No duty to restrict end-to-end encryption under child protection rules

End-to-end encryption is applied in various communication services. It provides secure communications and affords its users privacy. However, encryption also makes it difficult for law enforcement to detect and investigate the distribution of images of child sexual abuse via these services. In this report, the ILP Lab investigates whether states have a positive obligation to restrict encryption for this purpose, taking into account its obligations to protect children’s rights.

The existence of a positive obligation depends on various factors, but ultimately comes down to finding a fair balance between competing interests. Given the impact of restricting encryption on other societal interests, it cannot be argued that the governments can oblige companies to enable access to the content of end-to-end encrypted messages to combat online child sexual abuse. Fortunately, this is not a zero-sum-choice, as there appear to remain opportunities to fight the online sexual abuse of children, while still protecting the right to data protection and the right to private life.

The report was drafted by Sarah Chen and Sarah Stapel.