GCHQ experts explain how to tackle online child sexual abuse despite end-to-end encryption | Scientific and technical news

Two senior technical directors at GCHQ, Britain’s cyber intelligence agency, have published a new article analyzing how tech companies could protect children from online sexual abuse.

The impact of child sexual abuse can last a lifetime, even if the abuse takes place online. Research by the Independent Inquiry into Child Sexual Abuse found that survivors often suffer from serious physical and mental health problems later in life.

One of the challenges in combating such online abuse is the growing number of services offering end-to-end encryption, a technology that often undermines existing security features that many companies use to detect child pornography material.

But without using end-to-end encryption, any hacker or even legal authority — and possibly even courier company workers — who could access the service’s internal controls would be able to read those messages.

Read more: Danielle Armitage waives her anonymity to warn others about what happened to her when she was just 14

Image:
Danielle Armitage was groomed online and abused in person

The new paper is authored by Dr Ian Levy, technical director of the UK’s National Cyber ​​Security Center (NCSC) – part of GCHQ – and Crispin Robinson, technical director of cryptanalysis at GCHQ, both trained mathematicians and career intelligence officers whose job it is to tackle online child sexual abuse.

They describe seven “evil archetypes” to frame the problem in a new way, covering everything from children cared for by delinquents to adults sharing indecent images of children in shock, and note how each of these harmful behaviors has a particular technical profile that can be approached in a specific way.

“Child sexual abuse is a social problem”

In particular, he recommends revisiting a recent controversial proposal for Apple of preventive scan of all iPhones for child sexual exploitation material (CSAM) as a potential solution to some harms, if properly designed to protect against others.

The main fear among academics and security experts was that Apple’s system could be modified to search for non-CSAM images that might be of interest to government authorities. The company afterwards indefinitely delayed Proposal.

Although the 67-page document is not meant to represent UK government policy, the authors acknowledge that they hope to contribute to the development of policy to tackle online abuse globally.

It comes as the Government’s Online Safety Bill faces a major delay in part due to criticism over its unscientific approach to defining the harms internet users can suffer online.

The document was completed long before the postponement of the bill was announced.

It comes as the government proposes to include an amendment that will give regulators the power to force tech companies to stop child sexual abuse on their platforms.

Dr Levy and Mr Robinson write: “Child sexual abuse is a societal problem that was not created by the internet and tackling it requires a response from all of society.

“However, online activity allows offenders to expand their activities in unique ways, but also enables entirely new online-only harms, the effects of which are just as catastrophic for victims,” ​​they add.

“We hope that this paper will contribute to the debate on combating child sexual abuse on end-to-end encrypted services, by clearly exposing the details and complexity of the problem for the first time.”

Read more: Record levels of online child sexual abuse in 2021, says internet watchdog

The 'zero click' exploit affects all phone operating systems

“The obstacles to child protection are not technical”

The authors say the problem is “much more complex than other government needs, such as exceptional access” in reference to a previous collaboration in 2018.

Then the couple wrote an article for Lawfare, a popular US national security blog, calling for a “more informed” debate about end-to-end encryption and the “exceptional access” that law enforcement has to offer. might need for these services.

They proposed as a solution at the time to secretly introduce another end to these messaging services, ensuring that law enforcement could access the communications.

It was just a hypothetical proposal, but it turned out to be extremely controversial and was not adopted by most platforms that offer end-to-end encryption.

It successfully provoked dozens of high-profile articles discussing the merits of the idea, academia, civil society and industry – although most of them were critical and did not offered no solution to the described problem.

The authors hope their new article invites more constructive engagement.

Andy Burrows, who leads child online safety policy at the NSPCC, described the paper as an “important and highly credible intervention” that “breaks the false binary that children’s fundamental right to online safety cannot be achieved only at the expense of adult privacy”.

“The report demonstrates that it will be technically possible to identify child pornography and grooming in end-to-end encrypted products. It is clear that the barriers to child protection are not technical, but driven by technology companies who do not want to develop a regulation for their users.

“The Online Safety Bill is an opportunity to tackle industrial-scale child abuse. can incentivize businesses to develop technical solutions and provide more secure and private online services.”

About Hannah Schaeffer

Check Also

Sky Sports will no longer broadcast IShowSpeed ​​after misogynistic comments emerge

Sky Sports will no longer be collaborating with YouTuber ‘IShowSpeed’ in the future after his …