3 Countries Sent A Joint Letter Asking Facebook To Delay End-To-End Encryption Until Law Enforcement Has Back-Door Access. 58 Concerned Organizations Responded
Monday, October 07, 2019
Plenty of privacy and surveillance news recently. Last week, the governments of three countries sent a joint, open letter to Facebook.com asking the social media platform to delay implementation of end-to-end encryption in its messaging apps until back-door access can be provided for law enforcement.
Buzzfeed News published the joint, open letter by U.S. Attorney General William Barr, United Kingdom Home Secretary Priti Patel, acting US Homeland Security Secretary Kevin McAleenan, and Australian Minister for Home Affairs Peter Dutton. The letter, dated October 4th, was sent to Mark Zuckerberg, the Chief Executive Officer of Facebook. It read in part:
"OPEN LETTER: FACEBOOK’S “PRIVACY FIRST” PROPOSALS
We are writing to request that Facebook does not proceed with its plan to implement end-to-end encryption across its messaging services without ensuring that there is no reduction to user safety and without including a means for lawful access to the content of communications to protect our citizens.
In your post of 6 March 2019, “A Privacy-Focused Vision for Social Networking,” you acknowledged that “there are real safety concerns to address before we can implement end-to-end encryption across all our messaging services.” You stated that “we have a responsibility to work with law enforcement and to help prevent” the use of Facebook for things like child sexual exploitation, terrorism, and extortion. We welcome this commitment to consultation. As you know, our governments have engaged with Facebook on this issue, and some of us have written to you to express our views. Unfortunately, Facebook has not committed to address our serious concerns about the impact its proposals could have on protecting our most vulnerable citizens.
We support strong encryption, which is used by billions of people every day for services such as banking, commerce, and communications. We also respect promises made by technology companies to protect users’ data. Law abiding citizens have a legitimate expectation that their privacy will be protected. However, as your March blog post recognized, we must ensure that technology companies protect their users and others affected by their users’ online activities. Security enhancements to the virtual world should not make us more vulnerable in the physical world..."
The open, joint letter is also available on the United Kingdom government site. Mr. Zuckerberg's complete March 6, 2019 post is available here.
Earlier this year, the U.S. Federal Bureau of Investigation (FBI) issued a Request For Proposals (RFP) seeking quotes from technology companies to build a real-time social media monitoring tool. It seems, such a tool would have limited utility without back-door access to encrypted social media accounts.
In 2016, the Federal Bureau of Investigation (FBI) filed a lawsuit to force Apple Inc. to build "back door" software to unlock an attacker's iPhone. Apple refused as back-door software would provide access to any iPhone, not only this particular smartphone. Ultimately, the FBI found an offshore tech company to build the backdoor. Later that year, then FBI Director James Comey suggested a national discussion about encryption versus safety. It seems, the country still hasn't had that conversation.
According to BuzzFeed, Facebook's initial response to the joint letter:
"In a three paragraph statement, Facebook said it strongly opposes government attempts to build backdoors."
We shall see if Facebook holds steady to that position. Privacy advocates quickly weighed in. The Electronic Frontier Foundation (EFF) wrote:
"This is a staggering attempt to undermine the security and privacy of communications tools used by billions of people. Facebook should not comply. The letter comes in concert with the signing of a new agreement between the US and UK to provide access to allow law enforcement in one jurisdiction to more easily obtain electronic data stored in the other jurisdiction. But the letter to Facebook goes much further: law enforcement and national security agencies in these three countries are asking for nothing less than access to every conversation... The letter focuses on the challenges of investigating the most serious crimes committed using digital tools, including child exploitation, but it ignores the severe risks that introducing encryption backdoors would create. Many people—including journalists, human rights activists, and those at risk of abuse by intimate partners—use encryption to stay safe in the physical world as well as the online one. And encryption is central to preventing criminals and even corporations from spying on our private conversations... What’s more, the backdoors into encrypted communications sought by these governments would be available not just to governments with a supposedly functional rule of law. Facebook and others would face immense pressure to also provide them to authoritarian regimes, who might seek to spy on dissidents..."
The new agreement the EFF referred to was explained in this United Kingdom announcement:
"The world-first UK-US Bilateral Data Access Agreement will dramatically speed up investigations and prosecutions by enabling law enforcement, with appropriate authorisation, to go directly to the tech companies to access data, rather than through governments, which can take years... The current process, which see requests for communications data from law enforcement agencies submitted and approved by central governments via Mutual Legal Assistance (MLA), can often take anywhere from six months to two years. Once in place, the Agreement will see the process reduced to a matter of weeks or even days."
The Agreement will each year accelerate dozens of complex investigations into suspected terrorists and paedophiles... The US will have reciprocal access, under a US court order, to data from UK communication service providers. The UK has obtained assurances which are in line with the government’s continued opposition to the death penalty in all circumstances..."
On Friday, a group of 58 privacy advocates and concerned organizations from several countries sent a joint letter to Facebook regarding its end-to-end encryption plans. The Center For Democracy & Technology (CDT) posted the group's letter:
"Given the remarkable reach of Facebook’s messaging services, ensuring default end-to-end security will provide a substantial boon to worldwide communications freedom, to public safety, and to democratic values, and we urge you to proceed with your plans to encrypt messaging through Facebook products and services. We encourage you to resist calls to create so-called “backdoors” or “exceptional access” to the content of users’ messages, which will fundamentally weaken encryption and the privacy and security of all users."
It seems wise to have a conversation to discuss all of the advantages and disadvantages; and not selectively focus only upon some serious crimes while ignoring other significant risks, since back-door software can be abused like any other technology. What are your opinions?
I suppose that the U.S., U.K., and Australia are focused on Facebook because it is such a lucrative target for particularly dumb terrorists, pedophiles, and other criminals. And certainly a dumb terrorist or other criminal can be just as much of a threat to public safety as smart one. Indeed, Governments’ monitoring of Facebook has resulted in the capture of the challenged among terrorists and other criminals, who use Facebook and other social media to plan or otherwise communicate about the planning and execution of their crimes.
However, what about the smart or just competent criminals and honest and reasonably smart citizens who use, not Facebook’s mail or messaging apps or other social media to communicate their secrets but use anyone of several end-to-end, zero access (which means all messages are encrypted at rest on servers and that no one, not even the provider, can decrypt them) messaging and/or email services which are located beyond the jurisdiction of what are known as the 14-eyes countries. I can think of at least five such services and regularly use three, and am obliged to do so because I have a duty to maintain clients’ secrets and confidences. I also use them for my personal communications because I greatly value my privacy and security. Unless those services are lying to me in their claims, communications on them are already beyond the reach of the U.K., Australia, and the U.S. and everyone else. Smart malefactors don’t use Facebook to communicate. They use end-to-end, zero access messaging and email services, which are located in jurisdictions where neither the three countries, supra, or any 14-eyes country has any authority.
But, of course, that is not true for Facebook, which is a juridical citizen of and is located in the United States. So this move to lobby and compel Facebook to build backdoors is a war on retarded criminals, but not just them, because many others, who have an honest, lawful need for confidentiality or who are simply exercising their constitutional right, at least the United States, to have private and secret communications, simply because they value their privacy or simply because they want to, also use end-to-end encrypted and zero access messaging and email. And I am given to understand that there are similar rights to lawful private and secret communications for citizens of other Western democracies. What of all of those honest users of private messaging? And what of the smart criminals?
There is no way to build backdoors into any encrypted communications or storage system or operating system that won’t eventually be discovered and used by nefarious people. To maintain otherwise is either disingenuous or downright mendacious. What governments’ right to search, seize, and surveil has depended on till now is government’s power or technical prowess to breach any security to reach the thing or communications that it wanted. Now, government is having trouble doing that, so it wants the authority to outlaw impenetrable encryption systems and compel providers to help them by building backdoors into encrypted system, that is, order providers to build flawed systems, with flaws that make them vulnerable and that eventually every nefarious person will discover and exploit.
The problems with that being effective are obvious. First, there are some providers, which are located in jurisdiction that won’t enact laws to compel backdoors, and those providers won’t go along to build the inherently flawed backdoor-systems. Second, neither people who need or just want confidentiality will use such systems, reducing governments’ target to the poor, hapless retard of a criminal or to desperate people struggling to be free from oppression, who such laws will throw into the jaws of oppressive regimes, and/or will expose to harm those who are trying to expose misfeasance and malfeasance and other wrongdoing. Third, while a layman couldn’t design and manage an effective encrypted system of communications, doing so doesn’t require great resources or extraordinary technical skill, so it is practical for, let’s say a graduate computer science student, to build a custom end-to-end encrypted system of communications, which is what I expect really sophisticated terrorists and other criminals do, rather than risk that the United States, for example, would compromise Signal or ProtonMail.
Yet, there are terrorists, pedophiles, and other very bad people, who would commit catastrophic enormities and lesser but still tragic crimes. So what is the way out of this dilemma? There may not be one. Even if the U.S., U.K., and Australia succeed in lobbying or legislating against Facebook et al., there is no apparent way to overcome the three problems that I present, supra. Even covert opts against end-to-end encrypted and zero-access communications systems would be discovered and either remedied or avoided, and many of the best secure communications systems use open-source software and facilities that are audited to guard against being compromised. And even when successful, that very success will lead to the breach of the secure communications system being discovered.
So the U.S., U.K., and Australia can war against the retarded and hapless criminals on Facebook, whether backdoor-encrypted or not, but there is no way to go back to tapping the phone at the central station, which means the three problems presented, supra, will be a constant challenge for law enforcement, intelligence agencies, and for our courts and the rights of our citizens in liberal democracies (liberal in the John Locke sense of that word).
Posted by: Chanson de Roland | Monday, October 07, 2019 at 02:40 PM