Nevada sues to deny kids access to Meta’s Messenger encryption – Source: go.theregister.com

A law firm acting on behalf of the Nevada Attorney General Aaron Ford has asked a state court to issue a temporary restraining order (TRO) denying minors access to encrypted communication in Meta’s Messenger application.

The motion for a TRO follows AG’s Ford announcement of civil lawsuits on January 30, 2024 against five social media companies, including Meta [PDF], alleging the companies deceptively marketed their services to young people through algorithms that were designed to promote addiction.

Nevada was not a party to the two multi-district lawsuits filed against Meta last October by 42 State Attorney General over claims that the social media company knowingly ignored evidence that its Facebook and Instagram services contribute to the mental harm of children and teens. Meta, which lately has been investing in virtual reality and large language models, is also being sued by hundreds of school districts around the US.

The Nevada court filing to obtain a TRO follows from AG Ford’s initial complaint. The legal claim cites a statement from the National Center for Missing and Exploited Children that argues Meta’s provision of end-to-end encryption in Messenger “without exceptions for child sexual abuse material placed millions of children in grave danger.”

The initial complaint’s presumably supporting claims, however, have been redacted in the publicly viewable copy of the document.

The motion for a TRO, which also contains redactions, contends that Meta – by encrypting Messenger – has thwarted state officials from enforcing the Nevada Unfair and Deceptive Trade Practices Act.

“With this Motion, the State seeks to enjoin Meta from using end-to-end encryption (also called ‘E2EE’) on Young Users’ Messenger communications within the State of Nevada,” the court filing says.

“This conduct – which renders it impossible for anyone other than a private message’s sender and recipient to know what information the message contains – serves as an essential tool of child predators and drastically impedes law enforcement efforts to protect children from heinous online crimes, including human trafficking, predation, and other forms of dangerous exploitation.”

Meta enabled E2EE by default for all users of Messenger in December 2023. But according to the motion for a TRO, “Meta’s end-to-end-encryption stymies efforts by Nevada law enforcement, causing needless delay and even risking the spoliation of critical pieces of necessary evidence in criminal prosecutions.”

The injunction, if granted, would require Meta to disable E2EE for all Messenger users under 18 in Nevada. Presumably that would also affect minors using Messenger who are visiting the Silver State.

In a Mastodon post, Riana Pfefferkorn, research scholar at the Stanford Internet Observatory, said, “I believe this is the biggest attack on encryption in the United States since 2016.”

That year, the FBI – which has long complained that encryption leaves its investigators in the dark – sought to force Apple to build a version of iOS to help bypass iPhone encryption. The US Justice Department ultimately backed down when the feds gained access to the device at issue through a private sector security firm. But the desire by government officials to have encryption that, for the right people, isn’t encrypted, goes back decades to the battle over the Clipper Chip and lives on in proposals like Europe’s Chat Control.

• Apple promises to protect iMessage chats from quantum computers
• Cutting kids off from the dark web – the solution can only ever be social
• Internet’s deep-level architects slam US, UK, Europe for pushing device-side scanning
• Meta starts rolling out end-to-end encryption in Facebook Messenger

Matt Blaze, a professor of computer science and law at Georgetown University who in 1994 found a flaw in the Clipper Chip, said “It’s worth noting that it’s not actually the encryption that they seem to object to, which only would hinder real-time interception. It’s the failure to make a surreptitious, permanent third party record of otherwise ephemeral communications for the potential future convenience of a law enforcement investigation.”

Pfefferkorn told The Register “Prohibiting Nevadan children, and only Nevadan children, from having end-to-end encryption for their online communications would not help children’s safety, it would undermine it. Banning children in Nevada from having E2EE means giving some of the state’s most vulnerable residents less digital privacy and cybersecurity than everyone else.

“The FTC and other state attorneys general, such as California’s, have long been clear that it is a consumer protection violation for companies not to give users adequate digital privacy and security – and strong encryption is the gold standard means of doing that. It’s therefore puzzlingly backwards for the Nevada attorney general to argue that Meta is violating Nevada consumer protection law here.”

A hearing to consider the motion began on Monday and no decision had been reached at the time this article was filed.

Meta and the Office of Attorney General Ford did not immediately respond to requests for comment. ®