UK Child Welfare Agency's Anti-Encryption 'Research' Ignored Everything It Didn't Want To Hear
from the when-'consulting'-just-means-'cherry-picking' dept
In late March, the UK’s National Society for the Prevention of Cruelty to Children (NSPCC) started injecting its anti-encryption views into the major papers via some press releases and statements claiming encryption was the “biggest threat to children online.” It also claimed its stance was supported by a soon-to-be-released report, which had gathered opinions and analysis from a number of stakeholders.
Its report debuted a few weeks later. Put together with the assistance of PA Consulting, the supposedly “balanced” report came to the conclusion the NSPCC arrived at earlier: end-to-end encryption is bad. That this wasn’t greeted with gasps of shock by readers and receptive journalists shows just how much the UK government’s disdain for encryption has gone mainstream. The NSPCC wasn’t saying anything new about encryption. It was simply saying what the UK government has been saying for years: it doesn’t care for encryption because it believes encryption aids criminals far more often than it protects innocent people, including the children the NSPCC claims to be so worried about.
The NSPCC presents its report as a research paper, but the list of stakeholders it actually chose to engage with guaranteed the report would result in the conclusions the child safety agency desired to see in print. As Barry Collins points out in his vetting of the report, the supposedly wide-ranging group of contributors was actually just a bunch of entities — many with ties to the UK government — which were already opposed to the deployment of end-to-end encryption by messaging platforms.
Here’s what the NSPCC said it was doing to compile this report:
“The NSPCC commissioned PA Consulting to collate the viewpoints of a broad range of stakeholders, representing civil society organisations, industry, law enforcement and governments, to identify potential mitigations and trade-offs that should be considered.”
And here’s what it actually did:
In total, PA Consulting interviewed 16 organisations when gathering evidence for the report, although it names only 15 of them. Only one of them could be described as a ‘civil society organisation’; six are from industry; seven are either law-enforcement, government (including the Home Office itself), or bodies that work for the protection of children; and one falls into the ‘other’ camp.
The industry members were apparently chosen for their willingness to echo the NSPCC’s narrative. Vivace says it’s a “consortium of the best and the brightest in the security industry.” Maybe that’s true, but it’s also funded by the UK Home Office, so it’s hardly an independent “consortium.”
Here are two of the other “industry” contributors:
Thorn “builds technology to defend children from sexual abuse”, and has vociferously opposed the introduction of end-to-end encryption on its own blog.
Crisp Thinking is a social-media monitoring company, who last year announced a partnership with INHOPE, “the global network combatting Child Sexual Abuse Material”, which works directly with law-enforcement agencies.
That leaves just a handful of contributors that aren’t already in favor of breaking encryption. And the single “civil society organisation” asked to contribute was Global Partners Digital. While Global Partners tends to be supportive of encryption and resistant to backdoors and other efforts to undermine user security, it’s hardly the most well-known of civil organizations when it comes to encryption policy and security research, as Barry Collins points out. Others like Privacy International, Big Brother Watch, and the Open Rights Group could have been asked for input, but weren’t.
Those who actually spoke out in favor of encryption were apparently sidelined by PA Consulting. One member contacted by the consulting firm summed up the experience this way:
In our work, we try to be constructive wherever possible. I was contacted by PA Consulting for an interview last September or October. And I think during that interview it was very obvious from the start that this wasn’t going to be a neutral technical analysis of encryption and the impacts that it has on different policy objectives, like tackling child abuse online.
It was obviously very much driven out of the desire by the NSPCC, I think, speaking quite frankly, to have a strong evidence base to justify their opposition to the use of end-to-end encryption.
The same went for comments going against NSPCC’s narrative when the draft was circulated to participants. Very little of what was said in opposition to the report’s slant made it into the final version.
If the UK government wants support for its anti-encryption efforts, it needs to do better than basically lying to people. The NSPCC has its duty to protect children. But it can’t do that job if encryption goes away. What protects adults (and, yes, criminals) also protects minors. Framing this disingenuous report as “research” is ridiculous. Undermining everyone’s security “for the children” is actually dangerous.
Filed Under: encryption, fear mongering, going dark, uk
Companies: nspcc, pa consulting
Comments on “UK Child Welfare Agency's Anti-Encryption 'Research' Ignored Everything It Didn't Want To Hear”
Why do governments insist on outlawing things that might aid criminals, as the result is that only criminals used the outlawed things. Such laws always hurt the law abiding more that they hurt the criminals. I.e. the UK ban on firearms means that competitive shooting is not a viable sport in the UK, while criminals can still get and use guns.
Re: Re:
According to government stats: In the year ending March 2019, there were 9,787 offences in which firearms were involved.
The 9,787 offences recorded in the latest year was less than half (59% lower than) the level recorded at its peak in the year ending March 2004 (24,094 offences).
•There were 33 fatalities resulting from offences involving firearms.
Given that the UK population is over 60 million, I think we’re fine without more guns so people can have shooting contests, go down to Asda with a sidearm or carry an ar-15 to stand near a polling place. As much as the right wing media ecosystem would like to pretend there are vast numbers of bad guys with guns out there, the figures don’t back it up.
Re: Re: Re:
In the UK it was, and still is for permitted weapons, illegal to carry them without them being in a case and unloaded, other than being somewhere where it is legal to use them. Also,it was illegal to transport an unloaded weapon, except in a carry case to and from where it could be used, or to/from a gunsmith. Shootings in the UK were and are rare, and most of those offences were license, transport or storage violations. Firearms had to be stored in a locked safe firmly attached to the building, along with a separate safe for the ammunition.
The idea of going down to Asda with a loaded firearm was only something an armed robber would consider, as was going to Asda with any firearm whether loaded or dissembled in a carry case was illegal.
They had a conclusion in mind and went looking for a thesis to back it up.
This comment has been flagged by the community. Click here to show it.
Re: Re:
Thank you so much for reiterating exactly what’s in the article! How could we have known that’s what they did without your brilliant synopses that just tells us what the article said?! So valuable!!
Have you considered writing for Techdirt? You could save them SO MANY PIXELS by condensing all their articles into single sentences! Maybe you could tweet for them, like for a living!!
The reporting of this was actually even worse in the press here, for example the Telegraph claimed encryption would expose nearly 700,000 children to grooming.
They took that figure from the ONS which said nearly that amount of children had spoken to someone online they hadn’t met in person in the last year.
So the Telegraph seems to think any interaction with a child online is evidence of grooming. (And seems to ignore a fairly major reason why children may not have met up with people in the last year).
https://www.msn.com/en-gb/news/world/encrypting-social-media-chat-could-put-up-to-700000-children-at-risk-of-grooming/ar-BB1fJrac?ocid=BingNews
(Though those numbers at least don’t seem to have been plucked from the NSPCC’s report).
Re: Re:
If they unlock a child’s phone or computer, whatever is on there is bloody well decrypted.
Well...
In the US, that can get you elected president.
Why? Lying works in politics.
First you lie to yourself, and convince yourself that some single thing is The Most Important Thing. Then you come up with a bunch of Things to Do, and obviously they Must Be Done if they even might have any effect at all on The Most Important Thing. Even if none of them might have any effect, you still have to do them because Something Must Be Done.
And it doesn’t matter how much damage you do elsewhere, because no other issue is The Most Important Thing.
Then you like to everybody else. You exaggerate, you make wild accusations, whatever. If you want to ban mayonnaise, you say that mayonnaise is radioactive. Which you can justify because after all you’re dealing with The Most Important Thing here.
And, by the way, anybody who says anything that contradicts your lies, or even doesn’t promote your view, is scum. It is Not OK to say that mayonnaise is not in fact radioactive. After all, true or not, the idea that mayonnaise is radioactive might actually convince somebody to ban it, and that’s The Most Important Thing.
For these people, protecting children from any exposure to sexuality, especially in relation to adults, is The Most Important Thing. If those same children end up impoverished, oppressed, or dead, well, sorry, that’s just not as Important.
'We care about the truth... so long as it agrees with us.'
Nothing like engaging in ‘research’ where the desired finding has been decided ahead of time to show how much you truly care about the truth and getting the most accurate results as possible.
A good article, but it would benefit from one correction: the NSPCC is not a part of the government, as the last paragraph suggests. It’s actually an independent charity, albeit one with a fair bit of reach in the UK.
It does have former civil servant Peter Wanless as it’s CEO (and presumably other staff with ties to government), so it seems likely they’re pushing the anti-encryption narrative on behalf of vested interests, but — as far as I know — there aren’t any formal dependencies that would compel them to do so. The NSPCC is just as likely to be adding it’s voice on behalf of a high-paying donor, as anything else.
The NSPCC is (or should be) entirely free to speak as they wish, on this and any other subject. Unfortunately, while they’ve a long history of helping children to escape abuse — and helping the guilty to find justice — they also have a history of peddling nonsense, like the satanic ritual abuse scare that did the rounds some time back.
That the NSPCC have chosen to push the side of the latest fraudulent moral panic, rather than seek out anything resembling the truth, is sadly no surprise.
–
About those vested interests… this is somewhat speculative, but after reading this article, I can’t help but think of Oracle and their insane quest to obliterate Google at all costs.
There have been three massive lobbying and PR efforts directed against the internet in recent years — to abolish US net neutrality, get rid of Section 230 protections and ban encryption. Each virulently anti-consumer campaign seems to have had a similarly-distinct flavour of disinformation and lying, pushed forward with a similar level of misguided complaints, often coming from wide-ranging parties I wouldn’t normally expect to have an opinion at all.
While there’s little doubt that US telecoms were the biggest beneficiaries from the repeal of net neutrality, I can’t help but wonder how much behind-the-scenes activity was actually quietly organised by Oracle, who openly supported the campaign.
It’s not impossible for these three campaigns to use common methods to achieve similarly-situated goals, by any means — but the more I think about it, the more these campaigns seem more like the hand of just one player — or at the very least, a singular architect.
While each separate campaign serves the interests of any number of parties, there’s only one obviously-interested player that seems motivated and well-resourced enough to involve itself in all three at the same time — and they’re also the only ones who seem like a good fit for the kinds of multinational lobbying subsidies that would be involved.
I think the entire free world would benefit greatly from everyone taking a very, very close look at Oracle’s business, round about now.
Why? It worked for Brexit…
something something job depends on not understanding it.
Given the Washington DC just fell victim to a ransomware attack threating to release info about it’s confidential informants to local gangs, I wonder if they wished their information was protected by strong encryption.