The Same Old Encryption Debate Has a New Target: Facebook
Credit to Author: Lily Hay Newman| Date: Thu, 03 Oct 2019 22:40:50 +0000
Attorney general William Barr seems eager to reignite the encryption wars, starting with the social media giant.
Stop us if you've heard this one before: United States law enforcement officials want tech companies to undermine encrypted messaging protections. The latest salvo is a fresh spin, but the underlying intent remains the same. As does the fundamental danger it poses.
On Friday, Attorney General William Barr will present an open letter to Facebook and its CEO, Mark Zuckerberg, cosigned by British and Australian officials, asking the company not to implement end-to-end encryption protections across its messaging services as planned. The letter, first reported on and published by BuzzFeed News, comes in tandem with a Department of Justice Lawful Access Summit in Washington, DC, focused on child exploitation investigations and the role of tech companies in flagging content related to child sexual abuse—insights that strong encryption protections can curtail.
All of this probably sounds very familiar, including Mark Zuckerberg's stated willingness to go head to head with law enforcement if necessary to implement its encryption plans. And less than four years ago, Apple and the FBI faced off in a similar debate about whether the tech giant could be compelled to create a tool that would unlock one of the San Bernardino shooters' iPhones.
"We respect and support the role law enforcement has in keeping people safe," a Facebook spokesperson said in a statement on Thursday. "Ahead of our plans to bring more security and privacy to our messaging apps, we are consulting closely with child safety experts, governments, and technology companies and devoting new teams and sophisticated technology so we can use all the information available to us to help keep people safe … We strongly oppose government attempts to build backdoors because they would undermine the privacy and security of people everywhere."
"We have to recognize that it would come with serious harms of is own."
Andrew Crocker, EFF
For decades, the DoJ and law enforcement agencies around the world have promoted the idea that encrypted digital communications hinder investigations and that, if those protections must exist, law enforcement needs a way to circumvent them. Cryptographers and privacy advocates dispute, though, that such a"backdoor" can exist without fundamentally undermining the protection encryption offers. Encryption may create one danger in limiting law enforcement insight, but it protects people around the world against many other pressing threats from repressive governments, criminals, and abusers of all sorts.
In Apple's showdown with the FBI, which centered on a terrorism investigation, the agency mounted a legal challenge, including a lawsuit in federal court. This time the Justice Department initiative is linked to another universally reviled crime, child exploitation. But it comes at a time when Facebook is attempting to repair its reputation on privacy and security issues, and has a strong interest in being seen as a defender of user protections. It is unclear what next steps the Justice Department may take if Facebook doesn't heed Barr's letter.
"There seems to be a pretty concerted effort here to call attention to very serious crimes and reports of crimes that happen over communications platforms and try to tie that to encryption and sort of use that as a lever or wedge against the further spread of encryption," says Andrew Crocker, a staff attorney at the nonprofit Electronic Frontier Foundation, a digital rights group.
According to Barr's letter, Facebook made 16.8 million reports to the US National Center for Missing & Exploited Children in 2018, the vast majority of that year's 18.4 million total reports. The UK National Crime Agency estimates that these reports from Facebook led to more than 2,500 arrests by UK law enforcement. These statistics don't indicate, though, whether more child exploitation happens than ever in the digital age, or whether the same photos and other media circulates on Facebook being repeatedly (and rightly) flagged. It's also a massive number of reports given that a significant portion of Facebook's offerings and infrastructure, like WhatsApp, are already end-to-end encrypted or, like Messenger, can be.
Additionally, even when users turn on Facebook Messenger's current, optional end-to-end encryption protections, they can still flag inappropriate or seemingly illegal content that can be decrypted on their devices and sent to the company for review. And although end-to-end encryption makes messages unreadable to outsiders at all points on their digital journey between sender and receiver, Facebook's scheme would still allow the company to see some so-called metadata about messages, like when they were sent. Facebook says that it plans to use machine learning monitoring algorithms and other analysis tools to spot potentially concerning trends in this metadata, and continue to alert law enforcement where applicable. End-to-end encryption also does nothing to impede law enforcement in situations where agents have access to a suspect's devices.
Zuckerberg said in a company town hall on Thursday evening that Facebook is proud of the reporting it has done to the National Center for Missing & Exploited Children, but that the signal to noise ratio is not always helpful in the massive flood of alerts it submits. The company has been looking to refine its flagging process, he said. He also suggested that the majority of cases of sexual exploitation happen between adults and children who know each other, not those who meet online. But he added that an area the company is working to improve is identifying potentially problematic instances where adults and minors connect on Facebook.
"In our work on election integrity, what we've basically figured out is that often it's not looking at the content that's most important it's looking at the patterns of activity," Zuckerberg said. "These are some of the hardest decisions that I think we have to make is trading off these equities that are really heavy. … With all that said, I still think the equities are still in favor of moving toward end-to-end encryption. … It keeps people safe in other ways."
The latest encryption blow-up also comes as US and United Kingdom officials prepare to sign the CLOUD Act, an agreement meant to make it easier for US and UK law enforcement groups to request user data from tech companies with a warrant and share that data in investigations. The CLOUD Act does not in itself require that tech companies break user protections like encryption to acquire requested data.
Privacy proponents emphasize that there's no safe, foolproof way to implement encryption backdoors. Any vulnerability in the scheme, no matter how hidden or secret, can be discovered by others and potentially abused. The seminal 2015 paper "Keys Under Doormats" written by a large group of top cryptographers outlines the inherent, unavoidable dangers of such schemes. And the US government has proven itself to be an unreliable steward of sensitive digital tools, having lost or mishandled them in the past in ways that have enabled widespread havoc.
"When law enforcement officials talk about all of these truly horrific things that they are attempting to investigate and that they want to compromise encryption to get at, we have to recognize that it would come with serious harms of is own," EFF's Crocker says. "There really is not a solution that's been proposed that protects the security and privacy of communications and allows access for law enforcement. There just isn’t a solution that’s been invented in the world that can do that."
Updated October 3, 2019 at 8:00pm ET to include comment from Mark Zuckerberg.