Facebook is right for once as the US, UK and Australia gang up on it over encryption

Profile picture for user slauchlan By Stuart Lauchlan October 4, 2019
Summary:
Three national governments cast Facebook in the role of putting children at risk by refusing to step back from end-to-end encryption. What's the real agenda?

PritiBarr
Barr and Patel in Washington

Facebook is right. There - I’ve said it. Three words you’re not going to read very often, but when the company is the most public defense against a barely concealed grab for additional snooping powers by the governments of the US, UK and Australia, needs must.

An open letter was sent to Facebook yesterday, co-authored and signed by US Attorney General William P Barr, Acting US Homeland Security Secretary Kevin McAleenan, the UK’s Home Secretary Pritti Patel and Australia’s Minister for Home Affairs Peter Dutton, calling on the firm to ditch plans to add tougher encryption capabilities to its messaging services.

It’s part of Facebook’s post-Cambridge Analytica planned shift to becoming “a privacy-focused messaging and social media platform”. But to the politicians, it’s just going to encourage terrorists, paedophiles and assorted nasties and Facebook will be helping them avoid capture. The letter states:

Companies should not deliberately design their systems to preclude any form of access to content, even for preventing or investigating the most serious crimes. 'This puts our citizens and societies at risk by severely eroding a company’s ability to detect and respond to illegal content and activity, such as child sexual exploitation and abuse, terrorism, and foreign adversaries’ attempts to undermine democratic values and institutions, preventing the prosecution of offenders and safeguarding of victims. It also impedes law enforcement’s ability to investigate these and other serious crimes. Risks to public safety from Facebook’s proposals are exacerbated in the context of a single platform that would combine inaccessible messaging services with open profiles, providing unique routes for prospective offenders to identify and groom our children.

It also states:

Tech companies like Facebook have a responsibility to balance privacy with the safety of the public. So far nothing we have seen from Facebook reassures me that their plans for end-to-end encryption will not act as barrier to the identification and pursuit of criminals operating on their platforms. Companies cannot operate with impunity where lives and the safety of our children is at stake, and if Mr Zuckerberg really has a credible plan to protect Facebook's more than two billion users, it's time he let us know what it is.

Although the letter falls just short of an outright demand to stop end-to-end encryption and says the three governments are "committed" to work with Facebook on "reasonable proposals”, there’s one last snark to come though:

Unfortunately, Facebook has not committed to address our serious concerns about the impact its proposals could have on protecting our most vulnerable citizens.

For its part, Facebook’s official line is:

End-to-end encryption already protects the messages of over a billion people every day. It is increasingly used across the communications industry and in many other important sectors of the economy. We strongly oppose government attempts to build backdoors because they would undermine the privacy and security of people everywhere.

The UK and the UK have just signed a data access agreement - US-UK Bilateral Data Access Agreement - that will allow law enforcement to demand access to data from tech companies directly, without having to go through the current Mutual Legal Assistance process which can take months to get through. The US will have reciprocal access, under a US court order, to data from UK communication service providers. Both sides say that all requests for access to data will be subject to independent judicial authorization or oversight.

Patel, fresh from a ‘tough on crime’ hardline speech at her party’s annual conference, rattles the saber one more time when she states:

This historic agreement will dramatically speed up investigations, allowing our law enforcement agencies to protect the public. This is just one example of the enduring security partnership we have with the United States and I look forward to continuing to work with them and global partners to tackle these heinous crimes.

Meanwhile Barr chips in with:

This agreement will make the citizens of both countries safer, while at the same time assuring robust protections for privacy and civil liberties.

So, that's alright then, eh? 

My take

While this is hardly the first - or sadly likely to be the last - time that politicians rush to demonstrate their technological ignorance, this alliance of three right-wing administrations to expand their snooping powers under the guise of tackling crime and terrorism is alarming.

The choice of putting child abuse front-and-center of this as the main talking point - “The safety of our children is at stake” - is politically cynical manipulation of public sentiment. It worked. Most of the mainstream media have jumped on that angle in their coverage of the open letter, implicitly casting Facebook in the role of a paedophilic enabler. 

Of course, this is absolutely an issue that needs to be taken into account, without question. And that is something that Facebook execs are aware of.  In 2018, the firm passed 16.8 million reports of child sexual exploitation and abuse content to the US National Center for Missing & Exploited Children (NCMEC). To suggest that the company is set to ignore its responsibilities on this front is a charge that even the most die-hard critic of Mark Zuckerberg - hi! - would be loath to level.

But the need to tackle paedophiles is just one terrible aspect of a wider set of considerations, the consequences of which are open to exploitation with tectonic societal implications. Those with more understanding of that wider agenda are making all the right noises. Jim Killock, executive of the UK based privacy activist organization the Open Rights Group (ORG), has argued:

It is disturbing that Priti Patel alongside US politicians appear to wish to bully specific companies into stopping plans to allow users to encrypt their private communications. If politicians want companies to take action, they should be prepared to legislate; It is very worrying that some politicians are suggesting that encryption systems should examine files and communications before sending them, to check them against "banned" communications. This could rapidly be deployed against whistleblowers, journalists and campaigners. Building global capabilities that can be used to suppress legitimate free expression is very unwise. While the debate on encryption appears to run and run, police can use ever greater amounts of digital information available to detect crime. We should always remember that policing detection powers are much greater in the digital age. We should be sceptical about concerns expressed about encryption, and ensure that our fears of the worst kinds of criminals are not used to limit our everyday rights to privacy and free speech.

In the US, Ed Black, CEO of the Computer & Communications Industry Association, is no happier, with his organization “dismayed” by Attorney General Barr’s part in the open letter and his demands:

Strong encryption is increasingly vital to the privacy and security of individuals, national security and economic prosperity. Companies should be encouraged to develop and employ the security standards that the public expects for their devices and online activity.

There is I concede a fair degree of having my cake and eating it thrown into this topic. Do I want to be caught up in a terrorist attack? Clearly not. Do I want William Barr or Priti Patel checking out my emails and personal data? Clearly not. Will legislators around the world continue to bang on the table and demand that ‘something must done!’. Clearly so. The problem is, that ‘something’ is on current and previous form, likely to be something simplistic and populist but with frightening possibilities for its own form of abuse.

Last word - for now - goes to Talal Rajab, Head of Programme for Cyber and National Security at UK trade association techUK, who strikes a welcome note of common sense to a febrile debate: 

The tech industry is committed to working lawfully with both the police and the security services to prevent the misuse of technology and digital services for illegal activity.  Tech companies already undertake extensive work to identify and report illegal activity on their platforms, through strictly enforcing community standards and policies, and the use of end-to-end encryption will not stop this vital work. 

Bad actors will continue to be investigated through, for example, the use of analysing metadata to detect patterns of activity or identifying IP addresses and contact lists. Investment in this type of work will continue and the sector is committed to working with government, and with each other, to ensure that there is a common global approach to maintaining both privacy and safety as technology evolves…

…Although there are no simple answers here, it does not mean that this is an unsolvable problem. Government and industry must continue to work together to find good and effective solutions to law enforcement challenges that do not put millions of innocent users at risk by restricting the use of encryption or implementing so-called back doors.