Facebook refuses to break end-to-end encryption

Security

Congress on Tuesday told Facebook and Apple that they better put backdoors into their end-to-end encryption, or they’ll pass laws that force tech companies to do so.

At a Senate Judiciary Committee hearing on Tuesday that was attended by Apple and Facebook representatives who testified about the worth of encryption that hasn’t been weakened, Sen. Linsey Graham had this to say:

You’re going to find a way to do this or we’re going to do this for you.

We’re not going to live in a world where a bunch of child abusers have a safe haven to practice their craft. Period. End of discussion.

It’s the latest shot fired in the ongoing war over encryption. The most recent salvos have been launched following the privacy manifesto that Facebook CEO Mark Zuckerberg published in March.

At the time, Zuckerberg framed the company’s new stance as a major strategy shift that involves developing a highly secure private communications platform based on Facebook’s Messenger, Instagram, and WhatsApp services.

Facebook’s plan is to leave the three chat services as standalone apps but to also stitch together their technical infrastructure so that users of each app can talk to each other more easily.

The plan also includes slathering the end-to-end encryption of WhatsApp – which keeps anyone, including Facebook itself, from reading the content of messages – onto Messenger and Instagram. At this point, Facebook Messenger supports end-to-end encryption in “secure connections” mode: a mode that’s off by default and has to be enabled for every chat. Instagram has no end-to-end encryption on its chats at all.

You had better end – or at least pause – your plan, three governments warned Facebook in October.

US Attorney General William Barr and law enforcement chiefs of the UK and Australia signed an open letter calling on Facebook to back off of its “encryption on everything” plan unless it figures out a way to give law enforcement officials backdoor access so they can read messages.

“No,” Facebook said – with all due respect to law enforcement and its need to keep people safe.

On Monday, Facebook released an open letter it penned in response to Barr.

In the letter, WhatsApp and Messenger heads Will Cathcart and Stan Chudnovsky said that any backdoor access into Facebook’s products created for law enforcement would weaken security and let in bad actors who would exploit the access. That’s why Facebook has no intention of complying with Barr’s request that the company make its products more accessible, they said:

The ‘backdoor’ access you are demanding for law enforcement would be a gift to criminals, hackers and repressive regimes, creating a way for them to enter our systems and leaving every person on our platforms more vulnerable to real-life harm.

People’s private messages would be less secure and the real winners would be anyone seeking to take advantage of that weakened security. That is not something we are prepared to do.

In his opening statement on Tuesday, Sen. Graham – the chairman of the Senate Judiciary Committee – told Apple and Facebook representatives that he appreciates “the fact that people cannot hack into my phone,” but encrypted devices and messaging create a “safe haven” for criminals and child exploitation.

In Facebook’s letter, Cathcart and Chudnovsky pointed out that cybersecurity experts have repeatedly shown that weakening any part of an encrypted system means that it’s weakened “for everyone, everywhere.” It’s impossible to create a backdoor just for law enforcement that others wouldn’t try to open, they said.

They’re not alone in that belief, they said. Over 100 organizations, including the Center for Democracy and Technology and Privacy International, responded to Barr’s letter to share their views on why creating backdoors jeopardizes people’s safety. Facebook’s letter also quoted Cryptography Professor Bruce Schneier from comments he made earlier this year:

You have to make a choice. Either everyone gets to spy, or no one gets to spy. You can’t have ‘We get to spy, you don’t.’ That’s not the way the tech works.

And as it is, Facebook is already working on making its platforms more secure, they said. It’s more than doubled the number of employees who are working on safety and security, and it’s using artificial intelligence (AI) to detect bad content before anyone even reports it or, sometimes, sees it. For its part, WhatsApp is detecting and banning two million accounts every month, based on abuse patterns. It also scans unencrypted information – such as profile and group information – looking for tell-tale content such as child abuse imagery.

Facebook says that it’s been meeting with safety experts, victim advocates, child helplines and others to figure out how to better report harm to children, in ways that are more actionable for law enforcement. It’s doing so while trying to balance the demands of other needs: as in, it’s also working to collect less personal data, as governments are demanding, and to keep users’ interactions private, as those users are demanding.

At a Wall Street Journal event on Tuesday, AG Barr granted that yes, there are benefits to encryption, such as to secure communications with a bank …a financial institution that will, and can, give investigators what they need when served with a warrant.

But he said that the growth of consumer apps with warrant-repellent, end-to-end encryption, like WhatsApp and Signal, have aided “terrorist organizations, drug cartels, child molesting rings and kiddie porn type rings.”

This war over encryption has been going on since the FBI’s many attempts to backdoor Apple’s iPhone encryption in the case of the San Bernardino terrorists.

Both sides are sticking to the same rationales they’ve espoused since the start of this debate. The only real difference in the events of this week is the renewed call for legislation to force backdoors: a threat that is apparently uniting both sides of this otherwise extremely partisan Congress and hence carries that much more weight.

Products You May Like

Articles You May Like

5 tips for better Google Drive security
Major Instagram App Bug Could’ve Given Hackers Remote Access to Your Phone
New tool helps companies assess why employees click on phishing emails
US Federal Agency Compromised by Cyber-Actor
179 arrested in massive dark web bust

Leave a Reply

Your email address will not be published. Required fields are marked *