.

What solutions are available?

Encryption provides a valuable tool for protecting individual privacy. However, many fear that the expansion of E2EE tips the balance between privacy and safety in a way that protects the privacy of adult abusers at the expense of children’s safety. This is a highly nuanced debate, but many argue that privacy need not be placed in opposition to safety in this way.

There are a number of potential & theoretical approaches to this problem, as outlined in a report by the NSPCC:

  • Device-related solutions:
    Most image hashing technology currently used to detect CSAM works on the server. For E2EE-enabled platforms, this method happens too late because the data has already been encrypted. If hashing technology was built into the device itself, then CSAM or grooming could be detected before the data was encrypted. This approach offers a high level of privacy but risks users subverting or reverse-engineering the detection tools on their devices.

  • Server-related solutions
    Another potential approach is to establish a ‘secure enclave’ on the Cloud, that can decrypt the communication, but in a secure, closed-off environment where neither the user’s data nor detection operations are visible to the platform/service provider. Whilst this is not strictly ‘end-to-end’ encryption, it affords the equivalent level of privacy unless the third-party server is compromised.

Read the NSPCC’s deep-dive into encryption here, or learn more about image hashing technology here.

What is Encryption?
30.06.2021 - by INHOPE
'

If you'd like to learn more about topics like this, then
click here to sign up for INHOPE Insights and Events.

'