Attorney General William Barr plans to once again make his case against end-to-end encryption for the masses, this time in a public call for Facebook to ensure that law enforcement can decrypt messages when investigating terrorists, child abusers, and other criminals.
The reports come six weeks after Barr said tech firms “can and must” backdoor encryption to keep it from degrading criminal investigations.
For more than a decade, the US Justice Department has warned encryption could hamstring its ability to fight enemies and conduct criminal investigations, a plight it describes as “going dark.” In 2016, the department renewed its push when it obtained a court order requiring Apple to help the FBI unlock the iPhone of one of the shooters in the San Bernardino, Calif., mass killings. Apple fought the order—arguing the code required could be misused—and the FBI eventually found another way to access the encrypted data.
Friday’s letter, the publications reported, will largely repeat the same arguments but focus on Facebook. The social media giant already provides strong end-to-end encryption by default in WhatsApp and has signaled plans to expand its encryption offerings in its Facebook Messenger and other platforms. In March, CEO Mark Zuckerberg said Facebook was embarking on a major shift to a “privacy-focused communications platform [that] will become even more important than today’s open platforms.”
WhatsApp encryption is provided by the Signal Protocol that debuted with the Signal messenger. The end-to-end encryption provided by the protocol makes it impossible for Facebook—or any other party other than the sender and receiver—to decrypt messages. Complying with subpoenas or other law enforcement requests is impossible. For Facebook to comply with the Barr’s request, it would have to completely redesign WhatsApp.
According to a draft of the letter—which BuzzFeed published in its entirety—Barr and his counterparts wrote:
Companies should not deliberately design their systems to preclude any form of access to content, even for preventing or investigating the most serious crimes. This puts our citizens and societies at risk by severely eroding a company’s ability to detect and respond to illegal content and activity, such as child sexual exploitation and abuse, terrorism, and foreign adversaries’ attempts to undermine democratic values and institutions, preventing the prosecution of offenders and safeguarding of victims. It also impedes law enforcement’s ability to investigate these and other serious crimes. Risks to public safety from Facebook’s proposals are exacerbated in the context of a single platform that would combine inaccessible messaging services with open profiles, providing unique routes for prospective offenders to identify and groom our children.
The letter asks that Facebook delay its encryption plans until it can ensure those plans don’t affect public safety. The letter also provides assurances that the governments recognize the right to privacy and will seek access to encrypted contents only when public safety is threatened. Barr plans to make public remarks on Friday at a Justice Department summit on how encryption is stymying the government’s ability to access information, the NYT said. Facebook representatives will also attend the summit, which will focus on the threat encryption poses to child-exploitation cases.
Facebook officials are opposing the request. In a statement, they wrote:
We believe people have the right to have a private conversation online, wherever they are in the world. As the US and UK governments acknowledge, the CLOUD Act allows for companies to provide available information when they receive valid legal requests and does not require companies to build back doors.
We respect and support the role law enforcement has in keeping people safe. Ahead of our plans to bring more security and privacy to our messaging apps, we are consulting closely with child-safety experts, governments, and technology companies and devoting new teams and sophisticated technology so we can use all the information available to us to help keep people safe.
End-to-end encryption already protects the messages of over a billion people every day. It is increasingly used across the communications industry and in many other important sectors of the economy. We strongly oppose government attempts to build backdoors because they would undermine the privacy and security of people everywhere.
Passed last year, the CLOUD Act is short for Clarifying Lawful Overseas Use of Data. It amended the 1986 Stored Communications Act to allow federal law enforcement to compel US technology companies via warrant or subpoena to provide requested data stored on servers regardless of whether the data are stored in the United States or on foreign soil.
Proponents of end-to-end encryption, meanwhile, have steadfastly opposed backdoors for both privacy and technological reasons. Kurt Opsahl, the deputy executive director and general counsel of the Electronic Frontier Foundation, said on Twitter that Barr was exaggerating the threat encryption posed to legitimate law enforcement investigations. He cited this tweet from Ryan Singel—a fellow at Stanford Law School’s Center for Internet and Society—that said of 1,457 federal criminal wiretaps in 2018, only 74 federal were reported as being encrypted, and only 58 of those couldn’t be decrypted.
“Context is important when considering the FBI’s claim of ‘going dark’ due to encryption while in the Golden Age of Surveillance,” Opsahl wrote. “These numbers show it’s about mass surveillance, scanning all the messages, not targeted surveillance, with a warrant.”
The Barr letter says they’ll follow the Five Eyes Aug 2018 statement, which is generally terrible, but recognizes “there will be situations where access to information is not possible, although such situations should be rare.” 58 wiretaps is rare. https://t.co/EUHD963dsO
— Kurt Opsahl (@kurtopsahl) October 3, 2019
Cryptographers and technologists, meanwhile, argue that secret methods for decrypting encrypted messages aren’t technically feasible. Any mechanism built into an app to allow the developer to unlock a message, they argue, can inevitably be abused by criminals and other malicious outsiders. This isn’t the first time this debate has played out, and it won’t be the last.