Governments Urge Facebook To Create Backdoor Access To Encrypted Messages

Uploaded on 2019-10-04 in TECHNOLOGY-Key Areas-Social Media, GOVERNMENT-National, FREE TO VIEW

The US Attorney General, along with officials from the United Kingdom and Australia,are  asking Facebook to delay plans for end-to-end encryption across its messaging services. 

The open letter, dated 4 October, is jointly signed by the UK’s home secretary, Priti Patel (pictured) the US attorney general, William Barr, the US acting secretary of homeland security and the Australian minister for home affairs. 

The letter calls on Facebook to prioritise public safety in designing its encryption by enabling law enforcement to gain access to illegal content in a manageable format and by consulting with governments ahead of time to ensure the changes will allow this access. 

While the letter acknowledges that Facebook, which owns Facebook Messenger, WhatsApp, and Instagram, captures 99% of child exploitation and terrorism-related content through its own systems, it also notes that "mere numbers cannot capture the significance of the harm to children."

"Risks to public safety from Facebook’s proposals are exacerbated in the context of a single platform that would combine inaccessible messaging services with open profiles, providing unique routes for prospective offenders to identify and groom our children," the letter reads.

It will call on Facebook not to “proceed with its plan to implement end-to-end encryption across its messaging services without ensuring that there is no reduction to user safety and without including a means for lawful access to the content of communications to protect our citizens”.

The US and UK announced the signing of a “world-first” data access agreement that will allow law enforcement agencies to demand certain data directly from the other country’s tech firms without going through their governments first. The agreement is designed to facilitate investigations related to terrorism, child abuse and exploitation, and other serious crimes. The draft open letter was first reported by BuzzFeed. The governments’ request will reignite a longstanding debate over how to balance privacy with public safety.

Zuckerberg defended his decision to encrypt the company’s messaging services despite concerns about its impact on child exploitation and other criminal activity.

Speaking Thursday 3rd October in a live-streamed version of the company’s weekly internal Q&A session, said child exploitation risks weighed “most heavily” on him when he was making the decision and pledged steps to minimise harm.
Also on Thursday, a Facebook spokesperson said in a statement: “We strongly oppose government attempts to build backdoors because they would undermine the privacy and security of people everywhere.”

What are Facebook’s planned changes?
Facebook’s messaging app WhatsApp already employs end-to-end encryption, shielding the content of its 1.5bn users’ messages from the company itself. In March 2019, Zuckerberg announced plans to integrate Facebook’s other messaging apps, Facebook Messenger and Instagram, with WhatsApp and incorporate end-to-end encryption across the entire service. 

Facebook’s move to expand the use of encryption followed a year in which the company came under global criticism for its failure to protect the data of its users, and it was branded as a pivot toward a “privacy-focused communications platform”.
But law enforcement agencies have long looked askance at encrypted communications, which they argue protect criminals and terrorists while stymying investigators.

The letter specifically focuses on the threat of child sexual exploitation and abuse, noting that Facebook’s combination of encrypted messaging and open profiles could provide “unique routes for prospective offenders to identify and groom our children”.

“In 2018, Facebook made 16.8 million reports to the US National Center for Missing & Exploited Children, more than 90% of the 18.4 million total reports that year,” the letter states. “NCMEC estimates that 70% of Facebook’s reporting, 12 million reports globally, would be lost [if Facebook implements encryption as planned].”

Privacy v Public Safety
The letter asserts that the governments “support strong encryption” while also demanding “a means for lawful access to the content of communications”, an apparent reference to a so-called “backdoor” into the encrypted communications.
Governments have often proposed such backdoors as a compromise measure, but some security experts argue that it is impossible to provide limited access to encrypted communication without weakening privacy overall.

Privacy advocates have pushed back on the idea that a government backdoor was needed to keep people safe.

“When a door opens for the United States, Australia, or Britain, it also opens for North Korea, Iran, and hackers that want to steal our information,” said Neema Singh Guliani, the senior legislative counsel for the American Civil Liberties Union (ACLU).

“Companies should resist these repeated attempts to weaken encryption that reliably protects consumers’ sensitive data from identity thieves, credit card fraud, and human rights abusers.”

The ex-NSA whistleblower Edward Snowden, now safely in exile in Moscow, criticised the governments’ request on Twitter, “If Facebook agrees, it may be the largest overnight violation of privacy in history.”

Guardian:         Buzzfeed

You Might Also Read:

Quantum Computing Will Break Encryption:

WhatsApp Implements Encryption:

 

 

 

« The Future Of Cyber Security Is AI
The Strange Case Of The The Missing Crypto-Queen »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Riverbed Technology

Riverbed Technology

The Riverbed Network and Application Performance Platform enables organizations to visualize, optimize, accelerate and remediate the performance of any network for any application.

PROMIA

PROMIA

PROMIA is in the business of providing solutions that are designed to support highly secure, reliable, scalable and interoperable business applications.

OpenZeppelin

OpenZeppelin

OpenZeppelin builds developer tools and performs security audits for distributed systems that power multimillion-dollar economies.

RackTop Systems

RackTop Systems

RackTop Systems is the pioneer of CyberConverged data security, a new market that fuses data storage with advanced security and compliance into a single platform.

BTblock

BTblock

Blockchain and cybersecurity is a vital combination for Enterprise success. BTblock is a Force Multiplier for its clients.

Fairfirst Insurance

Fairfirst Insurance

Fairfirst Cyber Insurance protects your business assets against the complexity of cyber threats.

Optimum Speciality Risks

Optimum Speciality Risks

Optimum Speciality Risks are an experienced team of cyber insurance experts, backed by Lloyds of London.

Mindsight

Mindsight

Mindsight is a technology consulting firm with expertise from cybersecurity to cloud, disaster recovery to infrastructure, and collaboration to contact center.

Wabbi

Wabbi

Wabbi’s continuous security platform centralizes, automates and orchestrates security governance and vulnerability management to empower development teams to own appsec.

Resilience Cyber insurance

Resilience Cyber insurance

Resilience helps to improve cyber resilience by connecting cyber insurance coverage with advanced cybersecurity visibility and a shared plan to reinforce great cyber hygiene.

Vercara

Vercara

Vercara offers a purpose-built, global cloud security platform that provides layers of protection to safeguard businesses’ online presence, no matter where an attack comes from or where it is aimed.

Sababa Security

Sababa Security

Sababa Security is the first Italian innovation cyber security vendor, that provides security products, training, and managed services to protect diverse IT and OT environments.

Secuvy

Secuvy

Secuvy leads in data security, privacy, compliance, and governance, offering a unified platform for proactive data discovery, management, protection, and enhanced data value.

Bestman Solutions

Bestman Solutions

As a specialist cyber security practice, we believe that people are an organisation’s most valuable asset. Success depends on hiring the right people, and this is where we come in.

Cyro Cyber

Cyro Cyber

Cyro Cyber is a collective of some of the UK’s most experienced and savvy cybersecurity, information assurance, data protection, IT governance and compliance experts.

Dialog Enterprise

Dialog Enterprise

Dialog Enterprise is the corporate ICT solutions arm of Dialog Axiata, Sri Lanka’s leading connectivity provider.