Tech Against Terrorism is delighted to launch its report on "Terrorist Use of End-to-End Encryption: State of Play, Misconceptions, and Mitigation Strategies".
You can access the report here and the executive summary here.
This report provides a comprehensive overview of the risks and mitigation strategies related to the abuse of services offering end-to-end encryption (E2EE) by terrorists and violent extremists, and outlines recommendations for governments and tech companies.
To counter criminal use of E2EE, we need to go beyond the “encryption debate” which juxtaposes a misperception of E2EE features causing or leading to criminal and/or terrorist activity on one side against heavy handed interventions that risk harming security protocols and the right to privacy on the other. Instead, countering criminal use of E2EE should be done alongside the safeguarding and strengthening of online security protocols.
Key findings from the report:
- User concerns over online privacy and misuse of data have driven an increase in E2EE offering by online service providers in particular messaging services. As a result, most leading messaging services now offer E2EE as a default or opt-in.
- Despite user demand for E2EE, policymakers and law enforcement agencies have made calls to reign in E2EE use, often motivated by concerns over criminal exploitation of E2EE technology. For example, governments have called for the introduction of so-called backdoors to counter terrorist use of E2EE and have asked that companies monitor their platforms to detect child sexual abuse material.
- Encryption experts, digital rights advocates, and tech companies all agree that there is no safe backdoor to encryption. Any backdoor would create more security risks, including for individual users, than it would solve. Any friction in the message transmission chain, or security vulnerabilities in the encryption protocol, risks being exploited by adversarial (state and non-state) actors.
- Backdoors to and monitoring of encrypted communications raise significant jurisdictional questions and present a significant infringement on the fundamental right to privacy.
- Legal requirements for backdoors or monitoring will set a dangerous precedent for online privacy.
- Contrary to the rationale underpinning policymakers’ calls for backdoors, E2EE is not in and of itself a crucial feature for terrorists when deciding to establish themselves on an app or platform. Terrorists assess several features of platforms before deciding to establish a presence, including usability, stability, security, and audience reach.
The report was commissioned by Facebook. All findings represent Tech Against Terrorism’s independent analysis and research.