In October 2019, Meta commissioned BSR to undertake a human rights assessment of extending end-to-end encryption across Meta’s messaging services. Today we are delighted to publish both the full assessment and an executive summary and thank all the stakeholders, experts, and participants at Meta for their contribution.
Meta’s public response to the assessment indicates that the company intends to implement the majority of our recommendations while continuing to explore the feasibility of several others.
Many of the human rights impacts associated with end-to-end encrypted messaging are system-wide and whole of society issues that exist beyond end-to-end encryption, so cannot be addressed by Meta alone. We hope that publishing this assessment makes a constructive contribution to collaborative efforts dedicated to human rights-based approaches for end-to-end encrypted messaging services.
The full assessment requires extensive reading—over 100 pages—so we would like to summarize a few key points for readers. First, we believe that a human rights-based approach can bring much needed nuance to the debate around encryption. Today’s encryption debate often pits two opposing groups against each other, with privacy on one side and security on the other. However, the reality is complex, with privacy and security concerns on both sides, and many other human rights that are impacted both positively and negatively. In this assessment, we considered impacts on all human rights, assessed the connectivity between rights, and emphasized the interests of vulnerable groups.
Second, end-to-end encryption is increasingly important to protect human rights, especially in the context of rising digital authoritarianism, increasingly sophisticated digital security threats, and the growth of sensitive communications online. This is especially important for human rights defenders, journalists, political activists, women, children, refugees, migrants, and members of the LGBTQI+ community. Furthermore, privacy and security while using online platforms should not only be a privilege of the technically savvy, but something that is democratized and available to everyone—a factor that is especially important in the context of Meta’s more than 2.8 billion users.
Third, expanding end-to-end encryption across Meta’s messaging platforms will address adverse human rights impacts arising from today’s absence of ubiquitous end-to-end encryption and result in the increased realization of a diverse range of human rights; including privacy, physical safety, freedom of opinion and expression, freedom of religion and belief, freedom of assembly and association, access to remedy, and participation in government.
Fourth, end-to-end encryption can make the human rights risks of messaging platforms more difficult to detect, such as child sexual abuse and exploitation, hate speech, harmful mis/disinformation, human trafficking, illicit goods sales, and terrorism and violent extremism. BSR provides advice in the assessment on how to address these risks, including recommendations for products (e.g., reporting channels), process (e.g., detecting behavioral signals), product policy (e.g., community standards), and public policy (e.g., advocacy and law enforcement relationships).
A key debate exists today around whether certain technical solutions should be used to proactively detect problematic content, such as child sexual abuse material on end-to-end encrypted messaging platforms. These solutions are generally referred to as “client-side scanning,” and leverage a user’s device to scan for the presence of certain harmful content and report that content to third parties such as the messaging service provider or law enforcement.
Here we conclude that the deployment of client-side scanning technologies as they exist today should not be pursued, as doing so would undermine the cryptographic integrity of end-to-end encryption and constitute a disproportionate restriction on privacy and a range of other human rights. We also conclude that theoretical approaches to client-side scanning in the context of a messaging service that are not feasible with current technology, such as homomorphic encryption, would also pose important human rights risks that would need to be explored and adequately addressed before any implementation.
However, we make recommendations of alternative measures that can be used to address child safety risks, including a holistic child rights strategy that encompasses user reporting and education, data analysis, and behavioral signals, among many other elements.
It is here that BSR and Meta reach a slightly different view. BSR recommends continued research into client-side scanning in search of methods that can preserve cryptographic integrity and achieve child rights goals in a manner consistent with the principles of necessity, proportionality, and non-discrimination (i.e., continued due diligence), while Meta believes that any form of client-side scanning is fundamentally incompatible with an end-to-end encrypted messaging service. However, we believe that both positions are reasonable and defensible on human rights grounds and note that Meta and BSR are in firm agreement that client-side scanning should not be deployed today.
This human rights assessment, and the mix of risks and opportunities it has surfaced, has been fraught with ethical challenges, complex dilemmas, and difficult human rights tensions for which there are no easy answers. The world is moving in a direction where end-to-end encryption is becoming increasingly essential for the protection of human rights, and we hope that this assessment makes a significant contribution to how rights-respecting approaches to the deployment of end-to-end encryption can take shape.