“There is not sufficient means to ensure that children enjoy the right provided in the Article 34(c) of the UN Convention on the Rights of the Child especially because of the rising use of end-to-end encryption.”
During the recent years data privacy has been the center of discussion especially because of the legislative reform regarding it in the European Union. The GDPR brought a lot of awareness and transparency to data privacy and the way data is being handled. However, the high demand for data privacy has its downsides since the use of encryption, especially end-to-end encryption is rising, and this is having a negative impact on law enforcement authorities’ ability to detect and investigate criminal activity like online child sexual exploitation. Because of this the question that arises is that is data privacy more important than law enforcement authorities’ ability to combat crimes that are happening by using encryption.
While the constant evolution of technology has created new possibilities, it has also created challenges. Criminal activity that happens online is a big problem because of the possibility of anonymity that technology brings to every user without the need to have great technological skills. This is an obstacle for law enforcement authorities. The use of encryption is not something completely new and the topic of law enforcement access to encrypted data has been discussed since the use of encryption started. Now when the focus is on data privacy which encryption is ensuring and the use of end-to-end encryption where not even the company providing the end-to-end encrypted communication can access the data the discussion on the accessing of the encrypted data has been brought up again.
The research made showed that at the moment there is not sufficient means to ensure that children enjoy the right provided in the Article 34(c) of the UN Convention on the Rights of the Child. When examining what would be the best possible solution for this problem the research showed that there is not a flawless solution for the problem and compromises need to be made. Legal hacking showed to be the best alternative at the moment. By using legal hacking, the law enforcement authorities would be legally allowed to hack data when needed and they would not need to rely on the technology companies’ help. In order to have legal hacking be the most effective alternative the law enforcement authorities need to have the means and methods to conduct it and to constantly keep up with the changes and updates made to encryption. The problem is that legal hacking would happen through exploiting zero-day vulnerabilities that companies are trying to fix, so these two actors would constantly have different aims.
Ideally law enforcement authorities and technology companies would work together to combat the crimes like online child sexual exploitation happening through using encrypted data but since the focus of the technology companies is on data privacy this cooperation is not happening in a way that is the most effective.”
Vera Pallasvesa , Intern
ENCRYPTION’S AND DATA PRIVACY’S RELEVANCE TO
ARTICLE 34 OF THE UN CONVENTION ON THE RIGHTS OF
THE CHILD, Bachelor’s thesis
Programme HAJB08/17, specialisation EU and International Law