DOJ Asking Court To Force Facebook To Break Encryption On Messenger Voice Calls
from the with-an-eye-on-undermining-all-encrypted-messaging-services dept
The DOJ's war on encryption continues, this time in a secret court battle involving Facebook. The case is under seal so no documents are available, but Reuters has obtained details suggesting the government is trying to compel the production of encryption-breaking software.
The U.S. government is trying to force Facebook Inc to break the encryption in its popular Messenger app so law enforcement may listen to a suspect’s voice conversations in a criminal probe, three people briefed on the case said, resurrecting the issue of whether companies can be compelled to alter their products to enable surveillance.
The request seeks Facebook's assistance in tapping calls placed through its Messenger service. Facebook has refused, stating it simply cannot do this without stripping the protection it offers to all of its Messenger users. The government disagrees and has asked the court for contempt charges.
Underneath it all, this is a wiretap order -- one obtained in an MS-13 investigation. This might mean the government hasn't used an All Writs Acts request, but is rather seeking to have the court declare Messenger calls to be similar to VoIP calls. If so, it can try to compel the production of software under older laws and rulings governing assistance of law enforcement by telcos.
A federal appeals court in Washington D.C. ruled in 2006 that the law forcing telephone companies to enable police eavesdropping also applies to some large providers of Voice over Internet Protocol, including cable and other broadband carriers servicing homes. VoIP enables voice calls online rather than by traditional circuit transmission.
However, in cases of chat, gaming, or other internet services that are not tightly integrated with existing phone infrastructure, such as Google Hangouts, Signal and Facebook Messenger, federal regulators have not attempted to extend the eavesdropping law to cover them, said Al Gidari, a director of privacy at Stanford University Law School’s Center for Internet and Society.
Calls via Messenger are still in a gray area. Facebook claims calls are end-to-end encrypted so it cannot -- without completely altering the underlying software -- assist with an interception. Regular messages via Facebook's services can still be decrypted by the company but voice calls appear to be out of its reach.
Obviously, the government would very much like a favorable ruling from a federal judge. An order to alter this service to allow interception or collection could then be used against a number of other services offering end-to-end encryption.
It's unknown what legal options Facebook has pursued, but it does have a First Amendment argument to deploy, if nothing else. If code is speech -- an idea that does have legal precedent -- the burden falls on the government to explain why it so badly needs to violate a Constitutional right with its interception request.
This is a case worth watching. However, unlike the DOJ's very public battle with Apple in the San Bernardino case, there's nothing to see. I'm sure Facebook has filed motions to have court documents unsealed -- if only to draw more attention to this case -- but the Reuters article says there are currently no visible documents on the docket. (The docket may be sealed as well.) There is clearly public interest in this case, so the presumption of openness should apply. So far, that hasn't worked out too well for the public. And if the DOJ gets what it wants, that's not going to work out too well for the public either.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: doj, encryption, facebook messenger, voip, wiretapping
Companies: facebook
Reader Comments
Subscribe: RSS
View by: Time | Thread
Proof of effort
Even if they get an order, how can they prove that Facebook put in their best effort? What if they claim it would take 12 months and cost $80,000,000? If the government can prove their efforts are fake , aren't they capable of making the modification themselves?
It's one thing to order a bank to open a vault, it's another to ask the bank to invent a new form of key.
[ link to this | view in chronology ]
Re: Proof of effort
If the government can prove their efforts are fake , aren't they capable of making the modification themselves?
Yes, the government is perfectly capable of making the modification themselves. Breaking encryption from the source is extremely easy. It's so easy, in fact, that it usually happens even when nobody is intending to do so, which is why you keep getting security updates on all your software, firmware, and occasionally even your hardware.
Further, the government isn't (necessarily) asking facebook to invent anything. They're not actually asking for a "secure backdoor" (though the invention of such would satisfy their demand). They're simply saying "remove the encryption now." If the only way facebook has to comply is making this an unencrypted app, then that is what the government is telling them to do. It's an extremely simple request, when it comes down to it. Stupid and dangerous, but simple.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
"Facebook has refused, stating it simply cannot do this without stripping the protection it offers to all of its Messenger users. The government disagrees and has asked the court for contempt charges."
My reading of this means that the gov is trying to force FB to create some way to give them access to communication for some people, while keeping encryption for others.
[ link to this | view in chronology ]
Re: Re:
The problem is, everybody using the service needs to be using the same encryption system. So to be able to give the government access to some messages, means that the ability is there for all messages. Either everybody using the system has secure encryption, or everybody has weakened encryption.
[ link to this | view in chronology ]
Re: How are you
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
If the number of attempts you need to make to thwart evil has increased, maybe you should start attacking it's root rather than attack it's leaves.
[ link to this | view in chronology ]
Is there a relationship between the seal and the demand?
It's the first question that came to my mind:
Is the case sealed specifically to obfuscate public information regarding this attempt by the state to dynamite open a big gap in public privacy for its own purposes?
There are a lot of courts in the US that are overly friendly to the Department of Justice and unfriendly to the public. We're the enemy now.
[ link to this | view in chronology ]
The right to communicate in private is really, essentially, a natural human right (yes, it is).
What they're asking to subvert is not cool or lawful (imho) and the mere existence of encrypted communications means people are actively attempting to communicate in private and assert this (natural) right.
Encryption means "you" get to choose what's private and what's not - lawmen be damned along with the next guy.
In short you don't get to make a new reality and math is already real.
If facebook is forced to fold then who suffers? MS-13 or every other non-criminal motherfucker on the planet?
You decide.
[ link to this | view in chronology ]
Hypocrisy
They often claim this is for privacy of citizens they are helping and/or to prevent criminals from listening to police communications.
Then they complain when citizens use encryption for privacy and to prevent their information from falling into criminals hands.
They are actively implementing the same thing they advocate taking away from you.
[ link to this | view in chronology ]
Re: Hypocrisy
Oh not hypocritical at all. It's very simple really:
Those with badges(or money, or the right connections...) are The Good Guys, and as such deserve all the protection and privacy they can possibly get, because of course they'd never abuse it and really, privacy is an important thing all on it's own.
Those without badges(or money, or the right connections) are The Bad Guys, and most certainly do not deserve privacy, because really, you just know they'll do something bad with it, and only want it to hide their nefarious actions in the first place, such that if The Good Guys can't see what they're doing at all times it can only lead to Bad Stuff, making it clear that privacy is the enemy of safety.
[ link to this | view in chronology ]
Re: Re: Hypocrisy
Sorry.
[ link to this | view in chronology ]
Re: Re: Hypocrisy
[ link to this | view in chronology ]
Re: Re: Re: Hypocrisy
[ link to this | view in chronology ]
I wonder..
On the Old phone services and CELLPHONES, you cant get anything AFTER the fact...you have to be recording DURING the instance..
And if anything...Unless someone KEPT the data file, THERE ISNT ANY..
I dont think the Cellphone companies DO the recording, it has to be done ONSITE..
Old phone systems couldnt be done remote..They had to be in the local relay..
ANd you had to have ONLY certain individuals to do the work.
[ link to this | view in chronology ]
If it's not open source, it's not secure.
[ link to this | view in chronology ]
They knew what they were getting into.
That reminds me of the photographer who used Megaupload as a cyberlocker to store all his pictures off-site. Then ICE shut down the servers and he suddenly had no access to his business.
ICE' response was (I paraphrase) that's what he gets for doing business with a criminal.
It smacks of the same kind of presumption.
I suspect most Facebook users expect their privacy to be respected, otherwise they might not use Facebook for private matters. The same with most social network and communication services.
Any time someone talks about private patters across a path of communication, expecting their disclosures to stay private, there is, (by tautology) an expectation of privacy.
So no, they did not know what they were getting into.
[ link to this | view in chronology ]
Re: If it's not open source, it's not secure.
Especially in cases like this, where for facebook to comply it would just update a previously secure system to make it insecure, neither of those promises mean anything. Either group could do that in an update without any real warning.
[ link to this | view in chronology ]
Re: Re: If it's not open source, it's not secure.
Another interesting difference is, because of the development model, open source software has cleaner modularization, and better adherence to module interfaces, which aids the security of the software.
[ link to this | view in chronology ]
[ link to this | view in chronology ]