Privacy is at the center of child safety accusations against Apple and Meta. Here’s why

Tech’s child safety record is under a microscope.

In legal proceedings spanning California, New Mexico and West Virginia this week, Meta CEO Mark Zuckerberg and Apple CEO Tim Cook are facing questions about privacy, free expression and safety — issues that tech’s biggest companies weigh in every feature release.

If the companies are found liable in their respective cases, the courts could force unprecedented product changes affecting billions of people.

Zuckerberg defended his decision-making in a Los Angeles courtroom on Wednesday as lawyers pressured him on why he allowed beauty filters on Instagram and if the company’s efforts to grow its business trumped youth mental-health concerns.

Internal messages from Meta’s case in New Mexico show employees discussing some 7.5 million child sexual abuse material reports annually that would no longer be disclosed after Zuckerberg’s decision, announced in 2019, to make Facebook Messenger end-to-end encrypted by default. 

The messages were revealed in a newly unsealed legal filing submitted by the state of New Mexico that was released this week.

“There goes our CSER [Community Standards Enforcement Report] numbers next year,” an employee wrote in a message dated Dec. 14, 2023, according to the filing. It was the same month that Meta said in a public blog post that it would begin “rolling out default end-to-end encryption for personal messages and calls on Messenger and Facebook.”

The employee added that it was as if the company “put a big rug down to cover the rocks” and said it was sending fewer child exploitation reports, the filing shows.

“I care about the wellbeing of teens and kids who are using our services,” Zuckerberg said Wednesday in LA, when he was asked about an email exchange with Cook.

West Virginia filed a lawsuit against the iPhone maker on Thursday about its handling of child sexual abuse material, or CSAM.

The New Mexico case brought by Attorney General Raúl Torrez began opening arguments on Feb. 9. Zuckerberg is not expected to testify during the trial.

Torrez alleges that Meta failed to properly safeguard apps like Instagram and Facebook from online predators and made misleading statements about the overall safety of its platform.

“Meta knew that E2EE would make its platforms less safe by preventing it from detecting and reporting child sexual exploitation and the solicitation and distribution of child exploitation images sent in encrypted messages,” lawyers said in the filing. “Meta further knew that its safety mitigations would be inadequate to address the risks.”

E2EE is shorthand for end-to-end encryption.

The social media giant said in response to the unsealed filing that the company continues to develop safety tools and features and that it can review and address private encrypted messages if they are reported for child safety-related issues.

Meta has previously pushed back on the New Mexico AG’s allegations, saying it is “focused on demonstrating our longstanding commitment to supporting young people.”

Court documents in New Mexico show several internal notes that flagged major concerns about the encryption change and the effect it would have on the company’s ability to spot and report CSAM and other harmful messages.

A senior staffer in Meta Global Affairs said in a Feb. 25, 2019, note that “Without robust mitigations, E2EE on Messenger will mean we are significantly less able to prevent harm against children.”

Another internal document from June 2019 said: “We will never find all of the potential harm we do today on Messenger when our security systems can see the messages themselves.”

Although privacy advocates have praised the ability of encryption to effectively scramble messages so third parties are unable to snoop on people’s conversations, various members of law enforcement have said that doing so impedes their ability to investigate certain crimes.

After Meta finished its encryption efforts on Facebook Messenger, attorneys wrote in the filing that “the fears conveyed by law enforcement and even its employees were born out.”

Alphabet-owned YouTube is also a defendant in the Los Angeles case, while TikTok and Snap are no longer involved following their respective settlements with a plaintiff before that trial commenced in January.

Apple is also facing questions about encryption and privacy.

West Virginia Attorney General John “JB” McCuskey alleged in a suit filed Thursday that the company failed to prevent CSAM from being stored and shared on iOS devices and iCloud services.

Similar to the Meta allegations in New Mexico, McCuskey singled out Apple’s encryption practices as an impedance to law enforcement.

“Fundamentally, E2E encryption is a barrier to law enforcement, including the identification and prosecution of CSAM offenders and abusers,” lawyers wrote in the Apple legal filing.

Apple said in a statement that “protecting the safety and privacy of our users, especially children, is central to what we do.”

The legal cases against both companies, and the communication between Cook and Zuckerberg about child safety, are raising further questions about what the companies owe to users and other stakeholders on their platforms.

“I thought there were opportunities that our company and Apple could be doing, and I wanted to talk to Tim about that,” Zuckerberg said of his emails with Cook.

As the suits and cases play out, more will be learned about the decisions that affect billions around the world.