Sicurezza

The Same Old Encryption Debate Has a New Target: Facebook

Stop us if you’ve heard this one before: United States law enforcement officials want tech companies to undermine encrypted messaging protections. The latest salvo is a fresh spin, but the underlying intent remains the same. As does the fundamental danger it poses.

On Friday, Attorney General William Barr will present an open letter to Facebook and its CEO, Mark Zuckerberg, cosigned by British and Australian officials, asking the company not to implement end-to-end encryption protections across its messaging services as planned. The letter, first reported on and published by BuzzFeed News, comes in tandem with a Department of Justice Lawful Access Summit in Washington, DC, focused on child exploitation investigations and the role of tech companies in flagging content related to child sexual abuse—insights that strong encryption protections can curtail.

All of this probably sounds very familiar, including Mark Zuckerberg’s stated willingness to go head to head with law enforcement if necessary to implement its encryption plans. And less than four years ago, Apple and the FBI faced off in a similar debate about whether the tech giant could be compelled to create a tool that would unlock one of the San Bernardino shooters’ iPhones.

“We respect and support the role law enforcement has in keeping people safe,” a Facebook spokesperson said in a statement on Thursday. “Ahead of our plans to bring more security and privacy to our messaging apps, we are consulting closely with child safety experts, governments, and technology companies and devoting new teams and sophisticated technology so we can use all the information available to us to help keep people safe … We strongly oppose government attempts to build backdoors because they would undermine the privacy and security of people everywhere.”

For decades, the DoJ and law enforcement agencies around the world have promoted the idea that encrypted digital communications hinder investigations and that, if those protections must exist, law enforcement needs a way to circumvent them. Cryptographers and privacy advocates dispute, though, that such a”backdoor” can exist without fundamentally undermining the protection encryption offers. Encryption may create one danger in limiting law enforcement insight, but it protects people around the world against many other pressing threats from repressive governments, criminals, and abusers of all sorts.

In Apple’s showdown with the FBI, which centered on a terrorism investigation, the agency mounted a legal challenge, including a lawsuit in federal court. This time the Justice Department initiative is linked to another universally reviled crime, child exploitation. But it comes at a time when Facebook is attempting to repair its reputation on privacy and security issues, and has a strong interest in being seen as a defender of user protections. It is unclear what next steps the Justice Department may take if Facebook doesn’t heed Barr’s letter.

“There seems to be a pretty concerted effort here to call attention to very serious crimes and reports of crimes that happen over communications platforms and try to tie that to encryption and sort of use that as a lever or wedge against the further spread of encryption,” says Andrew Crocker, a staff attorney at the nonprofit Electronic Frontier Foundation, a digital rights group.

According to Barr’s letter, Facebook made 16.8 million reports to the US National Center for Missing & Exploited Children in 2018, the vast majority of that year’s 18.4 million total reports. The UK National Crime Agency estimates that these reports from Facebook led to more than 2,500 arrests by UK law enforcement. These statistics don’t indicate, though, whether more child exploitation happens than ever in the digital age, or whether the same photos and other media circulates on Facebook being repeatedly (and rightly) flagged. It’s also a massive number of reports given that a significant portion of Facebook’s offerings and infrastructure, like WhatsApp, are already end-to-end encrypted or, like Messenger, can be.