Child Exploitation and the Crypto Wars

Susan Landau published an excellent essay on the current justification for the government breaking end-to-end-encryption: child sexual abuse and exploitation (CSAE). She puts the debate into historical context, discusses the problem of CSAE, and explains why breaking encryption isn’t the solution.

Posted on October 23, 2023 at 7:08 AM21 Comments


Mark October 23, 2023 11:04 AM

The biggest problem today is grooming on social media. It’s too easy for pedos to create fake accounts and target thousands of children online. Some of the examples I’ve seen in the news are truly disgusting and shameless. They will blackmail children into doing things on camera.

Combating grooming on social media will solve 90% of the CSAM problem. Right now, it’s too easy for a single adult to contact thousands of children on social media. Crippling E2EE does nothing to combat grooming.

There are ulterior motives here. The fediverse was flooded with CSAM shortly before this legislation was passed, the timing of which is no coincidence. It was a coordinated effort by those pushing this legislation, a deliberate action, not to combat CSAM, but to abolish E2EE. Those pushing this legislation are every bit as shameless as those who groom children on social media.

Clive Robinson October 23, 2023 1:04 PM

@ Bruce, ALL,

What was not noted and should be is that CSA has been with humanity for longer than we have records for[1]. And even untill fairly recently was accepted behaviour in much of the world (marriage of 10year olds to men well into advanced adulthood etc).

Thus it’s fairly safe to assume legislation and law enforcment action is not going to stop CSA or the communications of what legislation defines as CSAM. In fact we can predict what will happen with little doubt. That is CSA and the making of CSAM will,

1, Get driven further underground.
2, Become more harmful in just about every way imaginable.

Thus the communications of what the legislation regards as CSAM will continue regardless of any E2EE legislation.

As Claud Shannon proved back before the middle of the last century if a communications channel exists not only is “Perfect Secrecy” possible it can also be made impossible to detect by examining the channel due to the use of communications redundancy which is a necessity for information to be communicated.

Shannon’s work was later developed by others to give us the notion of,

1, Side channels
2, Covert channels
3, Subliminal Channels

That can convey other information within the communicated information. Thus at the communications of information level it will be impossible to stop CSAM being covertly communicated.

What Susan Landau, does briefly and indirectly mention is that the communications or message level is not the only one available to an observer. Again back before the middle of the last century Gordon Welchman developed the idea of statistical analysis of not the message and what but how it was communicated. These days we call it “Traffic Analysis” and it can be a very powerful tool.

However for good and proper reasons traffic analysis is not something that has a place in a traditional legal proceeding in a criminal court of law. Because you can not use it as evidence of what information is being communicated only that information that is unknown might have been transmitted. In effect it’s unqualifiable heresay, thus requires some other method of legaly acceptable qualification.

So we are in the position that every one should know by now of law enforcment trotting out a variation on “going dark”. Going dark was first trotted out back around half a century ago in the early to mid 1970’s after US “guard labour” got what some saw as a significant set back as things led upto the Church committee [2].

But what should be realised by all is that no matter what legislation is brought in, and no matter how much “collect it all” is used we can not stop CSA or the communications of CSAM.

Thus the secondary idea which is also guarenteed to fail is “source inspection”. People have been getting covert communications past censors for centuries and will continue to do so as long as they have even a very small degree of freedom to communicate.

In the early 1970’s Lampson gave us the idea of covert channels[3] and in the late 1970’s Gus Simmons published his ideas on “Subliminal Channels”[4]. Like the work of Hartley and Shannon before him it showed that certain things were not possible as long as redundancy in a communications channel existed. In the 1990’s the work of Adam Young and Moti Yung gave us Kleptography which extended the ideas even further[5].

But Simmons’ “The Prisoner Problem” neatly identifies not just the issue of communication covertly, but more importantly that even when fully observed it can not be stopped as long as communications of information is alowed.

Thus what appears as “source” plaintext can infact carry a covert channel. Anyone who went through the late 1990’s DRM “Watermarking” battle knows that techniques from the likes of “Direct Sequence Spread Spectrum”(DSSS) modulation and other similar “Low Probability of Intercept”(LPI) radio systems can be used on digital files that appear as plaintext.

Thus legislation mandating “tools” that can not exist not just in theory but practice is on the face of it doomed to failure.

Which means that either those proposing it are idiots that are scientifically and mathematically illiterate, or there is an ulterior motive hidden within. Whilst I can not disprove the former, the latter although not provable is on consideration more likely.

[1] It has been argued in the past that it is a genetic issue thus incurable. The basic argument appears to have been that humans have a series of inbuilt triggers with regards children to protect them. These triggers are a necessary eveloutionary response in humans due to the fact unlike many creatures humans are not born capable of surviving thus need protecting for the first decade or so of life whilst they learn. The argument goes on that in some in some way the response to the triggers becomes changed and causes different responses just one of which is CSA. It’s also been argued that the learbing process is why those in their teens and earlier tend to see the swapping of undressed / provocative “selfies” quite differently to adults.

[2] Some see the Church Committee and what it brought out as a turning point as it became politically sensitive in the public eye.

The FBI in particular became increasingly vocal but it fell on what they saw as not just deaf ears but mouths that just said no. Hence by the time of the 1990’s the 5th director of the FBI the incompetent Louis Freeh had to pick up the batton which he did with some zeal and went on his “world tour” trying to scare other nations into precipitous anti-encryption and anti-privacy behaviour thus legislation. That Freeh reasoned he could then use as leverage on US legislators. Unsprisingly it failed. From the FBI point of view it took two events after the turn of the century to break through, the arrest of Robert Hanson in Feb 2001 and 9/11 in Sep 2001, both seen as inteligence failures and spun up as failures of surveillance powers.

[3] The IEEE has produced an overview of covert channels as part of their tutorial articles,

[4] Gus Simmons was invited by the IEEE to write up how he came up with the idea of subliminal channels,

[5] Kleptography is the idea of stealing via cryptography and involves ways to amoungst other things back door PKI in a manner that an observer who has access to a public key certificate can not prove,

However Moti Yung and others have shown that under certain circumstances some aspects of kleptography can be stopped. They call this Cliptography however in the past half decade little further has been said about it.

JonKnowsNothing October 23, 2023 1:44 PM

@Mark, All

re: Grooming on social media.

A few observations

1) People are willing to accept social media. Just try to pry a device out of anyone’s hands to see how addicted they are. This entire industry lays right at the feet of technology and the big tech firms that used advertising and social engineering to push their products. Advertising, Bluster, Puffery have been around since people started selling or bartering items to others. Hi-Tech put this practice into another gear with psychological manipulation.

2) I play PVP online combat games. I play them For Fun. However, others are not playing for fun, they are working on “Pro Status”. Some play eSports but others are monetizing the game play with in-camera-view (including all the other players visible in the view), on Twitch, YouTube, Discord and other channels. There is an incentive both financial and ego-driven in these games.

A common thread across these Pro or Aspiring Pro States is a form of taunting that is bigoted, hateful, racist, derogatory and it crosses the entire gamut of game play.

Another common thread is that few parents ever pay attention to what their under adult age children are doing or saying. It comes under some faux sense of kid privacy. ..

Parents don’t know because they do not want to know. Then they are shocked! Shocked! That their children’s vocabulary include words, phrases, descriptions of body parts, and activities that won’t get by this blog’s profanity filter.

3) Intervention or even oversight is not going to change anyone’s views, even if you had 100% monitoring of everything, the very nature of the player’s attitudes from 8yo to senior adult is on display. Every aspect of modern life: drugs, violence, hate, sexual reference right there broadcast across the entire internet spectrum.

Attempts to block it are just pepega…


def pepega

  • Pepega (pronounced “peh-peyguh”) is a Twitch Emote featuring a distorted image of Pepe the Frog which is used to ironically express that something is stupid and is commonly accompanied by the slang pejorative to describe a person with a mental disability

source October 23, 2023 1:57 PM

Whether a good idea or a “bad idea”, this will be pushed through and will also have some effect on cryptocurrencies.

ResearcherZero October 23, 2023 11:44 PM

“look, we’re not against regulations, here’s our framework”

Political Entrepreneurship, which is when the main entrepreneurial effort is not to innovate in newer and better products for customers, but rather using the political system for personal gain and to prevent competitors from havng the same opportunities.

“Google knows full well that it can handle the requirements of the law, but smaller competitors cannot. Google likes the law. It wants more of them, apparently.”


Anonymous October 24, 2023 9:22 AM

Apple has it exactly right
I am happy to know that Professor Landau thinks Apple is on the right track. Maybe they could set an example in the valley.

ResearcherZero October 25, 2023 12:41 AM

Better access to justice and support will help victims.

“We call for taking effective measures to prevent the abuse of children in the first place — a solution that requires hard work and investments in social services and a resilient society.”

“In the arms race to develop such detection technologies, the bad guys will win:”

Operation Aurora

In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access.

“As Google was responding to the breach, its technicians made another startling discovery: its database with years of information on surveillance orders had been hacked. The database included information on thousands of orders issued by judges around the country to law enforcement agents seeking to monitor suspects’ e-mails.”

Operation Aurora also targeted more than 30 companies including Adobe, Akamai, Juniper, Rackspace, Yahoo, Symantec, Northrop Grumman, Morgan Stanley and Dow Chemical.

“[The SCMs] were wide open,” says Alperovitch. “No one ever thought about securing them, yet these were the crown jewels of most of these companies in many ways—much more valuable than any financial or personally identifiable data that they may have and spend so much time and effort protecting.”

Separately, Google discovered that accounts of dozens of Gmail users in the U.S., China, and Europe who are human rights advocates “appear to have been routinely accessed by third parties.”


“The continuing quest for hidden access comes as governments in the United States, the United Kingdom and elsewhere seek laws that would require tech companies to let governments see unencrypted traffic.”

Europol officials floated the idea of using the proposed EU Centre to scan for more than just CSAM, telling the Commission, “There are other crime areas that would benefit from detection”.

…Swiss federal police found that up to 80% of machine-reported material turned out to be criminally irrelevant.


In 2017 the European Parliament reported that countries across the EU have failed to implement a series of measures which were adopted in a 2011 Directive to tackle the issue of child sexual abuse and exploitation. If countries still systemically fail to follow existing measures, then additional laws are at best premature.


This talk will outline the critical moments of the months ahead: what is at stake for online privacy, what can be expected, and what is happening behind the scenes at the EU institutions.


ResearcherZero October 25, 2023 1:24 AM

The treatment I witnessed of how children were treated in the courts, who were kidnapped and horrifically abused, was disgusting. The repeat offenders received fantastic legal representation from the Department of Public Prosecutions. The DPP let the offenders go – after the judge recommended custodial sentences.

Solve that problem, the physical treatment of victims, and the lack of support.

There are many outstanding cases, with very large quantities of existing evidence held by police departments – that have received little attention, in some cases for decades.

They subject victims to a deeply flawed legal process that drags out for years, due to the deliberate abuse of technicalities designed solely to frustrate and stall.

Until that problem is solved, any so called “interventions” will solve nothing. Currently they ask victims to stick their necks out, then tear them to pieces in cross examination.

Most of the evidence is never even introduced during the proceedings by prosecutors.

If the prosecutors and police repeatedly fail to prosecute, what exactly is the point?

ResearcherZero October 25, 2023 3:45 AM

Testimony is evidence. If the prosecution never calls on eye-witnesses to testify, that evidence never sees the light of day.

Neglecting proper collection of corroborating evidence can have disastrous consequences to child maltreatment cases.

“A bias toward biological evidence may also interfere with investigators pursuing other, non-traditional types of corroborating evidence. For example, a child may disclose details regarding the physical location of maltreatment. …Combined with victim testimony and reconstructive photos and imagery, this corroborative biological evidence can help powerfully transport jurors and reconstruct the crime scene.”


“No significant difference in rate of felony conviction was found in cases with or without physical evidence. Of 32 cases without physical evidence, 30 (94%) resulted in felony convictions, whereas only 9 of 13 cases (69%) with physical evidence resulted in a felony conviction. Multiple variables describing the abuse situation were not shown to effect the legal outcome of the cases. Of cases that resulted in felony convictions, physical evidence was present in only 23% (9 of 39).”


Cases involving the youngest victims had a significantly lower conviction rate (12 of 23), despite a very high frequency (13 of 23) of physical evidence…


Clive Robinson October 25, 2023 7:53 AM

@ ResearcherZero,

Re : Euro News Article on European Commissioner for Home Affairs Ylva Johansson letter.

“Either the Commissioner does not understand how technology works, or she is making a claim she knows to be false.”

There is another explanation that is she is for some reason ignoring reality for one or more of a multitude of reasons.

In the past I’ve mentioned what occured when then UK Prime Minister against all advice pushed through “Poll Tax” and the predicted violent civil unrest followed in short order.

The Prime Minister was Margaret Thatcher and she had a major cognative issue. Put simply she usually refused to be “advised in depth” by those qualified to do so and unfortunately picked up on “sound bites” from unqualified people. If she liked the sound bite she would run with it through any counter argument all to often with disasterous results.

Another example was her patriarchal in effect “Mother Knows Best” behaviours which resulted in quite a few high profile Official Secrets Acts trials that repeatedly failed in highly embarising ways.

Put simply there are certain types of people that become “cognitively biased” on nonsense and will not under any circumstances change their attitude. Worse they often see qualified advice as “personal attacks” and respond in at best inappropriate ways and all to often unlawful ways.

We’ve seen the latter in the EU before over staff who reported widespread high value fraud as was their job being persecuted by the Police, and driven into effective exile and not given the right to defend themselves or access any support.

Some fail to realise that,

1, False Allegations
2, Rights stripping
3, False imprisonment

Are just as much political tools in democracies as they are in dictatorships, tyrannies, and police states.

Having looked at just some of EU Commissioner Ylva Johansson’s behaviours some of which are identifiable as at best unlawful, I can predict that she will go one to commit increasing unlawfull behaviour with time and position.

For the safty of many, she should be not just opposed but deposed from possition preferably in disgrace by those who take a more rational and realistic view especially when history is littered with examples of what happens when what Ylva Johansson proposes comes to pass.

In those now semi famous words made over a hundred years ago by US Supreme Court Justice Oliver Wendell Holmes, she now represents a,

“Clear and present danger”

To not just the body politic of the EU, but more importantly all the people of the EU and by secondary effect any user of an electronic device that has communications capability in the world.

google October 25, 2023 11:42 PM

In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts.

…while claiming that they do not “give, sell, etc” users data to third parties and their service is E2E encrypted blablabla

ResearcherZero October 26, 2023 2:11 AM

“the court has said — in a different case — if authorities can access the contents of communications on such a large scale then the discussion is over. No room for proportionality test — the essence of the right to privacy would be violated, and therefore such a measure would be illegal.”


Instead of trying to backdoor or abolish E2EE, why not instead direct all those resources to where it is actually needed…

“We need to take the criminal justice system and rebuild it with the idea that whatever we do will impact children and their futures.”

Over 100,000 known sexual assault forensic evidence specimens, also known as rape kits, are currently sitting on shelves untested across the United States, some of which have remained there for decades.


Children who serve as witnesses can be threatened by those they are testifying against.

In addition to this, institutional barriers including long delays in completing cases, lack of adequate courts, lack of adequate legal aid services and lack of empathy by those administrating formal justice have also caused victim survivors to lose faith in seeking formal legal redress.

“that a failure of prosecutions, the lack of investigations that lead to charges and the reluctance of survivors to report are not the root of the problem, but indicative symptoms of a system that is failing”


ResearcherZero October 26, 2023 3:04 AM

@Clive Robinson

There are lots of ways to catch pervs without breaking encryption or the law. You just send someone a video like this…


And it discloses their location.

Instead of sticking child victims on the stand, corroborating eye-witnesses should be used, as is done with adult cases. Sexual crimes are one of the few cases where all the onus and responsibility is placed upon the victim. They don’t ask the poor old bank teller to prove a bank robbery.

Public kidnappings, also down to the victim to prove, rather than build a proper case. Calling public witnesses, and the police to give evidence, would be far more productive.

Though legal reform is I imagine, a terrifying concept for legislators and senators, along with improving the support of children who are victims of aggravated crimes.

ResearcherZero October 26, 2023 3:37 AM

Just imagine if the offender works in a government job. Which is not too hard as it does happen. What protections does the victim have? Few.

Legal advice privilege applies to all confidential communications between a lawyer and a client that are made for the predominant purpose of obtaining legal advice.


Stepping Away October 26, 2023 7:28 PM

Seems like a lot of people neglected to substantiate their claims about the past, present, and future.

I really can’t understand the motives behind the article or some of the responses here.
Is this entire mess just put here to attract digital vermin?

sincerely, Stepping Away

Clive Robinson October 26, 2023 10:26 PM

@ Stepping Away

Re : Some things are not logically possible.

You say,

“Seems like a lot of people neglected to substantiate their claims about the past, present, and future.”

Well you’ve not exactly thought that through have you…

Because how do you,

“substantiate” the “future”?

Or that matter the “present” as records take time sometimes a hundred years or more to become generally available. Which also in part covers the “past”.

Then because minors are involved, the records etc may become closed and reporting restrictions imposed.

But it is interesting that you have not substantiated your claims…

You could have asked for refrences, they do when available get pointed to if asked.

As for,

“Is this entire mess just put here to attract digital vermin?”

This very strongly suggests you have a political agenda and are trying to discredit in a near Troll-like way.

ResearcherZero October 27, 2023 3:57 AM

@Stepping Away

They are happy to have a software solution, but not actually invest in the physical needs or support of children who are victims of crime.

The problem existed long before the internet. Rather than catching spies, we would occasionally have to do the jobs the police didn’t want to.

I’ve attended the funerals of children the system failed. Kids who were forcibly abducted, raped for days, and held hostage. Even after rescue with special forces units, police attending, and capture of the offenders, the offenders were later released. Resulting in further kidnappings of the victims, along with new victims and deaths. Why? Because they were government employees. Armed with government records, and sometimes weapons.

Court cases involving children are sealed, no public reporting is generally allowed. Once they leave the court they are on their own. The limited support available typically cuts off at the age of 12, regardless if the case is finalised.

There is zero oversight.

If the public knew what took place in some court rooms, not all but some, they would be outraged. Sometimes the police don’t even bother to show up, and no other witnesses are called except for the victim. Each incident is heard in isolation from the other acts.

The courtroom just becomes one more tool “providing defendants with a dangerous ability to intimidate vulnerable witnesses by forcing those witnesses to face them during cross-examination.”

“If witnesses are vulnerable child victims, they deserve a heightened degree of care and protection in order to protect their psychological well-being.”


Certain conditions, such as whether the child had to testify multiple times throughout a prosecution, was the strongest predictor of later traumatization.

Even “children who in the 1980s seemed more resilient, if they testified more than once, later as adults did nearly as badly as those who presented behavioral problems”

Children who appeared more frightened of the defendant while testifying were less able to answer the prosecutors’ questions; and later, after the cases were closed, they were more likely to say that testifying had affected them adversely.


“Former British police officer jailed for abusing over 200 girls”

In one case, prosecutors said Edwards threatened to bomb the house of a victim and shoot her parents if she stopped sending him images.

…and sometimes they don’t merely make threats, hence the need for special forces.

ResearcherZero October 27, 2023 4:58 AM

@Stepping Away

In relation to the constant and variable factors, a central cause of police corruption is weak accountability.

The protection of a police department or the Interior Ministry from corruption investigations can taint efforts to control and curtail police corruption

When police officers are investigated or punished for their misdeeds, police corruption can be reduced.


“police corruption is probably the one that most directly hurts society, as those trusted with protecting the people either side with the criminals that victimize the citizens, or are themselves, criminals”

Our results show a phase transition in which crime can propagate across the population even when the majority of police officers are honest.

Corruption in the justice system covers all aspects of judicial oversight. Police, prosecutors and court staff play a role in improperly influencing the provision of judicial services, and their involvement in corruption can have a menacing effect on the entire judicial process.


“I don’t think it’s a measure that law enforcement wants people to really study.”

ResearcherZero October 27, 2023 5:00 AM

Up to 80 percent of youth in need of mental health services do not receive services in their communities because existing services are inadequate. 😵


ResearcherZero October 30, 2023 12:25 AM

So obviously many historical cases are historical. Since then the situation has improved?

Yeah-Nah, no it has not…

Covered up child sexual abuse, destroyed records and failed to report complaints, says latest report. (2023)

“This led to authorities supporting and protecting the alleged abusers, rather than the children involved.”


“This is in fact what is now happening. Institutions are making these applications based in the main on the loss of evidence by the institution or the death or incapacity of the perpetrator. These applications for permanent stays generally are being successful.”

It is much more challenging for children to access justice when their rights are violated.

Common to all cases, the ‘core’, is a failure of government or church authorities to protect and care for children.

“…responses to institutional abuse may only partly be about abuse of children; they also include allegations of a failure of authorities to investigate the matter properly and their efforts to hide the truth from the public. This is a common theme in the Canadian and Australian core cases.”

Where the law falls short and where legal systems are designed in ways that make it difficult or impossible to combat abuses of children’s rights…


Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.