Senior officials in the US, UK and Australia have signed an open letter calling for Facebook to implement a backdoor in its encryption systems to help in the fight against child abuse.
It comes after CEO Mark Zuckerberg in March this year outlined plans to build a “privacy-focused platform”, which included encrypting all the company’s messaging services.
This has not gone down well with governments who have repeatedly pressured the tech industry to create so called backdoors to encryption systems. In August 2018 for example the US government pressured Facebook to break the encryption in its Messenger app, so law enforcement could listen to a suspect’s voice conversations in a criminal probe.
The open letter was signed by the UK Home Secretary Priti Patel, US Attorney General Bill Barr, acting US Homeland Security Secretary Kevin McAleenan, and Australian Minister for Home Affairs Peter Dutton.
Essentially the letter raises concerns that Facebook’s plan to build end-to-end encryption into its messaging apps will prevent law enforcement agencies from searching for child sexual exploitation, terrorism, and election meddling.
“We are writing to request that Facebook does not proceed with its plan to implement end-to-end encryption across its messaging services without ensuring that there is no reduction to user safety and without including a means for lawful access to the content of communications to protect our citizens,” the letter stated.
“We support strong encryption, which is used by billions of people every day for services such as banking, commerce, and communications,” said the letter. “We also respect promises made by technology companies to protect users’ data.”
“Security enhancements to the virtual world should not make us more vulnerable in the physical world,” the letter reads. “Companies should not deliberately design their systems to preclude any form of access to content, even for preventing or investigating the most serious crimes.”
The letter then called on Facebook to prioritise public safety in designing its encryption by enabling law enforcement to gain access to illegal content in a manageable format, essentially by creating a backdoor.
“Enable law enforcement to obtain lawful access to content in a readable and usable format,” the letter urged.
The letter urged Facebook to consult with governments ahead of time to ensure the changes will allow this access.
The letter came as the UK and US signed an “historic agreement” that will enable British law enforcement agencies to directly demand electronic data relating to terrorists, child sexual abusers and other serious criminals from US tech firms.
The UK-US Bilateral Data Access agreement (which is also being called the US Cloud Act) is being hailed the governments as a “world-first” and will apparently dramatically speed up investigations and prosecutions by enabling law enforcement, with appropriate authorisation, to go directly to the tech companies to access data, rather than through governments, which can take years.
The Agreement was signed with US Attorney General Barr in Washington DC.
“Terrorists and paedophiles continue to exploit the internet to spread their messages of hate, plan attacks on our citizens and target the most vulnerable,” said Home Secretary Priti Patel.
“As Home Secretary I am determined to do everything in my power to stop them,” said Patel. “This historic Agreement will dramatically speed up investigations, allowing our law enforcement agencies to protect the public.”
“This Agreement will enhance the ability of the United States and the United Kingdom to fight serious crime – including terrorism, transnational organized crime, and child exploitation – by allowing more efficient and effective access to data needed for quick-moving investigations,” said US Attorney General William P. Barr.
The open letter to Facebook has already triggered a response from CEO Mark Zuckerberg, who defended his decision to encrypt the company’s messaging services, whilst speaking in a livestream of the company’s weekly internal Q&A session.
According to Reuters, Zuckerberg said he had been aware of child exploitation risks before announcing his encryption plan and acknowledged that it would reduce tools to fight the problem.
“When we were deciding whether to go to end-to-end encryption across the different apps, this was one of the things that just weighed the most heavily on me,” he reportedly said.
He then addressed a question from a staff member about online child abuse.
Zuckerberg acknowledged that losing access to the content of messages would mean “you’re fighting that battle with at least a hand tied behind your back.”
But Reuters reported him as saying that he was “optimistic” that Facebook would be able to identify predators even in encrypted systems using the same tools it used to fight election interference, like patterns of activity and links between accounts on different platforms.
He also suggested the company might further limit the ways adults can interact with minors on Facebook’s platforms.
The open letter from the US, UK and Australia to Facebook calling for a backdoor to encryption systems, has triggered an angry response from privacy campaigners.
The Electronic Frontier Foundation (EFF) for example slammed the proposal.
“This is a staggering attempt to undermine the security and privacy of communications tools used by billions of people,” said the EFF. “Facebook should not comply… law enforcement and national security agencies in these three countries are asking for nothing less than access to every conversation that crosses every digital device.”
“The letter focuses on the challenges of investigating the most serious crimes committed using digital tools, including child exploitation, but it ignores the severe risks that introducing encryption backdoors would create,” added the EFF. “Many people – including journalists, human rights activists, and those at risk of abuse by intimate partners – use encryption to stay safe in the physical world as well as the online one.”
“And encryption is central to preventing criminals and even corporations from spying on our private conversations, and to ensure that the communications infrastructure we rely on is truly working as intended,” it added.
“What’s more, the backdoors into encrypted communications sought by these governments would be available not just to governments with a supposedly functional rule of law,” it added. “Facebook and others would face immense pressure to also provide them to authoritarian regimes, who might seek to spy on dissidents in the name of combatting terrorism or civil unrest, for example.”
Meanwhile another privacy campaign group, Privacy International (PI), said that the US Cloud Act is a backward step for privacy.
“The agreement replaces the prior system, under which law enforcement agencies from around the world, including the UK, had to meet US legal standards in order to get access to content held by US service providers – like Facebook and Google – in the US,” said Privacy International.
“The MLAT system, which the new UK-US agreement replaces with regard to the UK, is flawed,” said PI. “But its flaws are mainly logistical. The US government does not devote enough resources to processing requests from other countries – leading to a backlog. Instead of choosing to spend more money, the US has decided to let other countries get access to content stored in the US under their own legal regimes – most of which are not as privacy protective.”
“It is unfortunate that the US has chosen to permit the UK to side step such privacy protections instead of investing more in improving the MLAT process,” it added.
It concluded by pointing out the irony of Facebook’s Mark Zuckerberg becoming a privacy champion.
Can you protect your privacy online? Take our quiz!
A new low. International Committee of the Red Cross shuts down reunification system, after hackers…