More on the risks associated with strong encryption

I hope someone in Facebook reads this and passes a message up the line. I am sure it will only add to the substantial number they have already received on exactly the same point.

Cho Joo-bin lives in South Korea. As he was led out of a police station in Seoul yesterday  Cho Joo-bin thanked law enforcement officers for

“… ending the life of a demon that I couldn’t stop.”

I suppose it is good to hear Cho Joo-bin acknowledges the terrible nature of the things he has done but what exactly did he do and who helped him do it?

Jobs as bait

On the internet he advertised jobs designed to attract women. The jobs were fake. Cho Joo-bin used them as a lure to get the women to make  sexually explicit video clips in return for a big payout.

Once he got hold of the compromising images they were used as a blackmailing tool, threatening to release them online or to their friends and relatives unless the women supplied increasingly dehumanizing and even violent footage. In some of the videos victims had carved the word “slave” on their bodies.

Mr Cho Joo-bin then sold the video clips and pictures on an encrypted network and received payments using cryptocurrencies. According to the South Korean police Cho Joo-bin’s arrest related to 74 women, 16 of whom were minors. They were said by the police to be held in some form of “sexual slavery”.

Part of Cho Joo-bin’s method was to attract paying customers with “trailer” clips in Telegram (encrypted) chat rooms and charge them when they demanded more sexually explicit or perverted material.

In the course of their investigations South Korean police uncovered a network of over 250,000 individuals using what they call “Nth rooms”, encrypted spaces which provide users with a sense of impunity for criminal behaviour covering a broad spectrum of crimes. Seemingly the  cops only got on to Cho Joo-bin through the arrest of a third party.

Imagine this

You have a famous-brand platform. It is huge and has a cuddly, friendly image. The platform’s owner talks about safety a great deal and tells you (“asks you to take on trust”) his company does a lot to police and keep their virtual spaces safe. Your parents use it and even though it’s not your main App you wander about it from time to time. What could possibly go wrong?

This same famous-brand platform has a messaging service closely linked to it. The messaging service even shares the same name.  Could anyone imagine, could a child imagine, there  might be any kind of risk associated with moving seamlessly, via a couple of clicks, from one cuddly, friendly place to another, owned by the same cuddly, friendly company? Would they know they had moved from an unencrypted to an encrypted space, and what the implications of that are?

Only one answer

Nobody is asking for strong encryption to be abandoned. Everyone should know that as their messages move across a network or are stored, hackers and spies of any and every kind cannot get at them. But equally everyone should know that with proper legal authority their messages and online activities can be scrutinised.

Companies that cannot deliver a service that meets this standard should declare either that they will abandon it completely or that they intend to move to a new system where the same difficulty will not arise. And any company just thinking about adopting strong encryption should stop until they are sure they will be in the second category from Day 1.

About John Carr

John Carr is one of the world's leading authorities on children's and young people's use of digital technologies. He is Senior Technical Adviser to Bangkok-based global NGO ECPAT International and is Secretary of the UK's Children's Charities' Coalition on Internet Safety. John is now or has formerly been an Adviser to the Council of Europe, the UN (ITU), the EU and UNICEF. John has advised many of the world's largest technology companies on online child safety. John's skill as a writer has also been widely recognised.
This entry was posted in Child abuse images, Default settings, Pornography, Privacy, Regulation, Self-regulation. Bookmark the permalink.