In an open letter addressed to Facebook CEO Mark Zuckerberg, high-ranking law enforcement officials from the United States, UK and Australia urged Facebook to abandon its future plans for end-to-end encryption. According to U.S. Attorney General William Barr, end-to-end encryption severely hampers efforts to crack down on criminal activity related to terrorism, child sexual exploitation and election meddling.
As a result, the U.S. Department of Justice – together with UK Home Secretary Priti Patel, acting U.S. Homeland Security Secretary Kevin McAleenan and Australian Minister of Home Affairs Peter Dutton – is requesting that Facebook and other tech companies provide the equivalent of an encryption “backdoor” to help law enforcement authorities read the content of encrypted communications and access the information contained within.
The case against end-to-end encryption
On the surface, of course, the request from international law enforcement authorities to Facebook makes a lot of sense. Criminals have embraced encrypted communications platforms and encrypted messages as a way to keep their illegal activity outside of the prying eyes of the police or other law enforcement officials. WhatsApp, now owned by Facebook, is one of the most popular communications platforms offering end-to-end encryption, so it’s only natural that a mix of terrorists, drug traffickers, and child sex offenders like to use it to fly under the radar.
And that’s why law enforcement is singling out Facebook – too often, their criminal investigations lead them to the target, but they are unable to go the extra step and actually read the contents of messages that criminals are sending to each other. With end-to-end encryption, even service providers such as WhatsApp do not have the cryptographic keys to unlock the messages, so even if they wanted to unlock messages, it is impossible. As a result, the U.S. Department of Justice is right to suggest that end-to-end encryption is essentially warrant-proof – even if the U.S. Justice Department sent a court-signed warrant to Facebook and demanded they reveal the contents of messages, Facebook would not be able to comply.
So you can see why it’s so frustrating to law enforcement officials that Facebook is now planning to roll out end-to-end encryption to all of its messaging platforms. As part of an overall master plan to embrace privacy-focused social networking, Facebook is planning to add end-to-end encryption as a default option to Facebook Messenger (where it is now available purely on an opt-in basis) and Instagram. Rolling out end-to-end encryption to all of these platforms, says Facebook, is essential in order to protect the private communications of all individuals using the Facebook platform. Not to mention, of course, that uniting all three of these messaging platforms requires that all of them use end-to-end encryption.
The case for end-to-end encryption
However, there is an equally strong case against using backdoor encryption. According to privacy advocates, for example, adding a “backdoor” will make it possible for government authorities to snoop on the private conversations of all citizens, and not just the conversations of criminals. There is a very real risk that the government could vastly scale up the number of people that it investigates, thereby vastly increasing the risk of a “false positive” (i.e. investigating a completely innocent person). All of that is terrible from a privacy perspective.
Moreover, Facebook says it is already doing everything it can to prevent criminal activity from taking place on its platform, and that it is already complying with all relevant federal legislation, including the 2018 CLOUD Act. This CLOUD Act requires social media companies such as Facebook to provide all available information it can about subjects of law enforcement investigations, but is encryption-neutral in that it does not specifically require social media companies to break encryption. Facebook has typically interpreted this CLOUD Act to mean that it must provide meta-data about conversations (e.g. time stamps of calls), but not actually the content of those conversations. So it’s not like Facebook is refusing to cooperate with the U.S. Justice Department.
Facebook as the new defender of personal privacy
Creating an encryption backdoor, however, would be a step too far for Facebook. It would essentially require Facebook’s software engineering team to rebuild and re-design WhatsApp from scratch. And it would mean that users would probably abandon Facebook and search out other messaging services – such as Signal or Telegram – that do provide end-to-end encryption. So Facebook has already sent a strongly worded reply to the U.S. Justice Department that it “strongly opposes” government attempts to build a backdoor to its communication platforms.
There is something very ironic, of course, about Facebook positioning itself as the champion of people’s privacy. For the past two years, Facebook has been under extreme pressure for its lax privacy practices, as well as its reckless regard for personal information and user data. The company has been the subject of countless GPDR investigations for possible privacy violations, and has been hit with a $5 billion fine by the Federal Trade Commission (FTC) related to the Cambridge Analytica privacy scandal. Given this context, then, it strains credulity that Facebook is really 100% committed to personal privacy. Business considerations may be forcing Facebook in the privacy direction, but does anyone really think that Facebook has done a complete 180-degree turn with regard to securing data?
Public safety vs. personal privacy
At the end of the day, the battle over end-to-end encryption is really a battle between public safety and personal privacy. Which one does society value more? According to the U.S. Justice Department, for example, Facebook’s decision to extend end-to-end encryption to Facebook Messenger would result in a 70% reduction in the number of cases that Facebook reports each year to the National Center for Missing and Exploited Children (NCMEC). In 2018, Facebook was responsible for 90% of the 18.4 million total cases reported to the NCMEC, so you can start to grasp the magnitude of the problem here. If millions of cases suddenly go unreported, that is potentially causing an unimaginable reduction to public safety. The prosecution of offenders and safeguarding of public safety becomes a much harder task.
And yet, offering access to encrypted messages comes with its own fair share of problems. If backdoor encryption is available to the “good guys,” then it will also be available to the “bad guys.” Do we really want hackers and criminals also snooping on private conversations? There is also a dangerous slippery slope from any society based on human rights and the rule of law to one that is based on surveillance and authoritarian oversight. Breaking end-to-end encryption might just open up a Pandora’s Box of unintended (and unwanted) consequences.