Officials push Facebook for way to peek at encrypted messages

522
A man poses with a magnifier in front of a Facebook logo on display in this illustration taken in Sarajevo, Bosnia and Herzegovina, December 16, 2015. Facebook Inc said on Wednesday it is testing a service that will allow users of its Messenger app to hail Uber rides directly from the app, without leaving a conversation or downloading the ride-hailing app. REUTERS/Dado Ruvic TPX IMAGES OF THE DAY - RTX1Z0SS

Officials are calling on Facebook not to use encryption in its messaging services that does not provide authorities a way to see what is being sent.

The request was made in a letter signed by US Attorney General William Barr, British home secretary Priti Patel and Australian minister for home affairs Peter Dutton.

“We are writing to request that Facebook does not proceed with its plan to implement end-to-end encryption across its messaging services… without including a means for lawful access to the content of communications to protect our citizens,” said a copy of the letter obtained by AFP and dated October 4.

The letter called on Facebook and other companies to make sure messaging systems were not so well-encrypted that law enforcement couldn’t see “content in a readable and usable format” when needed.

The request, addressed to Facebook chief Mark Zuckerberg, raises anew the conflict between technology firms intent on protecting user privacy by scrambling messages with encryption, and government agencies contending that doing so would let wrongdoers hide their schemes.

The leading social network already encrypts WhatsApp messages from end-to-end — meaning only the sender and recipient can read the message, which is saved in encrypted form – and is working to extend the technology to other apps in its family, including Messenger.

End-to-end encryption protects the messages of over a billion people every day, according to Facebook.

“It is increasingly used across the communications industry and in many other important sectors of the economy,” Facebook said in response to an AFP query.

“We strongly oppose government attempts to build backdoors because they would undermine the privacy and security of people everywhere.”

During a live-streamed question session with employees, Zuckerberg said the company recognized the challenge in balancing privacy with fighting crimes such as child exploitation and terrorism, and was working with authorities to get it right.

“Having the availability to look at the content is a useful signal, and when you lose that you are fighting that battle with at least a hand tied behind your back and you hope there is a lot of good stuff you can do with your other hand,” Zuckerberg said.

He felt the scale was still tipped toward encryption, which can help protect journalists, political protesters, and others.

Privacy has been a sore point for Facebook, and users have been clamoring for encryption of messages, according to Zuckerberg.

Clues such as patterns of behavior and connections between accounts can be used as signals of illicit behavior even if data in messages can’t be seen, he noted.

The nonprofit Center for Democracy and Technology (CDT), based in Washington, contended that governments signing the letter were using scare tactics to weaken security of global communications and build in surveillance.

“Strong encryption and end-to-end security are bedrock technologies that keep information safe online,” said CDT senior technologist Hannah Quay-de la Vallee.

“These technologies protect billions of communications every day, from the sensitive correspondence of victims of domestic violence to businesses’ financial records to our private medical information.”

Facebook early this year said it was trying to get its messaging apps to be friends, allowing encrypted missives be exchanged no matter which of its services are used.

The California-based social network is behind free, stand-alone smartphone apps Instagram, Messenger and WhatsApp.

Each service is popular, but users have to be in the same application to exchange messages.

– CLOUD Act –

The joint letter to Facebook, paired with a freshly signed “CLOUD” data sharing agreement between Britain and the US, should set off “red flags” for citizens in both countries who care about governments monitoring and sharing their communications, the CDT argued.

The CLOUD Act Agreement will allow British and US law enforcement agencies to demand electronic data regarding serious crimes directly from tech companies based in the other country, according to a Department of Justice statement.

The agreement will allow “more efficient and effective access to data needed for quick-moving investigations,” Barr said in the statement.

“Only by addressing the problem of timely access to electronic evidence of crime committed in one country that is stored in another, can we hope to keep pace with twenty-first century threats,” he added.

Facebook interpreted the CLOUD Act to allow technology companies to enable users to have private online conversations and be required to provide available information to valid legal requests — not build backdoors into encrypted systems.

“Creating a law that would mandate weaker and less secure technology is like mandating crumbling sidewalks to prevent criminals from escaping,” said Quay-de la Vallee.

“It’s ridiculous, it won’t work, and it puts us all at far greater risk of serious injury.”