Credit: Pixabay

The government has not ruled out legislating against the use of end-to-end encryption by technology firms, but has said that its preferred course of action would be to reach a mutually acceptable agreement with Facebook and others.

Last month home secretary Priti Patel teamed up with counterparts from the US and Australia to write an open letter to Mark Zuckerberg requesting that he put a stop to Facebook’s plans to implement end-to-end encryption across its messaging services.

A month on from the publication of the letter – and just on the cusp of the pre-election restrictions kicking in – the Home Office followed up with the release of a fact sheet adding some clarity to the government’s position, and setting out its answer to a few key questions.

Related content

• Government badly needs a new message on encryption
• Home secretary calls for government back doors for encrypted data
• Amber Rudd: ‘I don’t need to understand encryption to understand it’s helping criminals’

Having run through the government’s concerns about encryption and why it is not satisfied with Facebook’s response to them thus far, the Home Office poses itself the question: “Would you consider legislation to address this issue?”.

Its response does not actually answer this query directly, but indicates that, before considering legislation, government will first pursue other avenues.

The fact sheet said: “Our preferred solution is to work with Facebook to ensure that it does not implement the proposals in a manner which would diminish user safety, and without including a means for law enforcement to obtain lawful access to the content of communications,” it said.

It added: "This is not exclusive to one company. However, risks to public safety from Facebook’s proposals are exacerbated in the context of a single platform that would combine inaccessible messaging services with open profiles, providing unique routes for prospective offenders to identify and groom our children.”

Getting the message 
The implementation of end-to-end encryption across Facebook – a measure designed to improve user privacy – will prevent the social network’s own security systems from accessing users’ messages. The technology is already used in the Facebook-owned messaging app WhatsApp and is now being rolled out across the company’s other platforms.

The government believes that making it more difficult to access and monitor private messages could prevent social networks – and law enforcement – from rooting harmful out content such as child abuse or extremism.  

“We are concerned that end-to-end encryption has created significant and avoidable barriers to companies being able to identify and prevent activity by terrorists, child abusers or serious criminals who are using their products or services to cause harm,” the Home Office said.

It added is thus far unsatisfied with Facebook’s proposals to make greater use of automated tools to monitor content to ensure security.

"We do not agree with the assertion that there is a binary choice between security and privacy"
Home Office

“Machine learning and artificial intelligence are a key element in advancing the detection of illegal material effectively,” the fact sheet said. “But they don’t take away the need for access to content. More than 99% of the content Facebook takes action against – both for child sexual exploitation and terrorism – is identified by its own safety systems and access to content, rather than by reports from users.”

The government concluded that, with the correct checks and balances, “law enforcement and other agencies must, in certain circumstances, be able to access data”.

It said that its suggestion of implementing so-called “exceptional access systems” – which the government claimed would be entirely controlled by Facebook – would not weaken users’ security.

“We do not agree with the assertion that there is a binary choice between security and privacy,” the Home Office said. “We assess that it is possible to develop a lawful, exceptional access solution which would not disproportionately increase cybersecurity risk or undermine individuals’ privacy.”