Court Says DOJ's Attempt To Force Facebook To Break Encryption Can Remain Under Seal
from the thanks-for-sticking-up-for-the-millions-of-little-guys dept
Late last summer, the DOJ attempted to get a court to force Facebook to break encryption on its Messenger service so investigators could tap into phone calls being made by criminal suspects. Facebook responded that doing so would fundamentally alter the way Messenger works. The request was a non-starter according to Facebook. According to the DOJ, it was nothing more than asking a few smart people to do a few smart things, so the burden Facebook complaints about "burdensome requests" was overstated.
A couple of months later, the DOJ had again failed to obtain favorable anti-encryption precedent. The underlying documents remain under seal, but sources "close to the case" had indicated the court had sided with Facebook.
The secret litigation over software alterations that would affect millions of Facebook users continues. Messenger's encryption is no longer at stake -- at least not for the time being -- but the government still wants the public to stay out of its private discussions with our federal court system.
Petitions have been filed by a number of rights groups and journalists to have these documents unsealed. According to the latest Reuters report on this legal battle, the federal court in California is siding with the government on this issue.
Groups including the American Civil Liberties Union argued that the public’s right to know the state of the law on encryption outweighed any reason the U.S. Justice Department might have for protecting a criminal probe or law-enforcement method.
The Washington Post newspaper also filed a legal brief to unseal the records.
However, U.S. District Judge Lawrence O’Neill in Fresno ruled that the documents described sensitive law enforcement techniques and releasing a redacted version would be impossible.
The petitioners aren't just fighting the DOJ and its likely overstated fears about exposing internet wiretap orders and their innards. They're also fighting against the social media giant which feels unsealing the documents would allow its competitors to walk away with handfuls of trade secrets. From the order [PDF]:
Facebook’s assertion that its internal processes that were the subject of the Government’s motion constituted trademark and protected material and information, and that public disclosure would provide such protected information to competitors, thereby jeopardizing substantial business quality, productivity, and profit, was legitimate, true, and reasonable…
Facebook is receptive of releasing redacted documents, though. The government doesn't want anything released. And the court -- citing the apparently ongoing investigation -- agrees that even a redacted release would harm the government's interest in preserving its investigative trade secrets.
That may be the temporary answer but it can't be the final, permanent answer. The investigation can't last forever and attempts to break encryption on communication tools millions of Americans use shouldn't be kept secret by the nation's courts, who have some obligation to keep the public informed of government means and methods that affect their everyday life.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: backdoors, doj, encryption, facebook messenger, secrecy
Companies: facebook
Reader Comments
Subscribe: RSS
View by: Time | Thread
However, the "investigative techniques" the DoJ is seeking to protect can last longer than any particular investigation, so we probably won't find out about them until either they become obsolete or someone leaks them.
How exactly does one go about arguing against an order to "nerd harder" when the order itself is secret? In normal circumstances you could call in expert witnesses to explain, but when the order is secret is it possible to bring swear a witness to secrecy so they can be let in on it? Or do you have to hope that one of the hypotheticals experts have publicly argued against happens to be exactly what the DoJ is secretly asking for?
[ link to this | view in chronology ]
Re:
Your question assumes that arguing against it is a desired outcome. :P
[ link to this | view in chronology ]
Re:
So, it does not appear that Facebook is unaware of the contents of the order, only that the documents and transcripts involved in this litigation are to remain under seal from the public. Nothing suggests Facebook was unaware of what actions the court was asking of it.
[ link to this | view in chronology ]
Why should a court case that potentially impacts everybody in the world be kept secret? It is as if the government knows that people will not agree with what they are trying to do.
[ link to this | view in chronology ]
Re:
The court could just encrypt the documents and then release them.
[ link to this | view in chronology ]
Re:
Because when everyone knows ewxactly what they are trying to do, everyone and their dog puts in an Amicus brief telling the court exactly why its a stupid idea.
Its pretty much the only way certain varieties of police can hide dodgy requests things these days as even rubber-stamping judges seem to be getting thinner on the ground.
[ link to this | view in chronology ]
A lack of transparency indicates misconduct.
Why should a court case that potentially impacts everybody in the world be kept secret? It is as if the government knows that people will not agree with what they are trying to do.
It's because our government officials know the people will not agree with what they are trying to do.
The public has been regarded by the DoJ as the enemy since 2001-09-11, if not before that.
If we can't make massive reform of law enforcement and DoJ common practices, it will eventually become a self-fulfilling prophecy.
[ link to this | view in chronology ]
Mid-Term Exam
1) Compare and contrast the following:
Statement A: "However, U.S. District Judge Lawrence O’Neill in Fresno ruled that the documents described sensitive law enforcement techniques and releasing a redacted version would be impossible."
Statement B: "Facebook responded that doing so would fundamentally alter the way Messenger works"
Begin...
[ link to this | view in chronology ]
Re: Mid-Term Exam
Statement A, the government should be able to keep its activites private.
Statement B: So should the citizens.
[ link to this | view in chronology ]
If they have done nothing wrong then they have nothing to hide....right?
[ link to this | view in chronology ]
Re:
That is the same argument that Racine Wisconsin Sheriff’s Dept. Lt. Cary Madrigal used when describing how their new Cellebrite tool could help innocent people prove their innocence.. It seems that both U.S. District Judge Lawrence O’Neill in Fresno California, and Lt. Cary Madrigal have forgotten that people are innocent until proven guilty, and that even law enforcement agencies work for the people, not the government.
I also wonder at Facebook's contention that some 'valuable trade secrets' exist in their implementation of the Messenger app. Other than the actual encryption algorithm, just how many ways are there to implement encrypted messaging, and how could any of them be actual secrets?
[ link to this | view in chronology ]
Re: Re:
The details of a protocol for passing and verifying messages with end-to-end encryption can be done in lots of different ways, though at a broad level there aren't that many ways to do it properly. It might be possible for someone to come up with some clever new twist to it, but if it really was a new twist that no one else had thought of then it'd be a prime candidate for a patent, rather than using a trade secret. Possibilities for claiming a trade secret:
And about the encryption algorithm used: they'd use an existing algorithm which has been vetted by security experts, as you'd have to be a complete noob in security to roll your own encryption algorithm. (Of course, maybe they were a complete noob and that's what they want to hide)
[ link to this | view in chronology ]
Re: Re: Re:
This is the crux of the matter and why it must be kept secret. Certain things can only be done PROPERLY in a few ways, and all those ways have been patented to the moon and back. They wish to avoid drawing the patent vultures down on them if the method they use becomes known and is covered by someone's worthless patent. While it's kept secret, they can claim it's proprietary and doesn't violate anyone's precious IP. While they could probably fight it successfully, it's years in court and millions of dollars they'd rather not spend.
[ link to this | view in chronology ]
Re: Re: Re: Re:
Except that software patents aren't considered valid anymore.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
That's not really true.
While the Alice decision greatly restricted software patents, it didn't invalidate them entirely. Alice rejected the idea of trivial "do it on a computer" patents, not software patents in general.
Indeed, two years after Alice, the Supreme Court issued a narrow ruling in Samsung v Apple that the $400M award of damages was invalid -- but that was on the basis that the award was determined using the wrong standard, not on the basis that Apple's design patents were invalid. The case was sent back to the lower courts to establish damages under the correct standard (and of course Apple and Samsung eventually settled).
If Alice had established that software patents are invalid, then SCOTUS wouldn't have sent Samsung v Apple back to a lower court to reassess damages; it would have ruled that Apple's design patents were invalid and Samsung didn't owe any damages at all.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
All issued software patents are still valid until ruled invalid, either by a court, or by the USPTO in a re-examination. So the vultures still sue over worthless patents, and badger smaller companies into paying for invalid patents. We see plenty of this in articles here all the time. We're seeing more people fighting and winning, yes, but they still have to FIGHT, which is still expensive. And that is my point - Facebook would rather save the money a fight would cost, even though they'd probably win it. It's cheaper to keep it all secret and avoid the court battle altogether.
[ link to this | view in chronology ]
'Public interest', what's that?
Fair enough, I mean it's not like an attempt at undermining security of something that millions of people use is something that the public would very much have interest and stake in.
No no, clearly 'National Security: Be Afraid' as always trumps all, and if people with badges say that it would be bad for them if something were made public then the judge has no choice but to accept it as factual.
[ link to this | view in chronology ]
Any technique can be used by good actors and bad actors. If it needs to be kept secret then it is fixable. Facebook has a security hole, the government has found it, and they are using their powers to keep Facebook from fixing it.
Now put on your tin foil hat and imagine that someone who knows what the hole is decides to share this information with a foreign government...
[ link to this | view in chronology ]
Re:
That's not what the article said. It said that the government wants to require Facebook to create a security hole that does not currently exist.
[ link to this | view in chronology ]
Can't it?
Bet you a dollar?
[ link to this | view in chronology ]
end2end2end2end encryption and broken nomenclature.
This is a legitimate court case, which will affect precedent case law, and therefore something certainly worth reporting on; but the odd lack of skepticism in these sort of articles is troubling.
The idea that FB genuinely wants to protect privacy, and the DOJ is incapable of hacking one of the most widely used communications tools- it feels like someone is trying to sell me a bridge; and doing a poor job of it at that. Both those things are exactly what those groups would want me to believe.
Apple, Microsoft, and Google have all tortured the definition of "end to end encryption" to the point of near meaninglessness. Spoiler: If there are remote recovery options for the data, it's not really 'end to end' unless you legitimately consider those corporations (and any group who gains access to their infrastructure) to be one of those ends...
I don't care enough to check- but maybe someone else who knows could chime in- Does FB's messenger thing have recovery options? ...I bet it does...
[ link to this | view in chronology ]
Re: end2end2end2end encryption and broken nomenclature.
Debatable.
I think perhaps you misunderstand some of the points being made here.
The article is not extolling Facebook as some paragon of user privacy protection, TD has written MANY articles at how incredibly BAD Facebook is at protecting and handling user privacy.
This article is not about how good or bad Facebook is at privacy, this article is about the government not wanting ANYONE to have ANY privacy if they decide they want to look at your stuff. It's about the government trying to backdoor every communication system that even remotely tries to encrypt data to give users the real or perceived presumption of privacy. The fact that this is Facebook in this case is irrelevant. It could be Lavasoft, Google, Microsoft, Apple, etc..., it wouldn't change the thrust of the article, which is the government wants backdoors to all encrypted communications AND doesn't want the public to know that's what they are trying to do.
In that sense, Facebook is playing the role of protecting user privacy and trying to prevent a bad precedent for government overreach. Whether their technical systems are actually any good at protecting user privacy is completely irrelevant because this is all about government wanting something they shouldn't have and a company saying "No, you're wrong and we're going to fight you on this".
If done right, they should be incapable of hacking it. Proper end-to-end encryption is nigh uncrackable. But, again, that's not the point here. Hacking Facebook's systems would be illegal and if discovered and brought to light, would continue to swing public opinion and law precedent against government access. So they are trying to play nice and secure the precedent to FORCE companies to hand over private user data, without having to resort to hacking or cracking it.
Not technically true. No, those companies haven't really done a great job of implementing end to end encryption, but to my knowledge, none of them have actually claimed that their systems are end-to-end encrypted. So I wouldn't say they've tortured the definition, they just haven't done but at least have been honest that they haven't done it.
Also, you can have remote recovery options for data and still be end-to-end encrypted. You can export or upload the encrypted data after it's reached it's destination. It's still encrypted and if anyone gets a hold of it without the decryption keys, it will still be garbage to them. Encrypted backups are totally a thing and pretty common.
No idea, I rarely use it myself but since the data is all stored in the cloud, I'm going to guess yes?
[ link to this | view in chronology ]