Revealed: UK Gov’t Plans Publicity Blitz to Undermine Privacy of Your Chats

The Home Office has hired a high-end ad agency to mobilize public opinion against encrypted communications — with plans that include some shockingly manipulative tactics

The UK government is set to launch a multi-pronged publicity attack on end-to-end encryption, Rolling Stone has learned. One key objective: mobilizing public opinion against Facebook’s decision to encrypt its Messenger app.

The Home Office has hired the M&C Saatchi advertising agency — a spin-off of Saatchi and Saatchi, which made the “Labour Isn’t Working” election posters, among the most famous in UK political history — to plan the campaign, using public funds.

According to documents reviewed by Rolling Stone, one the activities considered as part of the publicity offensive is a striking stunt — placing an adult and child (both actors) in a glass box, with the adult looking “knowingly” at the child as the glass fades to black. Multiple sources confirmed the campaign was due to start this month, with privacy groups already planning a counter-campaign.

“We have engaged M&C Saatchi to bring together the many organisations who share our concerns about the impact end-to-end encryption would have on our ability to keep children safe,” a Home Office spokesperson said in a statement.

Successive Home Secretaries of different political parties have taken strong anti-encryption stances, claiming the technology — which is essential for online privacy and security — will diminish the effectiveness of UK bulk surveillance capabilities, make fighting organized crime more difficult, and hamper the ability to stop terror attacks. The American FBI has made similar arguments in recent years — claims which have been widely debunked by technologists and civil libertarians on both sides of the Atlantic.

The new campaign, however, is entirely focused on the argument that improved encryption would hamper efforts to tackle child exploitation online. A presentation attributed to M&C Saatchi notes that “some messaging platforms, including WhatsApp” already use end-to-end encryption, but want to oppose its extension.

The plans include a media blitz, campaign efforts from UK charities and law enforcement agencies, calls to action for the public to contact tech companies directly, and multiple real-world stunts — some designed to make the public “uneasy.” The presentation was produced to recruit potential not-for-profit coalition partners, so it is not clear whether or not each proposed action within was approved for the final campaign.

One key slide notes that “most of the public have never heard” of end-to-end encryption – adding that this means “people can be easily swayed” on the issue. The same slide notes that the campaign “must not start a privacy vs safety debate.”

Online advocates slammed the UK government plans as “scaremongering” that could put children and vulnerable adults at risk by undermining online privacy.

“The Home Office’s scaremongering campaign is as disingenuous as it is dangerous,” said Robin Wilton, director of Internet Trust at the Internet Society. “Without strong encryption, children are more vulnerable online than ever. Encryption protects personal safety and national security … what the government is proposing puts everyone at risk.”

In response to a Freedom of Information request about an “upcoming ad campaign directed at Facebook’s end-to-end encryption proposal,” The Home Office disclosed that, “Under current plans, c.£534,000 is allocated for this campaign.”

Requests for comment to the Home Office and to M&C Saatchi were not immediately returned. A spokesperson for the National Society for the Prevention of Cruelty to Children, one of the campaign partners mentioned in the presentation, told Rolling Stone, “This would be best directed to the Home Office press office I believe.”

The opening phase of the campaign is expected to launch within days. According to the presentation, the push will appear to be the result of grassroots action and children’s charities, while downplaying any government role.

“For the day of launch,” the presentation notes “we will publish a press notice announcing that the UK’s biggest children’s charity and stakeholders have come together to urge social media companies to put children’s safety first.”

This campaign would be targeted through an “agreed list of media outlets”, including “sofa programmes” such as Loose Women and This Morning for broadcast. The slide notes the project is “exploring a partnership” with the tabloid newspaper The Sun — the UK’s second-best selling newspaper.

This launch will, the presentation states, be accompanied by a digital counter in a public space, counting up to 14 million over the course of 24 hours — the number of incidents of potential exploitation the government believes could be missed as a result of expanded end-to-end encryption.

The Home Office has faced previous scrutiny over its behind-the-scenes roles in communications plans. It has run operations aimed at countering extremism and polarization, criticized by investigative journalist Ian Cobain for hiding the government role in the apparently spontaneous showing of solidarity by minority groups after terror attacks, for example.

The new campaign is likely to trigger similar concerns, especially as M&C Saatchi proposed several methods to get the public to engage directly with social media companies.

“[W]e are exploring a number of activations which would prompt action from both the coalition and the public … There is scope for this to involve a social media activation where we ask parents to write to Mark [Zuckerberg] via their Facebook status.”

Perhaps the most striking and unsettling action is planned for this stage, which M&C Saatchi states “will create a visual PR stunt.”

“A glass box is installed in a public space,” the presentation notes. “Inside the box, there are two actors; one child and one adult. Both strangers. The child sits playing on their smart phone. At the other end of the box, we see an adult sat on a chair also on their phone, typing away.

“The adult occasionally looks over at the child, knowingly. Intermittently through the day, the ‘privacy glass’ will turn on and the previously transparent glass box will become opaque. Passers by won’t be able to see what’s happening inside. In other words, we create a sense of unease by hiding what the child and adult are doing online when their interaction can’t be seen.”

One key aim of the exercise would, the document noted, be to “force Facebook to evaluate their sense of responsibility.”

End-to-end encryption is already built into many major messaging apps: WhatsApp (owned by Facebook) uses it by default, as does Apple’s iMessage, as well as independent apps like Signal and Telegram.

Facebook has been planning to extend this default to its Messenger app — which appears to have become a major focus of UK anti-encryption efforts. The plan also involves making personal appeals to Facebook’s founder, targeting him “as a father, not as a businessman.”

The letter will “outline the concerns of parents by sharing new sentiment gained from phase 1”, and considers getting a spokesperson to turn up with a copy of the letter to Facebook’s headquarters in London – suggesting they could ask to “speak to Mark.”

The UK government has been among the most strident in the democratic world in its opposition to end-to-end encryption — to an extent that has prompted a backlash even among some former senior security officials.

In a lecture last November, former chief executive of the UK’s National Cyber Security Centre Ciaran Martin criticized the Home Office’s rhetoric on encryption — and its broader approach.

“As well as choosing language designed to inflame even the most moderate opponent, this framing was also technically ridiculous. There was no proposal to “break” this near-unbreakable encryption, which hasn’t even been implemented yet by Facebook,” he said.

“In other words, the policy is technological ‘cakeism’— the government is trying to eat its lawful access cake while having end-to-end encrypted protection for citizens more generally … Most experts are highly doubtful, and believe the government is searching for the digital equivalent of alchemy.”

Big Brother Watch responds to new government anti-encryption campaign

Big Brother Watch Team / January 18, 2022

Responding to the launch of a new anti-encryption campaign from the Home Office, Mark Johnson, Legal and Policy Officer at Big Brother Watch said:

“The Home Office’s bizarre attack on end-to-end encryption is an attack on a technology that Government ministers use for communication every day. It’s disturbing to see such a cynical campaign launched in attempt to justify yet wider and deeper state surveillance of everyday, private conversations.

Our intelligence agencies and law enforcement already have extensive powers to gain total access to criminals’ phones and communications. But end-to-end encryption is crucial for protecting the safety and privacy of our chats en masse.

The ability to have a private conversation is a freedom we cherish in liberal democracies and it is vital that we safeguard it online as well as offline.”

I think it’s time I start learning how Tor works…

It is blatant that they don’t give two flying fucks about kids, but are manipulating people to give up their freedoms.

Turns out it is pretty easy to use. Good luck.

Yeah. Though in my case it’ll be something like Whonix, but at the moment I don’t have a spare machine kicking around…

One of the child safety organisations that are engaged with the Home Office in this charade are the Lucy Faithfull Foundation. Turns out one of their associated organisations (Blackbaud) was hit by a ransomware attack, and some donor/member information was leaked. According to the Lucy Faithfull website, Blackbaud actually paid the cybercriminals:

The data that might have been affected from our database includes some details related to donors and individuals who have signed up to receive newsletters from us. This data could include: names, contact information including telephone numbers, email addresses and mailing addresses; a history of donor relationships such as donation amounts and dates, events people have attended, and only where we have recorded that information on our database.

To protect personal customer data, Blackbaud have stated that they paid the cybercriminal’s demand with confirmation that the removed copy had been destroyed. They state that based on the nature of the incident, their research, and third party (including law enforcement) investigation, there is no reason to believe the data went beyond the cyber-criminal, was or will be misused; or will be disseminated or otherwise made available publicly. However, as is the case with any cybercrime, it cannot be entirely ruled out that personal information of some of our supporters may have been subject to unauthorised access.

So, here they are, having been victims of a data-breach, and now they’re campaigning to weaken encryption.

what kind of matter do they have in their heads? They paid cybercriminals and they were promised to have the data destroyed? Right. I don’t know what kind of criminal would be so honorable as to hold to their word like that.

Typical hypocrites. No wonder they’re going along with the Home Office.

I’ve seen it suggested on a Twitter feed that the childrens’ charities involved should be boycotted, in terms of donations. If I lived in the UK or Ireland, they would never get another sou.

I am always suspicious of people who try to hard to appear as if they want to protect kids. Yes, we know, protecting kids is good. Why are they making a big fuss about something that to normal people is common sense? Oh, I know, maybe because they have something to hide. They act like they are guilty.

Whonix is tricky, and requires substantial hardware resources. You might with to consider using Tails instead. No matter what OS you run, you should learn how to use PGP.

What we’re seeing is an industrial approach to child-saving, at least on the Internet. All of these various organisations have a vested interest in whipping-up the hysteria. If child sexual abuse material were to disappear tomorrow from the Internet, they’d be out of jobs.

Hence why they are so eager to criminalize even writings and drawings, even adults that look young…

Unfortunately, where I live, that is already a fact of life, and has been for decades. As for adults that look young, that poses no problem unless images (still or moving) of them are described as underage.

Security
Privacy is for paedophiles, UK government seems to be saying while spending £500k demonising online chat encryption
So far we’ve got a pisspoor video and… er, that’s it
Gareth Corfield Thu 20 Jan 2022 // 15:06 UTC

Opinion - The British government’s PR campaign to destroy popular support for end-to-end encryption on messaging platforms has kicked off, under the handle “No Place To Hide”, and it’s as broad as any previous attack on the safety-guaranteeing technology.

Reported by us well in advance last year, [1] the £500k campaign aims to destroy public support for end-to-end encryption (E2EE) as part of a wider strategy.

That intends to make it easy for police workers and other public-sector snoopers to read the public’s online conversations without having to get prior permission or defeat privacy protections.

Judging by videos earnestly distributed by organisations supporting it, the No Place To Hide campaign (being run by ad agency M&C Saatchi) is much wider than merely targeting Facebook Messenger as was previously thought.

Do you know what end-to-end encryption means?

It could mean social media platforms no longer being able to detect cases of child sexual abuse and no longer being able to report it to the police.

Retweet to raise awareness of the dangers of end-to-end encryption.#NoPlaceToHide pic.twitter.com/Hs6itgRiJO
— Barnardo’s (@barnardos) January 18, 2022

Here the video’s contents reflect the police view of E2EE as a digital smokescreen that prevents them from trawling through conversations at random and seizing on anything they don’t like the look of. The message is clear: privacy is for paedophiles.

Inevitably, smart people have fought back – with one buying up an unclaimed domain name similar to the official No Place To Hide site and pointing those at informative material explaining the benefits of E2EE. Thus noplacetohide.uk goes to ex-Facebook chap Alec Muffett’s blog post titled “There are more and better ways to help kids, without destroying the future of internet privacy”. We note that other similar domains appear to be unowned at the time of writing.

Otherwise, the campaign is off to a slow and unnoticeable start. This may be deliberate, so its opponents tire themselves out before it ramps up, but as an exercise in spending £500k in public money for minimal effect it’s doing spiffingly so far.

E2EE is a force for good

Lest anyone reading this gets the idea that the UK government has a point about E2EE protecting paedophiles, the technology does far more than that and the government is deliberately omitting this information.

Your mobile banking app uses E2EE; online chats with HMRC are protected through E2EE; you’d no more have an unsecured web chat with the taxman’s helpdesk than read out your P60 in the middle of a shopping centre.

Your family WhatsApp group is protected through E2EE, too, which prevents nefarious people from trawling it for information they can use to target and harm you and your loved ones. Yet the British government wants such protections taken away, mainly because it means police then have to do less work.

Do all these online protections help paedophiles? As an unwanted by-product of all the good E2EE does, yes. As an imperfect analogy, road accidents kill thousands of people by accident every year. Yet nobody argues that roads should be closed to prevent those deaths.

Money spent publicly lobbying Facebook not to enable E2EE and demonising the tech itself is money better spent on public awareness campaigns about ways to report crimes, outreach to children, parental education on how to talk to (and supervise) children about using social media today – and who children should talk to if a strange adult suddenly tries to befriend them online.

Money spent with M&C Saatchi, famous for its long association with the Conservative Party as well as a long-running accounting scandal, certainly won’t hurt any police or civil service careers under today’s Conservative government – but that doesn’t sweep aside the fact this money has been wasted chasing a pointless target.

Demonising technology that has long been adopted as routine in the enterprise IT world is a road to nowhere, and an increasingly tech and security-savvy population simply aren’t going to buy into “think of the children” rhetoric for something that will make them less safe online. No matter how hard public-sector figures try to make this about child abusers. ®

[1] UK.gov is launching an anti-Facebook encryption push. Don't think of the children: Think of the nuances and edge cases instead • The Register

Security

UK.gov is launching an anti-Facebook encryption push. Don’t think of the children: Think of the nuances and edge cases instead

You can’t reduce such a vital issue to concern over paedophiles and terrorists

Gareth Corfield Wed 8 Sep 2021 // 13:44 UTC

Opinion - The British government is preparing to launch a full-scale policy assault against Facebook as the company gears up to introduce end-to-end encryption across all of its services.

Yet the backlash has already begun, showing that officials face a tooth-and-nail fight against their attempt to derail the rollout of end-to-end encryption on the anti-social networking site and others in the Facebook estate.

Prominent in details briefed to the news media this week (including The Register) were accusations that Facebook harbours paedophiles, terrorists, and mobsters and that British police forces would effectively be blinded to the scale of criminality on the social networking platform, save for cases where crimes are reported.

It’s a difficult and nuanced topic made no simpler or easier by the fact that government officials seem hellbent on painting it in black and white.

Government and law enforcement officials who briefed the press on condition of anonymity earlier this week* sought to paint a picture of the internet going dark if Facebook’s plans for end-to-end encryption (E2EE) went forward, in terms familiar to anyone who remembers how Western nation states defended themselves from public upset after former NSA sysadmin Edward Snowden’s 2013 revelations of illegal mass surveillance. The US National Centre for Missing and Exploited Children (NCMEC) generates around 20 million reports of child sexual abuse material (CSAM) every year, of which 70 per cent would be “lost” if E2E encryption were put in place, claimed British officials.

The government’s long-signalled push to deter Facebook from implementing E2EE comes, inevitably, at a significant cost to taxpayers: London ad agency M&C Saatchi has been hired at an undisclosed cost by the Home Office to tell the public that Facebook (and WhatsApp) harbours criminals. The ad campaign will run online, in newspapers and on radio stations with the aim of turning public opinion against E2EE – and, presumably, driving home the message that encryption itself is something inherently bad.

Other announcements due this week, from notoriously anti-encryption Home Secretary Priti Patel and intergovernmental meetings, will explicitly condemn Facebook’s contemplated rollout of E2EE.

Weighing it up

Unsurprisingly, given Facebook’s 42 million UK users (in 2017, according to the London School of Economics, PDF) there are indeed some criminals, and certainly criminal abusers using the site. Around 100,000 individuals are reportedly on the Sex Offenders’ Register at any one time, while government officials suggested to the press that potential child sex abuse offenders on Facebook are greatly in excess of that number.

Officials suggested that the greatest threat to child safety from Facebook is that abusers can discover a safe space that normalises the sharing of CSAM and helps encourage depraved newcomers onto the platform.

Looking at the drive from a prevention-is-better-than-cure perspective, implementing E2EE would disrupt the ability of Facebook itself to monitor chat conversations for concerning content; inherent in proper implementations of E2EE is the notion that the service provider cannot read the contents of messages. It would also disrupt the platform operators’ ability to scan for hashes of known child sexual abuse material (CSAM), for example by comparing hashes of new image uploads to watchlists maintained by the Internet Watch Foundation or the US’ National Centre for Missing and Exploited Children (NCMEC.)

These are not trivial concerns. If the current state of affairs helps catch and divert abusers, and those who may be sliding down the slippery slope towards creating and sharing CSAM, perhaps maintaining it has some merits that deserve an informed public discussion.

Mass hacking?

One consequence of E2EE on major social media platforms (and not just Facebook) may be an increased demand by government for weaponisable exploits against personal devices: that primarily means Android, iOS and Windows. It would also mean police forces having to make direct attempts to break into phones and computers in search of evidence, instead of having it brought to them on request by social media companies.

There are two ways of looking at that. One is to say that police and government ought to accept a new reality where they are constrained to operate within specific one-off warrants authorising hacking into a specified device. The last quarter of a century, where legislation controlling police searches of digital devices and cloud storage failed to keep pace with technology, is a blip against a long legal and historical tradition that kept police on a short leash when it came to searches and seizures.

On the other hand, officials talking to the press raised the spectre of vulnerability disclosure by governments drying up as frustrated law enforcement agencies hoarded vulns for their own use, out of public sight or legal control.

Yet, looking beyond the issue of paedophiles that British government officials want the public conversation to focus on, implementing end-to-end encryption (E2EE) also makes it far more difficult to implement population-scale mass surveillance of the type exposed by NSA whistleblower Edward Snowden in 2013.

Not only that, but in an era where hostile foreign countries actively hack large stores of personal data for their own purposes, placing encryption barriers in their way is no bad thing. So far, we don’t know the implications of countries such as China and Russia sharing and dissecting Westerners’ personal details, but doubtless it’s nothing positive.

Officials were grave when The Register asked what their Plan B was if Facebook shrugs off the publicity blitz and implements E2EE anyway. One said we’ll still hear the stories of children targeted by abusers, but not “in sufficient time that we can intervene.” Rather than being proactive, we’re told, police forces would end up being reactive, responding to reports instead of proactively patrolling what they see as the digital streets of the modern era.

Yet that focus may mean that crucial nuance and balance in this debate gets missed. While taxpayer-funded messaging bombards us with “think of the children” over the next few months, think instead of what else E2EE encryption brings – both its upsides and its downsides.

A poorly informed decision hastily reached on the basis of one-sided information is no decision worth making. ®

Bootnote

*Of those who spoke to journalists this week, about half have previously gone public and declared their opposition to end-to-end encryption.

Government officials routinely brief friendly news outlets under condition of anonymity, ruthlessly exploiting British political journalism’s convention that official mouthpieces are never named and are usually referred to, obliquely, as “Whitehall sources”. A true source – a whistleblower, or someone who tips off the media about wrongdoing – usually becomes a “person familiar with the matter” or isn’t referred to in reporting at all.

They tried something similiar here a couple of years back , but failed. Wanted to implement a Banner that blocks site that contain CSAM and display a warning and abolish E2EE citing radicalism. Good it failed, because French is a perfect example how such a Banner can trivialize actual abuse when used for Hentai sites. They didn’t expect public to be so up in arms against it