Facebook urged by governments to halt end-to-end encryption plans
The row concerned Facebook CEO Mark Zuckerberg’s publication of a privacy manifesto in March this year, in which he promised to extend the company’s end-to-end encryption work and introduce the technology into its core Facebook Messenger product.
A thorn in their sides
An online messaging service can encrypt your data in two ways. It can store the encryption key on the provider’s own servers, enabling law enforcement to subpoena it and unlock your messages. Alternatively, end-to-end encryption stores the key to a messaging session exclusively on the participating computers, meaning that the tech company has nothing to give the authorities. This means that even if law enforcement accesses a person’s messages, they wouldn’t be able to read the contents.
End-to-end encryption is a thorn in the side of governments who want to track criminals. On Friday, US Attorney General William Barr published an open letter to Zuckerberg, cosigned by UK Home Secretary Priti Patel, acting United States Secretary of Homeland Security Kevin McAleenan, and Australian Home Affairs Minister Peter Dutton. It laid out its demands clearly in the first paragraph:
We are writing to request that Facebook does not proceed with its plan to implement end-to-end encryption across its messaging services without ensuring that there is no reduction to user safety and without including a means for lawful access to the content of communications to protect our citizens.
The letter called upon Facebook to embed the ability to see message content in the design of its systems, and to give law enforcement lawful access (meaning access to message content on production of a warrant). The company should consult with governments when taking these measures, and avoid going forward with its proposed changes until it can be sure that it is following these principles, the letter warned.
The signatories also warned that Facebook’s proposed encrypted messaging system would be especially vulnerable to abuse:
Risks to public safety from Facebook’s proposals are exacerbated in the context of a single platform that would combine inaccessible messaging services with open profiles, providing unique routes for prospective offenders to identify and groom our children.
The Department of Justice published the letter just as it signed a landmark agreement with the UK government under the US Clarifying Lawful Overseas Use of Data (CLOUD) Act. The legislation, enabled in March 2018, lets the US demand data from technology companies harbouring that data on foreign soil. It’s a response to the 2013 United States vs Microsoft case in which Microsoft refused to give the Feds access to data stored on an Irish server.
The agreement signed between the US and the UK this week is the first under a provision in the CLOUD Act enabling other countries to demand US-based data from tech companies, leapfrogging time-consuming US legal processes. However, this agreement still doesn’t let countries get at end-to-end encrypted messages, hence the open letter.