The United States, Britain and Australia are calling on Facebook to halt its plans to deploy strong encryption across all its messaging apps unless it can provide a way for investigators to see communications in the clear, launching a fresh salvo in a long-running war between Washington and Silicon Valley.
In a letter dated October 4 to Facebook obtained by The Washington Post, US Attorney General William P. Barr and his foreign counterparts urged Facebook to “enable law enforcement to obtain lawful access to content in a readable and usable format,” arguing that the company’s efforts could prove especially damaging for government investigations into child sexual abuse.
The dispute stems over a March announcement by Facebook chief executive Mark Zuckerberg, who sketched out his vision for a “privacy-focused” future for Facebook and the services under its umbrella, including Instagram and WhatsApp. Zuckerberg said the company intends to integrate those services with Facebook’s Messenger app, so users can talk to one another across different apps if they want, while providing “end-to-end” encryption of their chats. Such strong encryption allows only the user and sender to be able to read or hear a conversation’s content.
In doing so, Barr and his colleagues said Facebook “puts our citizens and societies at risk by severely eroding a company’s ability to detect and respond to illegal content and activity, such as child sexual exploitation and abuse, terrorism, and foreign adversaries’ attempts to undermine democratic values and institutions.”
The letter alleged that Facebook’s ability to detect child sexual exploitation would be severely hampered. Last year, Facebook made more than 16 million reports of child sexual exploitation and abuse content to the National Center for Missing & Exploited Children, US and international authorities said. Encrypting chats across its services could mean about 12 million reports “would be lost,” US and foreign officials estimated.
“Our understanding is that much of this activity, which is critical to protecting children and fighting terrorism, will no longer be possible if Facebook implements its proposals as planned,” they wrote.
In a statement, Facebook said it already is “consulting closely with child safety experts, governments and technology companies and devoting new teams and sophisticated technology so we can use all the information available to us to help keep people safe.”
“We strongly oppose government attempts to build backdoors because they would undermine the privacy and security of people everywhere,” added spokesman Andy Stone.
The move comes as the three governments prepare a big push on Friday to highlight how the explosion of social media is making it increasingly difficult for law enforcement to catch child predators and stop the proliferation of child sexual exploitation images.
To law enforcement authorities, Silicon Valley essentially has endorsed “warrant-proof encryption,” building security safeguards that make it impossible for investigators to obtain information even when they receive the blessings of a court. Tech companies, however, long have argued that law enforcement threatened to introduce significant privacy and security vulnerabilities into their products that malicious hackers easily could exploit for their own purposes.
Privacy advocates said they feared the impact on human rights. Andrew Crocker, a senior staff attorney at the Electronic Frontier Foundation, found the call to halt Facebook encryption “sweeping and staggering.” He said “when journalists and dissidents are relying on these platforms to engage in sensitive communications, whether that’s talking to confidential sources or organizing protests, these are the very systems that the US, UK and Australian governments are calling on Facebook to compromise.”
Facebook embarked on an effort to rethink its core services after years of criticism that it had been a poor steward of users’ personal information, resulting in a series of scandals – and eventually a record $5 billion fine from the US government. But Zuckerberg appeared to anticipate broad blowback from law enforcement officials, who already contend that Silicon Valley’s security practices have inhibited investigations.
“Messages and calls are some of the most sensitive private conversations people have, and in a world of increasing cyber-security threats and heavy-handed government intervention in many countries, people want us to take the extra step to secure their most private data,” Zuckerberg wrote. “That seems right to me, as long as we take the time to build the appropriate safety systems that stop bad actors as much as we possibly can within the limits of an encrypted service.”
This week, senior Justice Department officials signalled they planned to shine a fresh light on Silicon Valley’s business practices – and the extent to which tech companies’ decisions to pursue and promote encryption are rooted in their personal interest.
“We’re not looking to demonize the tech companies,” Sujit Raman, associate deputy attorney general, said at a Washington Post Live cyber conference Wednesday. “We’re at a point now where . . . we’re trying to make sure that the public is aware of the cost and benefits of what’s going on here, because a lot of the decisions are being made by corporate executives for their own business purposes. But that has tremendous impacts on our public safety and our broader public policy.”
Raman did not directly answer a question about whether the administration was mulling proposing legislation to require companies to build in access. “We’re at least now – and I think this is an administration-wide position – actively engaging with the public to raise awareness of the lawful access problem, the warrant-proof encryption problem.”
The pressure on Facebook follows a July communique issued by the “Five Eyes” governments of the United States, Britain, Australia, Canada, and New Zealand that called on tech companies to “include mechanisms in the design of their encrypted products and services whereby governments, acting with appropriate legal authority, can obtain access to data in a readable and usable format.”
© The Washington Post 2019