Computers

Encryption stays: Facebook pushes back against government pressures

Encryption stays: Facebook pus...
A security stand-off continues as Facebook refuses to halt its broad roll out of end-to-end encryption across its messaging services
A security stand-off continues as Facebook refuses to halt its broad roll out of end-to-end encryption across its messaging services
View 1 Image
A security stand-off continues as Facebook refuses to halt its broad roll out of end-to-end encryption across its messaging services
1/1
A security stand-off continues as Facebook refuses to halt its broad roll out of end-to-end encryption across its messaging services

In an open letter to US, UK, and Australian security officials, Facebook has affirmed its commitment to rolling out end-to-end encryption across all its messaging platforms. Responding to an unusual communique in October requesting the company “not proceed” with its encryption plans, Facebook has again pointed out how little these governmental agencies understand the fundamental way encryption technology works.

End-to-end encryption has been a thorn in the side of government security officials ever since WhatsApp rolled it out across its entire network in 2016, introducing the technology to the mainstream. For the last few years governments around the world have been pushing back against the broad deployment of the technology, arguing it hinders law enforcement abilities to police terrorists, child pornographers and other serious criminals.

US Attorney General William Barr has had tech companies in his sights for much of 2019, claiming in July that tech companies, “are refusing to provide technology that allows for lawful access by law enforcement agencies in appropriate circumstances.”

Barr followed this speech up with a strange public letter in October, targeted at Facebook CEO Mark Zuckerberg and co-signed by Acting Homeland Security Secretary Kevin McAleenan, United Kingdom Home Secretary Priti Patel, and Australia’s Minister for Home Affairs Peter Dutton. The letter explicitly requested Facebook not roll out end-to-end encryption across its messaging platforms, and again perpetuated a mythical narrative that portrayed the company as wilfully refusing to provide governments access to these encrypted communications.

Facebook has finally responded to the October letter with an open letter of its own, published ahead of a new Senate Judiciary Committee hearing designed to interrogate both Facebook and Apple’s implementations of encryption. Facebook’s letter again attempts to educate certain members of government, explaining how end-to-end encryption is an all or nothing technique.

“The core principle behind end-to-end encryption is that only the sender and recipient of a message have the keys to “unlock” and read what is sent,” the letter states. “No one can intercept and read these messages – not us, not governments, not hackers or criminals.”

In a most amusing passive aggressive section of the letter, Facebook quotes several independent experts to affirm the absurdity of these continual governmental requests to weaken encryption technology. It’s a perfect example of the company using other people’s words to say what it really thinks.

“In response to your open letter asking that Facebook break encryption, over 100 organizations, including the Center for Democracy and Technology and Privacy International, shared their strong views on why creating backdoors jeopardize people’s safety,” the letter states. “Cryptography Professor Bruce Schneier said earlier this year: 'You have to make a choice. Either everyone gets to spy, or no one gets to spy. You can't have "We get to spy, you don't." That's not the way the tech works.'" And Amnesty International commented: 'There is no middle ground: if law enforcement is allowed to circumvent encryption, then anybody can.'”

The response letter from Facebook preceded a Senate Judiciary Committee meeting in Washington, featuring Apple’s Manager of User Privacy, Erik Neuenschwander and Facebook’s Product Management Director for Privacy and Integrity in Messenger. In a rare display of bi-partisanship Democratic Ranking Member Dianne Feinstein and Republican Chairman Lindsay Graham both threatened the tech company representatives with regulatory action if they didn’t comply with finding some way for law enforcement to access encrypted messages.

“My advice to you is to get on with it, because this time next year, if we haven't found a way that you can live with, we will impose our will on you,” Senator Graham sternly said to the tech company representatives.

Reiterating the general response to these somewhat impossible demands to weaken encryption methods, a statement co-signed by over 100 civil society organizations, tech companies and security researchers has urged the US, UK and Australian governments to stop undermining essential cyber security processes.

“In practice, if companies build law enforcement access mechanisms into encrypted products, some targets of investigations will simply move to using different encrypted services,” the statement succinctly notes. “Thus, while any of the small number of nefarious actors who are targeted by law enforcement will still be able to avail themselves of other services, the vast majority of users who are law-abiding – who may still choose different services – will disproportionately suffer the consequences of degraded security and trust.”

8 comments
FB36
IMHO, government law enforcement should/must have full access to all kinds of mass communication data (& by (national/global) law(s) to be made)!!!
(This includes all kinds of phone & internet communication data & data stored in all kinds of smart phones & computers!!!)
(So, IMHO, any encryption method is OK but only as long as government law enforcement still have full access (decryption key(s))!!!)

Why???

Because otherwise safe haven(s) for all kinds of criminal activities & illegal/harmful contents/behaviors would be created/allowed!!!
Which is absolutely against common good of general public!!!

Imagine that, in physical world, what if, security (law enforcement) people in airports, were forbidden from searching any passengers (& their belongings), unless they have a specific court order for each & every passenger who they want to search???
How much increase in criminal activity that would cause???

Now consider, how much crime is done today in virtual world (using internet & computers & smart-phones)!!!

IMHO, just like government law enforcement people need to be able to do searches in physical world, they also need to be able to do the same in virtual world, for them to be able to FULLY protect & serve common good of general public!!!

Also, IMHO, general public is NOT obsessed w/ privacy, quite unlike what self-appointed "privacy advocates" always claim/pretend!!!
Also, IMHO, general public is actually happy to help government law enforcement (who are just trying to protect & serve common good of general public), quite unlike some people seem to think!!!
Aross
I agree with FB46. If you have something to protect like industrial secrets or hide like illegal activities, hate speech or at worst terrorist activities you need encryption to communicate so as to hide. The majority of people don't need encryption and probably don't want it. Some type of back door for law enforcement should be mandatory, but protected by a legal process. Better still no encryption on public forums. Let the criminals find their own vehicle to hide!
Got_Milked
@FB36 - Your overuse of IMHO and punctuation is nearly as disturbing as your trust in other people. If it were indeed impossible for anyone except law enforcement to access encrypted information, you might have a point. But as the article states so well "if law enforcement is allowed to circumvent encryption, then anybody can". That's reality. Take off your rose-tinted glasses. Common folk like you and I become more vulnerable while the real criminals simply do something else. This is not the solution.
bwana4swahili
"if law enforcement is allowed to circumvent encryption, then anybody can"!

I would much prefer no one is allowed to circumvent encryption. Smart criminals will find a way regardless of our best efforts AND I really don't trust law enforcement agencies and governments any more than the criminal element.
Global Genius
The real criminals to fear are the governments. Government commit more crimes than the so called real criminals. We fear government abuse of power, which sadly is quite common, that is why we want to be protected from all governments. Throughout history there are endless examples of governments tyranny; that is what every educated person fears and why backdoors should never be allowed in any product/software.
eMacPaul
@Aross, if you ever purchase anything online, do any banking online, send any emails, use a cell phone, or in general do anything you wouldn't want hackers to be able to impersonate you and do, you want encryption. The majority of people in fact *do* need encryption.
Tony Morris
FB36 you clearly have more faith in government and their agencies than I do. We have more to fear from ever-increasing government power than we do from the odd-evil-agent.
Chironian
The National Security Agency is the undisputed authority for crypto. What if they develop a public system? Maybe they can call it Capstone cryptography. Then the U.S. government could develop and mass produce a device based on Capstone and call it Clipper chip. This would cost a few million tax payer dollars, but it would end this debate. Then, just before being mandated by law, the back door might be leaked and a number of vulnerabilitis discovered. Hackers looked forward to the U.S. goverment to make this move.
Oh, wait! We already had this colossal failure in the 1980s. So, what makes the bureaucrats believe that companies can do what the NSA can not? Maybe they, the politicians can show us how it is done by publishing all their work and private internet communications!