DOJ Boss Joins UK, Australian Gov't In Asking Facebook To Ditch Its End-To-End Encryption Plan

from the [stacks-exploited-bodies-higher]-MR-FACEBOOK-PLEASE dept

The DOJ seems to be handling its anti-encryption (a.k.a. "going dark") grief badly. I doubt it will ever reach "acceptance," but it is accelerating through the rest of the stages with alarming speed.

It went through shock first, personified by former FBI director Jim Comey, who insisted tech companies were offering encryption to:

A. Give the feds the middle finger

B. Enable all sorts of dangerous criminals

C. To act like children in a roomful of adults

"Denial" seems to have been bypassed completely. Instead, Comey (and others) repeated the "shock" stage, banging the table louder and louder in hopes of convincing everyone they were right.

They weren't right and encryption deployments continued.

The FBI and DOJ shifted quickly to anger. This was first displayed during the legal fight over the San Bernardino shooter's iPhone. The DOJ insisted a law nearly 230 years old gave it permission to force Apple to break encryption. Apple disagreed. The court disagreed. The FBI insisted this would be the death of us all and ignored outside offers to crack the phone while pursuing precedent it would never obtain.

The phone was eventually cracked by a third party and the FBI moved on, still clinging to its "going dark" narrative, even as vendor after vendor stepped up to provide phone-cracking tools. It also overstated the number of "uncrackable" devices in its possession by at least 6,000 devices. It has been nearly 17 months since the FBI promised to correct this count. It still has yet to provide an updated number.

The DOJ's new boss is carrying the (apparently unlit) torch for the FBI. He has demonized both end-to-end encryption and citizens who don't believe cops are blameless white knights standing between us and the collapse of civilization.

Now, he's moving the feds on to the next stage of grief: bargaining. A letter sent to Facebook -- sporting Barr's signature, along with other stalwart encryption foes like UK Home Dept. head Priti Patel and Australian MP Peter Dutton -- begs Facebook to please please please stop adding encryption to its services.

BuzzFeed obtained a draft report of the letter, which appears to be the charm offensive preceding the new US-UK data sharing agreement that targets encrypted communications. The letter contains some loaded language about child porn and its victims, suggesting Barr isn't done leaning on victimized children to advance his anti-encryption efforts. Hey, it didn't work for Comey, but maybe Bill Barr will get the horrific crime he needs to turn the public against their own best interests.

Here are some excerpts from the letter, as first published by BuzzFeed.

Dear Mr. Zuckerberg, OPEN LETTER: FACEBOOK’S “PRIVACY FIRST” PROPOSALS We are writing to request that Facebook does not proceed with its plan to implement end-to-end encryption across its messaging services without ensuring that there is no reduction to user safety and without including a means for lawful access to the content of communications to protect our citizens.

So, this is a request for a backdoor. (But one no government agency will refer to as a "backdoor.") "Lawful access" is law enforcement slang for "backdoor," kind of like "officer-involved shooting" is slang for "homicide" and "detected the odor of marijuana" is slang for "Fourth Amendment violation."

Barr (and his anti-encryption warriors) then attempt to call Zuck's bluff... um... I guess??

In your post of 6 March 2019, “A Privacy-Focused Vision for Social Networking,” you acknowledged that “there are real safety concerns to address before we can implement end-to-end encryption across all our messaging services.” You stated that “we have a responsibility to work with law enforcement and to help prevent” the use of Facebook for things like child sexual exploitation, terrorism, and extortion. We welcome this commitment to consultation. As you know, our governments have engaged with Facebook on this issue, and some of us have written to you to express our views. Unfortunately, Facebook has not committed to address our serious concerns about the impact its proposals could have on protecting our most vulnerable citizens.

And there it is. "Our most vulnerable citizens." Apparently that demographic group doesn't contain Facebook users. Facebook users will be fine, I guess, even if any number of malicious hackers/governments want access to communications no one on Facebook actually wants to share with them. "For the children" is the game here, and Barr forges forward with contradictory statements and terrible logic.

We support strong encryption, which is used by billions of people every day for services such as banking, commerce, and communications.

(But, pointedly, not Facebook communications.)

We also respect promises made by technology companies to protect users’ data. Law abiding citizens have a legitimate expectation that their privacy will be protected.

(Except from us.)

However, as your March blog post recognized, we must ensure that technology companies protect their users and others affected by their users’ online activities. Security enhancements to the virtual world should not make us more vulnerable in the physical world. We must find a way to balance the need to secure data with public safety and the need for law enforcement to access the information they need to safeguard the public, investigate crimes, and prevent future criminal activity. Not doing so hinders our law enforcement agencies’ ability to stop criminals and abusers in their tracks.

Ah, the famous tradeoff government officials always pitch, but one that isn't actually the tradeoff being made. It's not privacy vs. the security of the nation as a whole. It's personal security vs. government access that also grants access to criminals and state-sponsored hackers.

What people want is security. They're aren't really interested in trading security for government access. That does nothing for them. The government may solve a few more crimes, but the government was solving crimes long before cellphones, social media platforms, and end-to-end encryption.

Now, multiple governments feel they can't solve crimes without on-demand access to people's communications -- something they have never had in the history of crime-solving and communications. But here we are, listening to Barr and his buddies make a pitch for encryption backdoors while standing on the backs of child porn victims.

Barr makes this pitch while acknowledging that Facebook probably does far more than all US and UK law enforcement agencies combined to combat child porn.

Facebook currently undertakes significant work to identify and tackle the most serious illegal content and activity by enforcing your community standards. In 2018, Facebook made 16.8 million reports to the US National Center for Missing & Exploited Children (NCMEC) – more than 90% of the 18.4 million total reports that year. As well as child abuse imagery, these referrals include more than 8,000 reports related to attempts by offenders to meet children online and groom or entice them into sharing indecent imagery or meeting in real life. The UK National Crime Agency (NCA) estimates that, last year, NCMEC reporting from Facebook will have resulted in more than 2,500 arrests by UK law enforcement and almost 3,000 children safeguarded in the UK.

And yet, Barr wants to complain. Barr and his UK/Aussie counterparts want to claim this isn't enough. What's really needed is insecure communications on a platform used by billions. And to make this claim, Barr again points to something Facebook does as evidence that Facebook isn't doing enough.

While these statistics are remarkable, mere numbers cannot capture the significance of the harm to children. To take one example, Facebook sent a priority report to NCMEC, having identified a child who had sent self-produced child sexual abuse material to an adult male. Facebook located multiple chats between the two that indicated historical and ongoing sexual abuse. When investigators were able to locate and interview the child, she reported that the adult had sexually abused her hundreds of times over the course of four years, starting when she was 11. He also regularly demanded that she send him sexually explicit imagery of herself. The offender, who had held a position of trust with the child, was sentenced to 18 years in prison. Without the information from Facebook, abuse of this girl might be continuing to this day.

Here's what Barr thinks will happen if Facebook deploys end-to-end encryption. Facebook will no longer be able to "read" messages sent between users, which will result in an increase in abused children that authorities will be powerless to help.

Our understanding is that much of this activity, which is critical to protecting children and fighting terrorism, will no longer be possible if Facebook implements its proposals as planned. NCMEC estimates that 70% of Facebook’s reporting – 12 million reports globally – would be lost. This would significantly increase the risk of child sexual exploitation or other serious harms. You have said yourself that “we face an inherent tradeoff because we will never find all of the potential harm we do today when our security systems can see the messages themselves”. While this tradeoff has not been quantified, we are very concerned that the right balance is not being struck, which would make your platform an unsafe space, including for children.

"For children." That's the leverage. Barr wants Facebook to abandon its encryption plans to save children. Sure, that's admirable, if you're willing to overlook the considerable downside of creating a backdoor for governments or simply removing the encryption offer altogether. Facebook's encryption plans offer a whole new layer of security for lawful users -- some of which are targeted by authoritarian/corrupt governments. Many governments around the world pose as much of a threat to their citizens as criminals do. And a great many people believe their communications should be private, which means not being read/scanned by Facebook, much less any government that happens to stroll by waving some paperwork.

All Barr wants is for Facebook to abandon its encryption plans. He wants Facebook to be able to access the content of its users' messages. He wants every government in the world to be able to access the content of users' messages. He may only be aligned with three-fifths of the Five Eyes in this letter, but ensuring US/UK/Australian "lawful access" means giving every other two-bit dictatorship the same level of access to users' communications.

This isn't standard government bullshit. This is heinous, dangerous bullshit. This is a conglomerate of Western governments, on the eve of the deployment of a mysterious "data-sharing" agreement, portraying the implementation of encryption for communications as aiding and abetting the sexual abuse of children. This is a not-very-subtle smearing of every tech company that deploys encryption to protect its users from criminals and governments that behave like criminals. This is the abuse of the phrase "lawful access" to portray the possession of a warrant as a golden ticket to everything law enforcement wishes to obtain.

To be historically clear, a warrant has NEVER guaranteed access to communications. It has only allowed law enforcement to search for them. The implementation of encryption doesn't change this equation. But Barr and others keep pushing this in hopes of persuading the public -- and the tech companies they patronize -- that secret communications are something new and far more dangerous than anything law enforcement has ever encountered prior to the rise of social media and smartphones.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: doj, encryption, mark zuckerberg, messenger, peter dutton, priti patel, privacy, security, snooping, william barr

Companies: facebook, instagram, whatsapp