The proliferation of end-to-end encryption across digital platforms over the past few years has unsurprisingly been a thorn in the side of international law enforcement networks. Now Facebook is in the firing line with a recently published open letter, co-signed by US, UK and Australian governments, requesting the company halt its plans to roll out end-to-end encryption across all its platforms.
The open letter is directed at Facebook CEO Mark Zuckerberg, and it comes from US Attorney General William Barr, Acting Homeland Security Secretary Kevin McAleenan, United Kingdom Home Secretary Priti Patel, and Australia’s Minister for Home Affairs Peter Dutton. The unusual communique flatly asks Facebook to “not proceed with its plan to implement end-to-end encryption across its messaging services.”
While stating the three governments support strong encryption, and recognize the technological necessity of encryption in processing services such as banking and commerce, the letter also spends a great deal of time citing child exploitation statistics, specifically stating end-to-end encryption would hinder law enforcement practices and make the platform an unsafe space, particularly for children.
“Companies should not deliberately design their systems to preclude any form of access to content, even for preventing or investigating the most serious crimes,” the letter says. “This puts our citizens and societies at risk by severely eroding a company’s ability to detect and respond to illegal content and activity, such as child sexual exploitation and abuse …”
End-to-end encryption has been a growing problem for international intelligence communities. Back in 2016, when WhatsApp initially deployed the technology across its entire platform, several government representatives expressed concern. The UK's home secretary, Amber Rudd, said in 2017, "We need to make sure that organizations like WhatsApp, and there are plenty of others like that, don't provide a secret place for terrorists to communicate with each other.”
In late 2018 the Australian government passed a controversial anti-encryption law that compelled a private company to create new interception capabilities so no communications data is completely inaccessible to the government. The government claimed these interception capabilities were not “backdoors” but security experts suggested these claims were simply semantic games, as there is little way to reconcile any form of access to encrypted content which doesn’t weaken the fundamentals of end-to-end encryption.
The Electronic Frontier Foundation, a non-profit dedicated to protecting digital civil liberties has called this latest open letter nothing less than a “staggering attempt to undermine the security and privacy of communications tools used by billions of people.”
Back in March Mark Zuckerberg published an expansive editorial outlining Facebook’s vision moving forward. While in the past Zuckerberg has notably disregarded notions of privacy, infamously suggesting in 2010 that privacy as a social norm is an outdated idea, he has more recently pivoted both his personal and professional philosophy. The March editorial outlines a vision of a future dominated by private, encrypted messaging and impermanent content that disappears after short periods of time.
“I believe the future of communication will increasingly shift to private, encrypted services where people can be confident what they say to each other stays secure and their messages and content won't stick around forever,” Zuckerberg writes. “This is the future I hope we will help bring about.”
Zuckerberg’s new, privacy-orientated world view is arguably influenced by the difficult last few years of public scandals his company has experienced. As individual citizens are becoming more aware of how their personal data can be used, people are quickly becoming protective of this modern commodity. Zuckerberg suggests “appropriate safety systems” can be implemented to stop bad actors such as terrorists or those exploiting children, however, he does note they will always be within the “limits of an encrypted service.”
“On balance, I believe working towards implementing end-to-end encryption for all private communications is the right thing to do,” he writes. “Messages and calls are some of the most sensitive private conversations people have, and in a world of increasing cyber security threats and heavy-handed government intervention in many countries, people want us to take the extra step to secure their most private data.”
Underpinning this battle between governments and tech companies seems to be a fundamental misunderstanding of how encryption actually works. The narrative continually presented by government security agencies describes companies as stubborn and unwilling to assist law enforcement bodies.
"Service providers, device manufacturers, and application developers are developing and deploying encryption that can only be decrypted by the end user or customer, and they are refusing to provide technology that allows for lawful access by law enforcement agencies in appropriate circumstances," said US Attorney General Willam Barr in a speech in July.
However, as Apple succinctly put it in a 2018 submission against Australia’s anti-encryption legislation, encryption is simply math, and it cannot be weakened without threatening the entire system.
"Some suggest that exceptions can be made, and access to encrypted data could be created just for only those sworn to uphold the public good. That is a false premise. Encryption is simply math. Any process that weakens the mathematical models that protect user data for anyone will by extension weaken the protections for everyone. It would be wrong to weaken security for millions of law-abiding customers in order to investigate the very few who pose a threat."