Encryption stays: Facebook pushes back against government pressures
In an open letter to US, UK, and Australian security officials, Facebook has affirmed its commitment to rolling out end-to-end encryption across all its messaging platforms. Responding to an unusual communique in October requesting the company “not proceed” with its encryption plans, Facebook has again pointed out how little these governmental agencies understand the fundamental way encryption technology works.
End-to-end encryption has been a thorn in the side of government security officials ever since WhatsApp rolled it out across its entire network in 2016, introducing the technology to the mainstream. For the last few years governments around the world have been pushing back against the broad deployment of the technology, arguing it hinders law enforcement abilities to police terrorists, child pornographers and other serious criminals.
US Attorney General William Barr has had tech companies in his sights for much of 2019, claiming in July that tech companies, “are refusing to provide technology that allows for lawful access by law enforcement agencies in appropriate circumstances.”
Barr followed this speech up with a strange public letter in October, targeted at Facebook CEO Mark Zuckerberg and co-signed by Acting Homeland Security Secretary Kevin McAleenan, United Kingdom Home Secretary Priti Patel, and Australia’s Minister for Home Affairs Peter Dutton. The letter explicitly requested Facebook not roll out end-to-end encryption across its messaging platforms, and again perpetuated a mythical narrative that portrayed the company as wilfully refusing to provide governments access to these encrypted communications.
Facebook has finally responded to the October letter with an open letter of its own, published ahead of a new Senate Judiciary Committee hearing designed to interrogate both Facebook and Apple’s implementations of encryption. Facebook’s letter again attempts to educate certain members of government, explaining how end-to-end encryption is an all or nothing technique.
“The core principle behind end-to-end encryption is that only the sender and recipient of a message have the keys to “unlock” and read what is sent,” the letter states. “No one can intercept and read these messages – not us, not governments, not hackers or criminals.”
In a most amusing passive aggressive section of the letter, Facebook quotes several independent experts to affirm the absurdity of these continual governmental requests to weaken encryption technology. It’s a perfect example of the company using other people’s words to say what it really thinks.
“In response to your open letter asking that Facebook break encryption, over 100 organizations, including the Center for Democracy and Technology and Privacy International, shared their strong views on why creating backdoors jeopardize people’s safety,” the letter states. “Cryptography Professor Bruce Schneier said earlier this year: 'You have to make a choice. Either everyone gets to spy, or no one gets to spy. You can't have "We get to spy, you don't." That's not the way the tech works.'" And Amnesty International commented: 'There is no middle ground: if law enforcement is allowed to circumvent encryption, then anybody can.'”
The response letter from Facebook preceded a Senate Judiciary Committee meeting in Washington, featuring Apple’s Manager of User Privacy, Erik Neuenschwander and Facebook’s Product Management Director for Privacy and Integrity in Messenger. In a rare display of bi-partisanship Democratic Ranking Member Dianne Feinstein and Republican Chairman Lindsay Graham both threatened the tech company representatives with regulatory action if they didn’t comply with finding some way for law enforcement to access encrypted messages.
“My advice to you is to get on with it, because this time next year, if we haven't found a way that you can live with, we will impose our will on you,” Senator Graham sternly said to the tech company representatives.
Reiterating the general response to these somewhat impossible demands to weaken encryption methods, a statement co-signed by over 100 civil society organizations, tech companies and security researchers has urged the US, UK and Australian governments to stop undermining essential cyber security processes.
“In practice, if companies build law enforcement access mechanisms into encrypted products, some targets of investigations will simply move to using different encrypted services,” the statement succinctly notes. “Thus, while any of the small number of nefarious actors who are targeted by law enforcement will still be able to avail themselves of other services, the vast majority of users who are law-abiding – who may still choose different services – will disproportionately suffer the consequences of degraded security and trust.”