The Senate Judiciary Committee came head-to-head with an all-star lineup of tech titans recently to discuss the widespread proliferation of child sexual abuse material (CSAM) on their platforms. But while senators raised a variety of concerns, end-to-end encryption received almost no airtime, with only one senator and one social media company raising the issue.
Despite the lack of attention, encrypted messaging remains the single greatest barrier to law enforcement action against those who commit online crimes.
Social media companies are increasingly adopting end-to-end encryption to provide better privacy protection to users. Indeed, law enforcement has praised end-to-end encryption to prevent identity fraud and theft. But too often the technology translates to a complete lock-out of law enforcement.
A company can effectively block law enforcement from obtaining evidence, even by court-ordered wiretap or search warrant. This obscures law enforcement’s ability to prevent and prosecute crimes — particularly those crimes that are frequently committed on social media and messaging apps, such as child sexual exploitation, terrorism-related offenses and drug trafficking.
Even Discord CEO Jason Citron acknowledged this risk during the hearing, saying end-to-end encryption “blocks anyone including the platform itself from seeing users’ communications.”
“It’s a feature on dozens of platforms but not on Discord. That’s a choice we’ve made,” he said. “We don’t believe we can fulfill our safety obligations if the text messages of teens are fully encrypted because encryption would block our ability to investigate a serious situation, and when appropriate report to law enforcement.”
It is true. If the social media companies themselves cannot access encrypted data, it is impossible to believe law enforcement could gain access to criminal evidence.
Nonetheless, in December, Meta announced its decision to make end-to-end encryption the default setting across its messaging platforms. This decision comes among widespread concern by law enforcement and victim advocacy groups that the move will severely diminish the ability of law enforcement to investigate and prevent dangerous and violent offenses, such as child sexual abuse and terrorism.
An international alliance of 15 law enforcement agencies dedicated to addressing global threats from child sexual abuse, named the Virtual Global Taskforce, which includes the Federal Bureau of Investigation and Immigration and Customs Enforcement’s Homeland Security Investigations, described Meta’s decision as a “purposeful design choice that degrades safety systems and weakens the ability to keep child users safe.”
The taskforce shared the story of David Wilson, one of the most prolific child sexual abuse offenders the UK’s National Crime Agency has ever investigated, who used Facebook to contact and groom thousands of children. He created fake profiles pretending to be a teenage girl to manipulate victims into sending him sexually explicit material of themselves. Victims were sometimes blackmailed into abusing their friends and siblings, and were frequently traumatized by the experience.
The UK National Crime Agency was able to successfully prosecute Wilson because law enforcement was able to access the evidence contained within over 250,000 messages through Facebook.
End-to-end encryption makes investigations like these all but impossible. Still, Meta CEO Mark Zuckerberg acknowledged during the hearing that minor users have access to encrypted messaging across their various platforms, such as WhatsApp.
Previously, Meta had been one of the largest reporters of CSAM material online. But like Google and Apple, who previously routinely provided law enforcement access to data on mobile phones when under a court-ordered search warrant, the move toward encryption has locked out law enforcement.
Meta’s response? According to its safety strategy, “[L]aw enforcement may still be able to obtain this content directly from users or their devices.” Essentially, Meta expects law enforcement to request data on criminal activity from the criminals themselves.
Meta, along with other social media companies in attendance at the hearing, claim they are using artificial intelligence and other technology innovations to identify and remove predators online. While these are commendable steps, they are not a substitute for criminal prosecution.
Ultimately, public safety should not be entrusted to a private company. Law enforcement must have a process for obtaining lawful access to encrypted data.
Senators raised various proposals to hold technology companies accountable for the harm occurring on their platforms during the hearing, such as the EARN IT Act, which would create targeted exceptions to Section 230 of the Communications Decency Act of 1996 to remove blanket immunity from civil and criminal liability under child sexual abuse material laws. Similarly, the SHIELD Act would establish federal criminal liability for those who engage in acts of “revenge porn” by sharing sexually explicit or nude images without consent.
However, these bills are just a band-aid for a problem that requires a comprehensive solution — companies must provide law enforcement access to encrypted data, in much the way the Communications Assistance for Law Enforcement Act requires telecommunications carriers and manufacturers of telecommunications equipment to design their equipment, facilities and services to ensure that they have the necessary capabilities to comply with legal requests for information.
Despite widespread bipartisan support, technology companies have dedicated significant time and resources to opposing law enforcement access to encrypted data. Congress must stand up to big tech’s efforts to lock out law enforcement. Companies cannot take profits without taking accountability, and these tech companies must be held responsible for the technology they create and the expanded opportunities for crime activity that has blossomed as a result.
Steven Wasserman is national president of the National Association of Assistant U.S. Attorneys (NAAUSA), a nonpartisan organization representing the more than 6,000 federal prosecutors and career civil attorneys across the nation’s 94 U.S. attorney offices.