In an open letter to US, UK, and Australian security officials, Facebook has affirmed its commitment to rolling out end-to-end encryption across all its messaging platforms. Responding to an unusual communique in October requesting the company “not proceed” with its encryption plans, Facebook has again pointed out how little these governmental agencies understand the fundamental way encryption technology works.
End-to-end encryption has been a thorn in the side of government security officials ever since WhatsApp rolled it out across its entire network in 2016, introducing the technology to the mainstream. For the last few years governments around the world have been pushing back against the broad deployment of the technology, arguing it hinders law enforcement abilities to police terrorists, child pornographers and other serious criminals.
US Attorney General William Barr has had tech companies in his sights for much of 2019, claiming in July that tech companies, “are refusing to provide technology that allows for lawful access by law enforcement agencies in appropriate circumstances.”
Barr followed this speech up with a strange public letter in October, targeted at Facebook CEO Mark Zuckerberg and co-signed by Acting Homeland Security Secretary Kevin McAleenan, United Kingdom Home Secretary Priti Patel, and Australia’s Minister for Home Affairs Peter Dutton. The letter explicitly requested Facebook not roll out end-to-end encryption across its messaging platforms, and again perpetuated a mythical narrative that portrayed the company as wilfully refusing to provide governments access to these encrypted communications.
Facebook has finally responded to the October letter with an open letter of its own, published ahead of a new Senate Judiciary Committee hearing designed to interrogate both Facebook and Apple’s implementations of encryption. Facebook’s letter again attempts to educate certain members of government, explaining how end-to-end encryption is an all or nothing technique.
“The core principle behind end-to-end encryption is that only the sender and recipient of a message have the keys to “unlock” and read what is sent,” the letter states. “No one can intercept and read these messages – not us, not governments, not hackers or criminals.”
In a most amusing passive aggressive section of the letter, Facebook quotes several independent experts to affirm the absurdity of these continual governmental requests to weaken encryption technology. It’s a perfect example of the company using other people’s words to say what it really thinks.
“In response to your open letter asking that Facebook break encryption, over 100 organizations, including the Center for Democracy and Technology and Privacy International, shared their strong views on why creating backdoors jeopardize people’s safety,” the letter states. “Cryptography Professor Bruce Schneier said earlier this year: 'You have to make a choice. Either everyone gets to spy, or no one gets to spy. You can't have "We get to spy, you don't." That's not the way the tech works.'" And Amnesty International commented: 'There is no middle ground: if law enforcement is allowed to circumvent encryption, then anybody can.'”
The response letter from Facebook preceded a Senate Judiciary Committee meeting in Washington, featuring Apple’s Manager of User Privacy, Erik Neuenschwander and Facebook’s Product Management Director for Privacy and Integrity in Messenger. In a rare display of bi-partisanship Democratic Ranking Member Dianne Feinstein and Republican Chairman Lindsay Graham both threatened the tech company representatives with regulatory action if they didn’t comply with finding some way for law enforcement to access encrypted messages.
“My advice to you is to get on with it, because this time next year, if we haven't found a way that you can live with, we will impose our will on you,” Senator Graham sternly said to the tech company representatives.
Reiterating the general response to these somewhat impossible demands to weaken encryption methods, a statement co-signed by over 100 civil society organizations, tech companies and security researchers has urged the US, UK and Australian governments to stop undermining essential cyber security processes.
“In practice, if companies build law enforcement access mechanisms into encrypted products, some targets of investigations will simply move to using different encrypted services,” the statement succinctly notes. “Thus, while any of the small number of nefarious actors who are targeted by law enforcement will still be able to avail themselves of other services, the vast majority of users who are law-abiding – who may still choose different services – will disproportionately suffer the consequences of degraded security and trust.”
(This includes all kinds of phone & internet communication data & data stored in all kinds of smart phones & computers!!!)
(So, IMHO, any encryption method is OK but only as long as government law enforcement still have full access (decryption key(s))!!!)
Why???
Because otherwise safe haven(s) for all kinds of criminal activities & illegal/harmful contents/behaviors would be created/allowed!!!
Which is absolutely against common good of general public!!!
Imagine that, in physical world, what if, security (law enforcement) people in airports, were forbidden from searching any passengers (& their belongings), unless they have a specific court order for each & every passenger who they want to search???
How much increase in criminal activity that would cause???
Now consider, how much crime is done today in virtual world (using internet & computers & smart-phones)!!!
IMHO, just like government law enforcement people need to be able to do searches in physical world, they also need to be able to do the same in virtual world, for them to be able to FULLY protect & serve common good of general public!!!
Also, IMHO, general public is NOT obsessed w/ privacy, quite unlike what self-appointed "privacy advocates" always claim/pretend!!!
Also, IMHO, general public is actually happy to help government law enforcement (who are just trying to protect & serve common good of general public), quite unlike some people seem to think!!!
I would much prefer no one is allowed to circumvent encryption. Smart criminals will find a way regardless of our best efforts AND I really don't trust law enforcement agencies and governments any more than the criminal element.
Oh, wait! We already had this colossal failure in the 1980s. So, what makes the bureaucrats believe that companies can do what the NSA can not? Maybe they, the politicians can show us how it is done by publishing all their work and private internet communications!