(WASHINGTON) — The Center for Democracy & Technology (CDT) today released a report that defines end-to-end encryption (E2EE) technology and looks at ways to moderate problematic content on E2EE platforms without stripping users of essential rights to privacy, free expression, and security.
Just days ago, Apple announced changes to its Messages service that make a reality of what CDT has long feared — the creation of backdoors that break E2EE.
“Apple has taken a deeply troubling approach to addressing the laudable goal of moderating unwanted content directed to children,” says Dhanaraj Thakur, CDT Research Director and author of the new report, Outside Looking In: Approaches to Content Moderation in End-to-End Encrypted Systems.
“They claim that their Messages app will remain end-to-end encrypted after their proposed changes and incorrectly suggest that this is a privacy-protective way of addressing abusive content on E2EE services,” he says.
The CDT report clarifies what exactly end-to-end encryption means and what we should expect when a provider claims their service is E2EE. It then identifies two methods — user-reporting and meta-data analysis — that are useful in detecting unwanted content while still preserving the security and privacy guarantees of E2EE. It also identifies a variety of methods, including client-side scanning, that fundamentally violate the guarantees of E2EE.
“It’s extremely concerning that Apple chose to take these steps that effectively break E2EE,” says Thakur. “At CDT, we and many other civil society groups that work to protect human rights online have long advocated against proposals that undermine encryption because we know that secure encrypted communication is the backbone of privacy, free expression, and the security of today’s online commerce.”
For concrete examples of the risks resulting from Apple’s planned changes, see also What Could Go Wrong? Apple’s Misguided Plans to Gut End-to-End Encryption by Emma Llansó, Director of the CDT Free Expression Project.
CDT is a 25-year-old 501(c)3 nonpartisan nonprofit that works to strengthen individual rights and freedoms by defining, promoting, and influencing technology policy and the architecture of the internet that impacts our daily lives.