Last Friday, Attorney General Barr along with Australian and UK officials, addressed a direct written request to CEO Facebook Mark Zuckerberg. The letter expresses support for strong encryption and protecting user data, but the primary objective is clear. They say, “We must find a way to balance the need to secure data with public safety and the need for law enforcement to access the information they need to safeguard the public, investigate crimes, and prevent future criminal activity.”
Attorney General William Barr has asked Facebook not to encrypt its messaging services by not putting its end-to-end encryption program in place. He feels encrypted messages will interfere with law enforcement’s ability to access information that helps them address child exploitation, terrorism and other threats. If encryption is implemented, before it goes into effect, they want Facebook to provide “back door” access for the government to get around the encryption. The government relies on social media, Facebook and its applications in particular, heavily as an information-gathering tool and they don’t want that access blocked.
The letter also says, “In 2018, Facebook made 16.8 million reports to the National Center for Missing and Exploited Children — more than 90% of the 18.4 million total reports that year. Our understanding is that much of this activity, which is critical to protecting children … will no longer be possible if Facebook implements its proposals as planned.”
Facebook and Others Are Saying No Go in Favor of Privacy
Strong privacy advocates won’t like the letter and the direction such an encryption ban could take things. Those with privacy perspective put a premium on protecting people’s personal data and private conversations, and view government access as intrusion into that privacy. Civil liberties organizations will certainly get involved in the debate.
Facebook’s response to the letter is that they will not comply with the request and will instead be seeking legal counsel and alternative solutions. Their statement included sentiments such as,
“We believe people have the right to have a private conversation online, wherever they are in the world. End-to-end encryption already protects the messages of over a billion people every day.”
And while they said, “We respect and support the role law enforcement has in keeping people safe,” they also followed strongly with, “We strongly oppose government attempts to build backdoors because they would undermine the privacy and security of people everywhere.”
They continued with, “Ahead of our plans to bring more security and privacy to our messaging apps, we are consulting closely with child safety experts, governments and technology companies and devoting new teams and sophisticated technology so we can use all the information available to us to help keep people safe.”
We’ve Seen the Battle of Encrypted Privacy vs. Government Back Door Access Before
This is not the first time the government and a high tech company have sparred. In 2016, the FBI had a court order requiring Apple to assist them in breaking into a suspect’s iPhone after the San Bernardino shooting. But Apple was not willing to set a precedent of breaking into their own iPhones. The FBI ultimately worked with another security company to get into the phone but the memory of the episode hasn’t faded for either side.
Apple continued to defend its position for not breaking into the phone. Later, news came out that the security company that helped the FBI itself was hacked had some of those phone-hacking tools were stolen. Other stolen data indicated the company had been hired by other companies outside the US, some not considered US allies. These are the concerns Apple CIO Tim Cook expressed when making the decision not to create tools to break through phone security. Others could then steal the tools and use them nefariously. Now those encryption-hacking tools are forever out in the wild to the detriment of users.
Incidentally, except for being able to see what data was not on the phone, the FBI didn’t find any substantially useful information on the phone.
No End in Sight
In the eyes of most security practitioners and in our era where compliance to data privacy regulations is critical and legally required, encryption is essential. It’s a must for protecting data and keeping it out of the wrong hands. Providing the keys to third-party outsiders to unlock encrypted data, even the government for law enforcement purposes, undermines the very purpose for which encryption is designed.
While it can be said that Apple and Facebook have reasonable arguments, Facebook itself is having plenty of additional challenges having committed its own share of privacy violations of users’ data. The company is caught up in many court cases over those very public instances. They have promised to improve their own security issues. And clearly, they aren’t budging on keeping private conversations inaccessible to the government, both in their applications and on their devices.
The issue is complex, the stakes high and the perspectives very different – a recipe for keeping this fight going for the foreseeable future.