Congress on Tuesday told Facebook and Apple that they better put backdoors into their end-to-end encryption, or they’ll pass laws that force tech companies to do so.
At a Senate Judiciary Committee hearing on Tuesday that was attended by Apple and Facebook representatives who testified about the worth of encryption that hasn’t been weakened, Sen. Lindsey Graham had this to say:
You’re going to find a way to do this or we’re going to do this for you.
We’re not going to live in a world where a bunch of child abusers have a safe haven to practice their craft. Period. End of discussion.
It’s the latest shot fired in the ongoing war over encryption. The most recent salvos have been launched following the privacy manifesto that Facebook CEO Mark Zuckerberg published in March.
At the time, Zuckerberg framed the company’s new stance as a major strategy shift that involves developing a highly secure private communications platform based on Facebook’s Messenger, Instagram, and WhatsApp services.
Facebook’s plan is to leave the three chat services as standalone apps but to also stitch together their technical infrastructure so that users of each app can talk to each other more easily.
The plan also includes slathering the end-to-end encryption of WhatsApp – which keeps anyone, including Facebook itself, from reading the content of messages – onto Messenger and Instagram. At this point, Facebook Messenger supports end-to-end encryption in “secure connections” mode: a mode that’s off by default and has to be enabled for every chat. Instagram has no end-to-end encryption on its chats at all.
You had better end – or at least pause – your plan, three governments warned Facebook in October.
US Attorney General William Barr and law enforcement chiefs of the UK and Australia signed an open letter calling on Facebook to back off of its “encryption on everything” plan unless it figures out a way to give law enforcement officials backdoor access so they can read messages.
“No,” Facebook said – with all due respect to law enforcement and its need to keep people safe.
On Monday, Facebook released an open letter it penned in response to Barr.
In the letter, WhatsApp and Messenger heads Will Cathcart and Stan Chudnovsky said that any backdoor access into Facebook’s products created for law enforcement would weaken security and let in bad actors who would exploit the access. That’s why Facebook has no intention of complying with Barr’s request that the company make its products more accessible, they said:
The ‘backdoor’ access you are demanding for law enforcement would be a gift to criminals, hackers and repressive regimes, creating a way for them to enter our systems and leaving every person on our platforms more vulnerable to real-life harm.
People’s private messages would be less secure and the real winners would be anyone seeking to take advantage of that weakened security. That is not something we are prepared to do.
In his opening statement on Tuesday, Sen. Graham – the chairman of the Senate Judiciary Committee – told Apple and Facebook representatives that he appreciates “the fact that people cannot hack into my phone,” but encrypted devices and messaging create a “safe haven” for criminals and child exploitation.
In Facebook’s letter, Cathcart and Chudnovsky pointed out that cybersecurity experts have repeatedly shown that weakening any part of an encrypted system means that it’s weakened “for everyone, everywhere.” It’s impossible to create a backdoor just for law enforcement that others wouldn’t try to open, they said.
They’re not alone in that belief, they said. Over 100 organizations, including the Center for Democracy and Technology and Privacy International, responded to Barr’s letter to share their views on why creating backdoors jeopardizes people’s safety. Facebook’s letter also quoted Cryptography Professor Bruce Schneier from comments he made earlier this year:
You have to make a choice. Either everyone gets to spy, or no one gets to spy. You can’t have ‘We get to spy, you don’t.’ That’s not the way the tech works.
And as it is, Facebook is already working on making its platforms more secure, they said. It’s more than doubled the number of employees who are working on safety and security, and it’s using artificial intelligence (AI) to detect bad content before anyone even reports it or, sometimes, sees it. For its part, WhatsApp is detecting and banning two million accounts every month, based on abuse patterns. It also scans unencrypted information – such as profile and group information – looking for tell-tale content such as child abuse imagery.
Facebook says that it’s been meeting with safety experts, victim advocates, child helplines and others to figure out how to better report harm to children, in ways that are more actionable for law enforcement. It’s doing so while trying to balance the demands of other needs: as in, it’s also working to collect less personal data, as governments are demanding, and to keep users’ interactions private, as those users are demanding.
At a Wall Street Journal event on Tuesday, AG Barr granted that yes, there are benefits to encryption, such as to secure communications with a bank …a financial institution that will, and can, give investigators what they need when served with a warrant.
But he said that the growth of consumer apps with warrant-repellent, end-to-end encryption, like WhatsApp and Signal, have aided “terrorist organizations, drug cartels, child molesting rings and kiddie porn type rings.”
This war over encryption has been going on since the FBI’s many attempts to backdoor Apple’s iPhone encryption in the case of the San Bernardino terrorists.
Both sides are sticking to the same rationales they’ve espoused since the start of this debate. The only real difference in the events of this week is the renewed call for legislation to force backdoors: a threat that is apparently uniting both sides of this otherwise extremely partisan Congress and hence carries that much more weight.
Popo
Anything the Government wants to do to break encryption should be resisted at all costs.
Anonymous
dont give in fb!
bobber
Good for Facebook!
Anonymous
Add the Defense Department to the list of those saying it’s a really bad idea
clifford cuellar
I firmly agree that encryption should have NO backdoor. The governments argument that a backdoor is needed to enable law enforcement access is flawed for several reasons:
How will this be coded and at what point in message origination
Who decides on who has backdoor access
How will this backdoor be protected, will key be regenerated once accessed
What’s to prevent a privately developed system (dark web) with its own unbreakable system
(this is what keeps the NSA busy – mainly concerned with nation states)
Paul Ducklin
Indeed. You don’t need to be afraid of your own government to oppose this sort of law – it’s not (or not only :-) whether they ever get around to spying on you with the data they collected ‘just in case’, it’s the fact that secret cupboards full of ‘just in case’ data make a handy target for crooks and have a nasty habit of bursting open unexpectedly
So anyone who rants that you must be ‘anti-government’ or ‘unpatriotic’ if you oppose backdoors has got the wrong end of the stick. (For me, the big deal with Ed Snowden is not what you think of him or his actions, but that he was able to exfiltrate that data, apparently quite easily, in the first place.)
And, as you say, a law that puts all honest people at risk from a data breach carried out by crooks who purposely avoided complying with said law themselves… you could use that in the dictionary definition of irony. It sure sounds like a ‘lose-lose’ situation for both the government and its citizens to me.
David Heath
I’m really looking forward to seeing a bunch of Congressmen sitting down at their computers, re-writing the Facebook code to achieve what they want here.
Barbara
If Lindsay Graham was so invested in child safety why won’t he help with gun control or stop the separation of children from their parents?
Law enforcement is intelligent and does not need to get into our phones when there are apps like Neighbors.
Anonymous
It is laughable that FB is trying to protect your personal information. They are the worst abusers of stealing and selling it.
Alton Christie
If they are using AI to scan content l consider that a security flaw.
Charlie Bouquet
The problem that I am seeing is more of a centralized vs de-centralized issue than an encryption issue. Since WhatsApp is decentralized, only the parties involved in a conversation are able to know the message; this is integral with the Confidentiality and Integrity within encryption.However, it doesn’t help law enforcement when warrants are dispatched since there is no central server to audit. That being said, de-centralized ensures that all users are insulated from a warrant since although the warrant is specifically for an individual(s), it does not guarantee that other parties aren’t discovered for unrelated issues.
George Sidman
Privacy is a cornerstone of freedom. Freedom has a price – and it does not always come cheap. The missing component in the backdoor argument is that the the privacy, freedom and human dignity of hundreds of millions of people cannot be compromised on the off-chance that that the occasional violator might be found. The ratio of public privacy value to surveillance value is the price of freedom from invasive government snooping. To date, there is no evidence that all the massive telco spying, the multi-billion dollar eavesdropping boondoggle up in Utah, or any other legal or illegal mass surveillance has yielded a single instance of terrorism prevention or effective information regarding a crime.
Congresses mass snooping laws would move the legal processes to the secret FISA courts, and the abuses there are well known. The number of warrant requests and cases filed each year in the FISA courts exceeds the number of all other cases filed in all US courts. FISA is the embodiment of evil in a democracy and if Congress has its way we can kiss what is left of our privacy – and our democracy- goodbye.
Congress and the spooks are hell bent on criminalizing cryptography and must be resisted by all means.
“If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.” Cardinal Richelieu
Jhon Wiggles
Backdoors to tech? Here’s a better way to prevent these crimes: install cameras and microphones in our houses to monitor our behavior and make sure we don’t do anything bad… seriously?! What’s the f*#%n difference between the two options?
Paul Ducklin
Hmmm. Why -install- devices with camera and microphones at the taxpayer’s expense when so many people buy them with their own after-tax income, -bring them inside of their own free will-, and then can’t bear to turn them off in case they miss the magic voice command in the morning to report on the current weather and choose the getting-up music -)
Nicolas
So what’s the solution? Quoting a famous ‘technologist’, ‘Security is vital to survival …[whereas] privacy is a social need, vital […] to what makes us uniquely human – but not to survival.’ So the natural trend is to choose security over privacy, especially with all the FUDding around.