USA, UK and Australia have signed an open letter (given below) “requesting” Facebook not to implement end-to-end encryption on its messaging services without including a way for the governments to access this content for the protection of citizens. This letter comes at the heels of the signing of the first Data Access Agreement between the US and the UK under the CLOUD Act which will allow the two countries to request access to electronic data in each other’s countries directly. MediaNama has reached out to Facebook for comment.
Who all signed the letter? US Attorney General William Barr, Acting Secretary of Homeland Security Kevin K. McAleenan, British Home Secretary Priti Patel, and Australian Home Minister Peter Dutton
Why did they write the open letter? In March 2019, Facebook had announced that it would eventually introduce end-to-end encryption to all its messaging services. The three countries who signed the letter, and other countries who haven’t (including India), are wary of that as the law enforcement agencies would lose access to content that has helped them nab terrorists, paedophiles, and other serious criminals.
“… we must ensure that technology companies protect their users and others affected by their users’ online activities. Security enhancements to the virtual world should not make us more vulnerable in the physical world.”
Has lack of encryption actually helped the governments? As per the letter, yes. It states that Facebook’s own safety systems identified more than 99% of the content that Facebook took action against, both for child sexual exploitation and terrorism, which is also in Facebook’s transparency report. However, the transparency report doesn’t specify whether this content was flagged from public/private posts or private messages sent across Messenger. As per a New York Times report on prevalence of child sexual abuse material online, 12 million of the 18.4 million worldwide reports of such material were from Messenger.
- The letter also states that Facebook made 16.8 million of the 18.4 million reports to the US National Center for Missing and Exploited Children (NCMEC). These reports, as per the UK National Crime Agency, led to more than 2,500 arrests last year by British law enforcement.
What do the governments want? While the term backdoor access has not been used in the letter, it is obvious that’s what the signatory governments want. They want Facebook and similar companies to take the following steps:
- Let law enforcement get lawful access to content in a readable and usable format
- Design systems in such a way that allows the companies to act against illegal content effectively
- Consult with governments, and let those consultations influence companies’ design decisions
- Not implement any changes till safety of users is fully ensured by tested and operational systems
“Companies should not deliberately design their systems to preclude any form of access to content, even for preventing or investigating the most serious crimes. This puts our citizens and societies at risk by severely eroding a company’s ability to detect and respond to illegal content and activity … It also impedes law enforcement’s ability to investigate these and other serious crimes.”
Is this an assault on user privacy? As per most privacy experts, yes. Electronic Frontier Foundation (EFF) called it “an all-out attack on encryption” and “a staggering attempt to undermine the security and privacy of communications tools used by billions of people”. EFF said that the letter ignored the “severe risks” associated with introducing encryption backdoors:
- Risk to journalists, human rights activists, victims of abusive partners
- Lack of protection from criminals and corporations from spying on our private conversations
- Facebook would face immense pressure to make such backdoors available to authoritarian regimes as well
1/n Regulators are now writing a love letter to @facebook asking it not to implement end-to-end encryption. Why should the general public not have access to private and secure communications just because law enforcement is unable to shore up its investigation capabilities? https://t.co/jNWXH7eDH2
— Siddhartha Sarangal (@SidSarangal) October 4, 2019
It is to be noted that an open letter has historically been a tool for private individuals and groups to make their concerns publicly heard and are usually addressed to the government and/or editors of major publications. The fact that the governments of USA, UK and Australia, with their elaborate state machinery and communication platforms have signed an open letter to the CEO of a private company is ironic, to say the least.