Following our post yesterday on the Privacy vs Security Conundrum, we wanted to take a moment and highlight a perspective from a couple of zvelo partner organizations on the dark side of encryption. At zvelo, our mission is to make the internet safer and more secure. The Internet Watch Foundation (IWF), and the National Center for Missing and Exploited Children (NCMEC) provide a vital service to help support that mission by working to eliminate the spread of online child sexual abuse and exploitation.
In early August of this year, the IWF published an open letter expressing concern over new forms encryption which would inhibit the foundation’s ability to block child sexual abuse material. Prompting the IWF’s letter was a recent decision by Mozilla to introduce a spreading form of encryption into its Firefox browser using the DNS over HTTPS protocol (DoH). The IWF’s primary concern over the increased encryption is that it obstructs the organization’s ability to filter and block objectionable digital content, profoundly disabling its vision to globally eliminate the online imagery of child sexual abuse.
The IWF is not alone in its concern. The NCMEC is also impacted by the move towards greater encryption as it significantly undermines their efforts to protect children from being sexually exploited. These organizations, like many others dedicated to the same cause, are already at a disadvantage considering the lack of funding combined with an accelerating volume of imagery showing the sexual abuse of children and increasing encryption which empowers predators.
At the end of September, the New York Times published an article that details the staggering proliferation of imagery depicting child sexual abuse. The article shows that the number of reports for online child sexual abuse imagery surpassed 1 million in 2014. Last year, there were 18.4 million reports — those reports included more than 45 million images and videos flagged as child sexual abuse. While the article is disturbing to read, we do recommend reading it to gain a sense of the enormity and global scale of the issue.
To understand why encryption is an increasing concern for these organizations, it’s important to understand how they currently operate. For example, the IWF currently operates by using a blocklist which allows Internet Service Providers (ISPs) to block internet users from accessing known child sexual abuse content until it is taken down by the host country. In order for an ISP to block access to one of these sites, it has to be able to inspect the traffic. The move by Mozilla’s Firefox browser to increase encryption, prohibits the traffic inspection that makes it possible to block the offending site.
These organizations are not seeking to demonize, or stop the progression of technology by any means. Especially because there are numerous ways that the anonymity and protection encryption provides is critical to other aspects of human rights issues. Technology is, as it should be, agnostic to any global set of values and norms, culture or politics. However, our hope in presenting different perspectives is to highlight that these advances come with a human cost — on both sides of the issue.
Again, as we stated in our last post, we view the privacy vs security conundrum as a continuum, with privacy on one end and security on the other. Ideally, we would like to see a future where users would have the choice to consciously select where on the continuum they want to reside, balancing their privacy and security needs. For now, we continue to work within the existing framework and innovate to solve new problems created by evolving technology.