At a glance.
- Global law enforcement agencies urge Meta to halt its encryption plans.
- EFF says UN Cybercrime Treaty could threaten privacy rights.
- US lawmakers propose cybersecurity legislation for schools.
Global law enforcement agencies urge Meta to halt its encryption plans.
While many messaging platforms boast End-to-end encryption (E2EE) as a means of ensuring the user that their messages can not be seen by prying eyes, lawmakers say encryption allows cybercriminals and other wrongdoers to exchange unlawful materials – including those that are harmful to children – while evading detection by law enforcement. Ars Technica reports that the Virtual Global Taskforce, a consortium of fifteen law enforcement agencies from around the world, yesterday posted a statement on its website calling for tech giant Meta to abandon its encryption plans for its Facebook and Instagram messaging platforms. The statement reads, "The announced implementation of E2EE on Meta platforms Instagram and Facebook is an example of a purposeful design choice that degrades safety systems and weakens the ability to keep child users safe.” The task force, which includes the US Federal Bureau of Investigation and Europol, adds, “Meta is currently the leading reporter of detected child sexual abuse to NCMEC [The National Center for Missing & Exploited Children]" and notes that Meta has not implemented any safety systems that can effectively prevent harmful content from being exchanged on its platforms. In a response to the task force’s message, Meta stated their plans for E2EE are still on track to be completed by the end of this year. “We don't think people want us reading their private messages, so have developed safety measures that prevent, detect and allow us to take action against this heinous abuse, while maintaining online privacy and security,” Meta stated. “As we continue to roll out our end-to-end encryption plans, we remain committed to working with law enforcement and child safety experts to ensure that our platforms are safe for young people.”
EFF says UN Cybercrime Treaty could threaten privacy rights.
Earlier this month the UN Cybercrime Convention gathered in Vienna for its fifth session to negotiate a UN Cybercrime Treaty, and the Electric Frontier Foundation (EFF) offers an overview of what the treaty could mean for the future of global cybercrime law. The draft treaty adds more than thirty criminal offenses and broadens police authority for cybercriminal investigations. The EFF argues that these laws could be abused to violate citizens’ privacy rights, particularly those of human rights activists. For instance, a treaty provision could make insulting a person or religion online a criminal offense, but such a rule could be used to suppress freedom of speech. Depending on how this provision is implemented, individuals posting content historically protected under international law could be penalized. As well, the EFF says, the draft treaty could threaten individual privacy rights and the right to a fair trial by allowing authorities to share user data with government officials, including those of other countries, without user knowledge. This could go as far as forcing tech companies to provide access to secured computers and data or provide assistance in breaking encryption or other security measures. The EFF also argues that proposed provisions regarding government surveillance powers are far too vague and could allow for unbridled spying on citizens even across borders.
US lawmakers propose cybersecurity legislation for schools.
In an effort to combat the increase in cyberattacks targeting learning institutions, a bipartisan and bicameral group of US lawmakers have reintroduced legislation aimed at bolstering the cybersecurity of American K-12 institutions. Sponsored by Representatives Doris Matsui and Zach Nunn and Senators Marsha Blackburn and Mark Warner, the Enhancing K-12 Cybersecurity Act would give educators increased access to cybersecurity resources and strengthen the cyberattack tracking process. The Cybersecurity and Infrastructure Security Agency (CISA) would be required to implement “a cybersecurity information exchange to disseminate information, best practices and grant opportunities to improve cybersecurity” for both primary and secondary schools. The bill also calls for CISA to establish a K-12 cybersecurity technology improvement program that would be allocated $10 million per year for fiscal years 2024 and 2025. In regards to tracking, the legislation calls for CISA to create a K-12 cybersecurity incident registry in order to enhance CISA’s data collection efforts “to coordinate activities related to the nationwide monitoring of the incidence and financial impact of cyberattacks.” As Nextgov.com explains, the legislation was first introduced in 2020 but never made it to a full House vote. Blackburn issued a statement saying, “We must ensure that our education sector is equipped to address these threats and keep students’ personal information private. This bipartisan and bicameral legislation will improve the cybersecurity tracking system for schools and provide them with necessary training resources and best practices for prevention.”