In October, a group of top elected officials in western democracies wrote to Facebook expressing concern about the company’s plans to incorporate end-to-end encryption in all of its messaging products. US Attorney General Bill Barr, along with his rough equivalents in the United Kingdom and Australia, wrote that encryption would make it difficult or impossible for them to uncover instances where messaging was used to facilitate terrorism, child exploitation, and other crimes. They asked Facebook to reconsider its plans.
Cybersecurity experts have repeatedly proven that when you weaken any part of an encrypted system, you weaken it for everyone, everywhere. The ‘backdoor’ access you are demanding for law enforcement would be a gift to criminals, hackers and repressive regimes, creating a way for them to enter our systems and leaving every person on our platforms more vulnerable to real-life harm. It is simply impossible to create such a backdoor for one purpose and not expect others to try and open it. People’s private messages would be less secure and the real winners would be anyone seeking to take advantage of that weakened security. That is not something we are prepared to do.
The letter goes on to note ways in which Facebook does work with law enforcement, and says it continues to develop ways to detect and monitor bad actors on Facebook products without breaking encryption.
This is the right approach to take, in my view, even if in some ways it’s self-serving for Facebook. The company is shifting to private messaging because its users had already started without them; its chief rival in America, iCloud, had already set end-to-end encryption as the privacy standard; and by taking up this fight, Facebook can cast itself in the role of noble privacy defender. (There are downsides, too, of course: a terrorist act planned on WhatsApp is going to be a public-relations catastrophe no matter how much people love their privacy; and in the meantime plenty of lawmakers will be lining up to cast Facebook as an enemy of the people.)
Speaking of which: Lawmakers thought over this answer during a Senate hearing today, and you probably will not be surprised to learn that they are not satisfied
Lawmakers of both parties echoed those worries on Tuesday, threatening to take action if the companies didn’t satisfy their concerns.
“You’re going to find a way to do this, or we’re going to do this for you,” said Senator Lindsey Graham, Republican of South Carolina and the chairman of the Judiciary Committee. “You’re either the solution or you’re the problem.”
One reason that civil liberties groups (and me) tend to oppose proposals like this is that while governments talk a big game about using these tools to fight crime, they also typically use these tools to surveil citizens and journalists. For example, here’s something that’s happening in Australia
Data retention legislation passed in 2015 had a carve-out for journalists that required law enforcement to obtain a special journalist information warrant, but Pfefferkorn said in a personal submission to the review that the combination of the new powers meant the information warrant need not be obtained.
“Law enforcement’s powers granted under the Data Retention Act in 2015 were augmented by the new powers the Assistance and Access Act provided at the end of 2018, creating the framework that authorised the federal police in mid-2019 to raid the homes and offices of journalists over articles published in July 2017 and April 2018, in defiance of international norms,” she said. “Because parliament passed these laws, the federal police had the power to strike a chilling blow against press freedom in Australia, and call it lawful.”
Would Americans implement the law any differently? Well, here’s a Reuters investigation published today about former U.S. counterterrorism czar Richard Clarke, and how he and former White House and U.S. defense executives worked to build a surveillance empire for the government of the United Arab Emirates
. Note how the stated purpose of the surveillance — to catch and stop extremists from carrying out acts of terrorism — quickly expands to include good old-fashioned harassment of government critics:
In the years that followed, the UAE unit expanded its hunt far beyond suspected extremists to include a Saudi women’s rights activist, diplomats at the United Nations and personnel at FIFA, the world soccer body. By 2012, the program would be known among its American operatives by a codename: Project Raven.
this year revealed how a group of former National Security Agency operatives and other elite American intelligence veterans helped the UAE spy on a wide range of targets through the previously undisclosed program — from terrorists to human rights activists, journalists and dissidents.
My personal feeling about end-to-end encryption is that it should be available to citizens for one-to-one communication, but not for one-to-many communication. So encrypted WhatsApp should exist, but you shouldn’t be able to infinitely forward encrypted WhatsApp messages. (You cannot currently do that in WhatsApp.) The very real downside here is that criminals will exploit the availability of encryption to plan crimes. But the upside is that hundreds of millions of law-abiding citizens will have a safe space to communicate in a world that is increasingly defined by surveillance and monitoring technologies.
The ability to speak freely, and privately, in a world where democracy is in decline seems vital to me. I only hope it seems as vital to the electorates of Western nations, who will likely have to lobby lawmakers to preserve these freedoms. The fight over encryption has now begun in earnest, and the survival of private messaging is far from assured.