DOJ Boss Joins UK, Australian Gov't In Asking Facebook To Ditch Its End-To-End Encryption Plan
from the [stacks-exploited-bodies-higher]-MR-FACEBOOK-PLEASE dept
The DOJ seems to be handling its anti-encryption (a.k.a. "going dark") grief badly. I doubt it will ever reach "acceptance," but it is accelerating through the rest of the stages with alarming speed.
It went through shock first, personified by former FBI director Jim Comey, who insisted tech companies were offering encryption to:
A. Give the feds the middle finger
B. Enable all sorts of dangerous criminals
C. To act like children in a roomful of adults
"Denial" seems to have been bypassed completely. Instead, Comey (and others) repeated the "shock" stage, banging the table louder and louder in hopes of convincing everyone they were right.
They weren't right and encryption deployments continued.
The FBI and DOJ shifted quickly to anger. This was first displayed during the legal fight over the San Bernardino shooter's iPhone. The DOJ insisted a law nearly 230 years old gave it permission to force Apple to break encryption. Apple disagreed. The court disagreed. The FBI insisted this would be the death of us all and ignored outside offers to crack the phone while pursuing precedent it would never obtain.
The phone was eventually cracked by a third party and the FBI moved on, still clinging to its "going dark" narrative, even as vendor after vendor stepped up to provide phone-cracking tools. It also overstated the number of "uncrackable" devices in its possession by at least 6,000 devices. It has been nearly 17 months since the FBI promised to correct this count. It still has yet to provide an updated number.
The DOJ's new boss is carrying the (apparently unlit) torch for the FBI. He has demonized both end-to-end encryption and citizens who don't believe cops are blameless white knights standing between us and the collapse of civilization.
Now, he's moving the feds on to the next stage of grief: bargaining. A letter sent to Facebook -- sporting Barr's signature, along with other stalwart encryption foes like UK Home Dept. head Priti Patel and Australian MP Peter Dutton -- begs Facebook to please please please stop adding encryption to its services.
BuzzFeed obtained a draft report of the letter, which appears to be the charm offensive preceding the new US-UK data sharing agreement that targets encrypted communications. The letter contains some loaded language about child porn and its victims, suggesting Barr isn't done leaning on victimized children to advance his anti-encryption efforts. Hey, it didn't work for Comey, but maybe Bill Barr will get the horrific crime he needs to turn the public against their own best interests.
Here are some excerpts from the letter, as first published by BuzzFeed.
Dear Mr. Zuckerberg,
OPEN LETTER: FACEBOOK’S “PRIVACY FIRST” PROPOSALS
We are writing to request that Facebook does not proceed with its plan to implement end-to-end encryption across its messaging services without ensuring that there is no reduction to user safety and without including a means for lawful access to the content of communications to protect our citizens.
So, this is a request for a backdoor. (But one no government agency will refer to as a "backdoor.") "Lawful access" is law enforcement slang for "backdoor," kind of like "officer-involved shooting" is slang for "homicide" and "detected the odor of marijuana" is slang for "Fourth Amendment violation."
Barr (and his anti-encryption warriors) then attempt to call Zuck's bluff... um... I guess??
In your post of 6 March 2019, “A Privacy-Focused Vision for Social Networking,” you acknowledged that “there are real safety concerns to address before we can implement end-to-end encryption across all our messaging services.” You stated that “we have a responsibility to work with law enforcement and to help prevent” the use of Facebook for things like child sexual exploitation, terrorism, and extortion. We welcome this commitment to consultation. As you know, our governments have engaged with Facebook on this issue, and some of us have written to you to express our views. Unfortunately, Facebook has not committed to address our serious concerns about the impact its proposals could have on protecting our most vulnerable citizens.
And there it is. "Our most vulnerable citizens." Apparently that demographic group doesn't contain Facebook users. Facebook users will be fine, I guess, even if any number of malicious hackers/governments want access to communications no one on Facebook actually wants to share with them. "For the children" is the game here, and Barr forges forward with contradictory statements and terrible logic.
We support strong encryption, which is used by billions of people every day for services such as banking, commerce, and communications.
(But, pointedly, not Facebook communications.)
We also respect promises made by technology companies to protect users’ data. Law abiding citizens have a legitimate expectation that their privacy will be protected.
(Except from us.)
However, as your March blog post recognized, we must ensure that technology companies protect their users and others affected by their users’ online activities. Security enhancements to the virtual world should not make us more vulnerable in the physical world. We must find a way to balance the need to secure data with public safety and the need for law enforcement to access the information they need to safeguard the public, investigate crimes, and prevent future criminal activity. Not doing so hinders our law enforcement agencies’ ability to stop criminals and abusers in their tracks.
Ah, the famous tradeoff government officials always pitch, but one that isn't actually the tradeoff being made. It's not privacy vs. the security of the nation as a whole. It's personal security vs. government access that also grants access to criminals and state-sponsored hackers.
What people want is security. They're aren't really interested in trading security for government access. That does nothing for them. The government may solve a few more crimes, but the government was solving crimes long before cellphones, social media platforms, and end-to-end encryption.
Now, multiple governments feel they can't solve crimes without on-demand access to people's communications -- something they have never had in the history of crime-solving and communications. But here we are, listening to Barr and his buddies make a pitch for encryption backdoors while standing on the backs of child porn victims.
Barr makes this pitch while acknowledging that Facebook probably does far more than all US and UK law enforcement agencies combined to combat child porn.
Facebook currently undertakes significant work to identify and tackle the most serious illegal content and activity by enforcing your community standards. In 2018, Facebook made 16.8 million reports to the US National Center for Missing & Exploited Children (NCMEC) – more than 90% of the 18.4 million total reports that year. As well as child abuse imagery, these referrals include more than 8,000 reports related to attempts by offenders to meet children online and groom or entice them into sharing indecent imagery or meeting in real life. The UK National Crime Agency (NCA) estimates that, last year, NCMEC reporting from Facebook will have resulted in more than 2,500 arrests by UK law enforcement and almost 3,000 children safeguarded in the UK.
And yet, Barr wants to complain. Barr and his UK/Aussie counterparts want to claim this isn't enough. What's really needed is insecure communications on a platform used by billions. And to make this claim, Barr again points to something Facebook does as evidence that Facebook isn't doing enough.
While these statistics are remarkable, mere numbers cannot capture the significance of the harm to children. To take one example, Facebook sent a priority report to NCMEC, having identified a child who had sent self-produced child sexual abuse material to an adult male. Facebook located multiple chats between the two that indicated historical and ongoing sexual abuse. When investigators were able to locate and interview the child, she reported that the adult had sexually abused her hundreds of times over the course of four years, starting when she was 11. He also regularly demanded that she send him sexually explicit imagery of herself. The offender, who had held a position of trust with the child, was sentenced to 18 years in prison. Without the information from Facebook, abuse of this girl might be continuing to this day.
Here's what Barr thinks will happen if Facebook deploys end-to-end encryption. Facebook will no longer be able to "read" messages sent between users, which will result in an increase in abused children that authorities will be powerless to help.
Our understanding is that much of this activity, which is critical to protecting children and fighting terrorism, will no longer be possible if Facebook implements its proposals as planned. NCMEC estimates that 70% of Facebook’s reporting – 12 million reports globally – would be lost. This would significantly increase the risk of child sexual exploitation or other serious harms. You have said yourself that “we face an inherent tradeoff because we will never find all of the potential harm we do today when our security systems can see the messages themselves”. While this tradeoff has not been quantified, we are very concerned that the right balance is not being struck, which would make your platform an unsafe space, including for children.
"For children." That's the leverage. Barr wants Facebook to abandon its encryption plans to save children. Sure, that's admirable, if you're willing to overlook the considerable downside of creating a backdoor for governments or simply removing the encryption offer altogether. Facebook's encryption plans offer a whole new layer of security for lawful users -- some of which are targeted by authoritarian/corrupt governments. Many governments around the world pose as much of a threat to their citizens as criminals do. And a great many people believe their communications should be private, which means not being read/scanned by Facebook, much less any government that happens to stroll by waving some paperwork.
All Barr wants is for Facebook to abandon its encryption plans. He wants Facebook to be able to access the content of its users' messages. He wants every government in the world to be able to access the content of users' messages. He may only be aligned with three-fifths of the Five Eyes in this letter, but ensuring US/UK/Australian "lawful access" means giving every other two-bit dictatorship the same level of access to users' communications.
This isn't standard government bullshit. This is heinous, dangerous bullshit. This is a conglomerate of Western governments, on the eve of the deployment of a mysterious "data-sharing" agreement, portraying the implementation of encryption for communications as aiding and abetting the sexual abuse of children. This is a not-very-subtle smearing of every tech company that deploys encryption to protect its users from criminals and governments that behave like criminals. This is the abuse of the phrase "lawful access" to portray the possession of a warrant as a golden ticket to everything law enforcement wishes to obtain.
To be historically clear, a warrant has NEVER guaranteed access to communications. It has only allowed law enforcement to search for them. The implementation of encryption doesn't change this equation. But Barr and others keep pushing this in hopes of persuading the public -- and the tech companies they patronize -- that secret communications are something new and far more dangerous than anything law enforcement has ever encountered prior to the rise of social media and smartphones.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: doj, encryption, mark zuckerberg, messenger, peter dutton, priti patel, privacy, security, snooping, william barr
Companies: facebook, instagram, whatsapp
Reader Comments
Subscribe: RSS
View by: Time | Thread
I Want to Have My Unicorns and Eat Them Too.
"...without ensuring that there is no reduction to user safety and without including a means for lawful access to the content of communications ..."
Since "including a means for lawful access to the content of communications" guarantees a "reduction to user safety," the feds again demand the "nerd harder" unicorn. Hope their days are filled with rainbows, a.k.a., unicorn crap.
[ link to this | view in thread ]
While wilfully ignoring that before that rise, that communications were not recorded and therefore not available for them to look at after an event.
[ link to this | view in thread ]
The Bigger Danger is Govt's Hoarding Zero Day Vulnerabilities
The two basic ways to break encryption are:
1: Require that the keys are handed over.
2: Use vulnerabilities to hack a device.
You advocate using the second. But note that this is a trade-off. The issue is about deciding which is the lowest cost: trusting governments with encryption keys, or making security organizations hoard zero-day vulnerabilities so they can bypass encryption, instead of reporting them for fixing so we could all be more secure.
[ link to this | view in thread ]
Re: The Bigger Danger is Govt's Hoarding Zero Day Vulnerabilitie
Zero days that require physical access to a device, or the targetting of individual devices, are much less of a risk to society than all governments having access to all personal communications.
[ link to this | view in thread ]
Re: The Bigger Danger is Govt's Hoarding Zero Day Vulnerabilitie
This is not a trade. Governments will hoard zero day exploits no matter what.
[ link to this | view in thread ]
Soon, talking softly will be considered terrorist activity.
Dear Citizens,
If you have nothing to hide then you must talk loudly into the microphones. And remember, as always, it is unacceptable to wear masks - even on those pollution warning days, which is every day but we do not talk about that do we citizen?
Would you like to know more?
[ link to this | view in thread ]
It would help if this administration led by example by changing their policy of sexual, physical, and emotional abuse of children at the southern border.
[ link to this | view in thread ]
Re:
Q: Would the government only use the information they get from backdoored encryption to investigate and prosecute the serious crimes they complain about (terrorism, child porn, etc...)?
A: Fuck no. If they ever got backdoor access to encrypted comms, they will use it for every petty crime on the books (and some that they just make up) to ensure whoever their target is spends several years getting backdoored in prison.
[ link to this | view in thread ]
Re:
Why just there?
They took over, upgraded and added content to a child porn website, thus encouraging the abuse of children worldwide.
I'm wondering how much of the new content they produced themselves.
[ link to this | view in thread ]
To be clear many intelligence services, record phone call,s ,email,s , text message,s ,
the nsa has a partnership with A,t and t ,1000,s of people work for the fbi, and the nsa , i presume at some point they use they data they have
to arrest criminals .message encryption is already being used in some app,s
,to say that it should be outlawed or restricted because
some people might use it to hide evidence is not fair
on the public who will use it just to have privacy.
Also it protects human rights activist,s who wish to fight for human
rights and journalists who expose corruption in countrys like russia or china .
[ link to this | view in thread ]
so, sending letters, using carrier pigeons and the pony express were all legal services and the feds of the day were prevented from invading the privacy of people then. all we are doing now is using the modern day equivalent but our privacy shouldn't be terminated because of that! as i have said before, it's so much easier to spy on ordinary people, who do nothing wrong, being law abiding than it is to weedle out those who want to do harm to others, to rob others etc but that again is the name of the game. no one wants anyone to get hurt or lose anything if they are honest individuals but the line has to remain drawn and privacy and freedom are more important to keep than to give up, enslaving the planet and making it impossible to demonstrate or revolt against those who are in charge when they go too far! look at what the HK police/government/Chinese government are doing now. bringing in a law to ban protestors from wearing masks! they should have thought about that when criminals and undercover people were being used to instill serious harm on innocent protestors! and to allow a police officer to get away with shooting, at almost point blank range, a protestor, then charging the protestor! the shape of things to come if we're not extremely careful!!
[ link to this | view in thread ]
Re:
The hyperbole is a little strong there. Nobody has a policy of sexual, physical, and emotional abuse of children. Things are bad enough as is, exaggeration helps nobody but the abusers who point to these kinds of ridiculous claims to fuel their persecution complexes.
[ link to this | view in thread ]
Re: Re:
"Nobody has a policy of sexual, physical, and emotional abuse of children."
This is not the present policy of the US at the southern border?
Then why are they doing it?
[ link to this | view in thread ]
Given the ridiculous scope of the US Code, just about everyone has committed a crime of some sort. By hoovering up data with broken encryption, all you have to be is a political inconvenience to end up in front of a judge and jury where the doj has a conviction rate of about 97% due to creative stacking of charges and creative plea bargains. Catching real criminals has always been way too much work, so having a backdoor won't be of much use for that purpose.
[ link to this | view in thread ]
Put the power in the hands of the people
I like how Google responded to the EU’s link tax by putting the choice in the hands of publishers, who can adopt an API to controls what links are allowed.
Facebook could do the same, maybe? Let their users choose to adopt end-to-end encryption or let them stick with unencrypted messages. I don’t have many doubts about what most users would choose, but at least the anti-encryptionists couldn’t blame Facebook for the results.
[ link to this | view in thread ]
Re:
Why do you ASSUME that none of those other communication methods weren't being randomly opened and searched by, postal workers, UPS drivers, undercover cops, TLA's, etc?
You can bet that there were probably physical holds on specific individuals activities specifically to allow "law enforcement" (said with a grimace) activities, such as steaming envelopes, 'damaging' packages in transit, x-rays, flouroscopic lighting, etc to do all manner of intervention in the normal every day life of our communications.
Now of course no agencies would ever admit to something like this, but you can guarantee that they were doing it on a widescale across most of the developed world (and anywhere else they could muscle, bribe, or lawyer their way in).
Or the tinfoil could just be getting thinner, must need another layer...
[ link to this | view in thread ]
Letting the Feds into Facebook is like letting the RIAA use bots on YouTube for copyright enforcement. Oh wait, they ALREADY do.
Hello, Amazon? I'd like one shitstorm on rye.
[ link to this | view in thread ]
Re: Re: Re:
No, they are not doing it. Please point to the people in whatever administration you are referring to that you think crafted actual policy with the intent of sexually, physically, and emotionally abusing children.
How do you imagine such a policy would be proposed, considered, or implemented? "Hey Mike, have you had a chance to look at the latest draft for the 2020 'Enhanced Child Abuse' policy?"
You really think that is what's going on? What you are even suggesting is absurd. It is beyond absurd.
[ link to this | view in thread ]
Re: Re: Re: Re:
Separating children from their parents is child abuse, and always has a long term impact on the child.
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
I know that very well, but conflating a consequence of a policy with the intent of the policy is, at best, dishonest.
How is separating children from their parents sexual or physical abuse?
[ link to this | view in thread ]
Re: Re: The Bigger Danger is Govt's Hoarding Zero Day Vulnerabil
Have those ever existed? Certainly governments can choose to use a zero-day to target an individual, but that's just a choice and not a technological limitation. Anyone who manages to grab a copy—e.g., by watching the network traffic of the target, or via a crashdump transmission or an antivirus's automatic malware upload—can, in almost all cases, then use it against someone else.
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
And this pertains to encryption and going dark how?
If you're looking for Reddit it's two websites over.
[ link to this | view in thread ]
Re: Put the power in the hands of the people
hahahahahahaha
Here, have my "funny" vote.
[ link to this | view in thread ]
If I do something hurtful to you with righteous intent, I still did something to you that hurt you. The effect of an act is its real intent.
The Trump administration probably didn’t intend for people to die in the American concentration camps. (I say “probably” because, hey, you never know for sure.) But those deaths still happened. The effects of the policies in play at the southern border override any “noble” intent from Trump and his cronies.
[ link to this | view in thread ]
Re: Re: Re: Re:
"No, they are not doing it."
Do you read the news?
Do you claim the news is fake?
Are you picking nits attempting to say they do not do at least one of those things?
How pathetic.
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
About as pathetic as trying ti steer a conversation about encryption and going dark to US immigration policy
[ link to this | view in thread ]
Considering how corrupt both Barr and the Administration he works for are, it wouldn't be a surprise if they tried to secretly orchestrate some child porn crime in order to use it as an excuse to get what they want.
[ link to this | view in thread ]
Re:
No need to use child porn when the FBI could just create another "terrorist" for this purpose.
[ link to this | view in thread ]
Re: "noble intent"
The Trump administration has chosen to enforce a zero-tolerance policy to "justify" the separation of children from their parents. The President and his henchmen intentionally, publicly threaten to abduct and imprison children to make illegal entry too terrifying for parents to risk.
Quoting Jeff Session from The Washington Post, “I hope that we don’t have to separate any more children from any more adults. But there’s only one way to ensure that is the case: it’s for people to stop smuggling children illegally. Stop crossing the border illegally with your children."
In human-speak, "if you bring your kids, we'll kennel them like dogs, and you may never see them again."
Let's not even pretend to hypothesize any nobility of intent in the vicious thuggery of Trump and his henchmen.
[ link to this | view in thread ]
False dichotomy
The issue is about deciding which is the lowest cost: trusting governments with encryption keys, or making security organizations hoard zero-day vulnerabilities so they can bypass encryption, instead of reporting them for fixing so we could all be more secure.
Or, and this might sound crazy, they can not get encryption keys to deliberately broken encryption and they can act responsibly and notify companies of exploits so that they can be patched.
The 'lowest cost' option would be a third one not listed, 'Work to ensure that services/platforms/programs used by hundreds of millions if not more are as secure as possible, and accept that this means that occasionally bad people will be able to use that security to do bad things.'
[ link to this | view in thread ]
Re:
That's more likely to come from telcom profit interests and foreign totalitarian/fascist governments than the domestic government.
Other than child abusers, they are the main beneficiaries of the child abuse issue because domestic government can already get right at the lines and subvert most security measures. Telcom's don't have sovereign immunity so if they get caught they risk lawsuits/jail if they try to set up a NSA-like system of their own.
[ link to this | view in thread ]
'It's your own fault, really.'
That sounds remarkably like abusive spouse 'logic'.
'Look, I don't want to hit you, but you keep making me by acting badly. Help me help you by acting better, and I won't have to hit you any more.'
[ link to this | view in thread ]
Should be easy enough to respond to
Dear Mr. Barr,
After careful consideration we have decided once again that the privacy and security of our users is more important than your ability to listen in to any conversation you might be interested in. As such we shall not be taking you up on your latest 'request' to deliberately sabotage the encryption on our platform, and will continue with our planned roll-out of even more encryption to better protect our users.
With all due respect,
Facebook
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
No, just pointing out that the people doing the abusing and the people creating the policies aren't even the same people, and that demonizing someone just because you disagree with them can be counterproductive.
You're seriously claiming that Trump administration officials are in the camps sexually abusing children? You honestly, really believe that's going on?
Are you off your medication?
[ link to this | view in thread ]
Re:
So if a doctor gives a patient medication they are allergic to and that patient dies, the doctor's real intent was to kill the patient?
If I swerve to avoid an obstacle in the road, and in doing so I drift into the other lane, my intent was really to steer into the other lane?
That's your logic, Stephen T. Stone.
Have you seriously never heard of unintended consequences?
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
Im not claiming any such thing. I'm just pointing out that immigration policy and encryption are not the same thing.
But feel free to accuse me of something I never said and then accuse me of being off my meds, because that is such a great way to convince me of your viewpoint.
Oh wait, weren't you the one that said, "that demonizing someone just because you disagree with them can be counterproductive."
Guess you believe in a seperate set of rules for you and everyone who disagrees with you.
[ link to this | view in thread ]
Re: Re:
There is a reason why doctors asks for your medical history and if you have any known allergies before giving out any medication known to cause allergic reactions in some people, plus patients are monitored the first time they are given that type of medication.
If a doctor gives a patient medicine which they are allergic to and that patient dies, the doctor was negligent in his/her duties and will most likely get sued.
To translate the current administrations zero-tolerance policy to the equivalent of a medical policy, the doctor would force feed a patient medication the moment the patient walked through the hospital-entrance without even bothering to find out anything about the patient because of the doctors righteous intent to eradicate sickness.
Perhaps you should reflect on what Stephen really said and not what you think he said, because righteousness intent usually means that the collateral damage of said righteous intent put into action is usually worse than what the intent was supposed to fix.
Also, if you just react to something you don't have any intent to begin with, which actually means your logic is very illogical.
[ link to this | view in thread ]
Re:
Addendum:
If you have nothing to hide you have no reason to speak in the languages of lesser nations. You are required to speak <INSERT NATIONAL LANGUAGE HERE>.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
“You are seriously Claiming that trump administration officials are in the camps sexually abusing children”
No
But considering everything he and his staff does....if they were alone for five minutes and I heard crying? It would be them.
[ link to this | view in thread ]
Re: The Bigger Danger is Govt's Hoarding Zero Day Vulnerabilitie
"The issue is about deciding which is the lowest cost: trusting governments with encryption keys, or making security organizations hoard zero-day vulnerabilities so they can bypass encryption..."
Either way removes all utility of encryption. The master key WILL leak. As will the vulnerability. Hell, look at the wannacry virus for a detailed description of how the latter pans out.
[ link to this | view in thread ]
Re: Re:
"So if a doctor gives a patient medication they are allergic to and that patient dies, the doctor's real intent was to kill the patient?"
If the doctor already knew a terminal outcome was a real possibility and simply didn't give a shit then the "intent" was certainly enough to judge the doctor as Horribly, HORRIBLY Bad.
No one is saying that Trump et al. intend for children to be hurt for life as a result of their actions...
...they have quite openly acknowledged it and given testimony to the effect that THEY choose not to give a rat's ass while blaming the parents.
The White House defense is basically; "Look, if she wasn't being uppity I wouldn't have hit her!".
[ link to this | view in thread ]
Re: Re:
"Why do you ASSUME that none of those other communication methods weren't being randomly opened and searched by, postal workers, UPS drivers, undercover cops, TLA's, etc?"
Because that would have been against the law or subject to specific warrants issued by a judge?
Whereas today what the DoJ suggests would mean, if carried out, that no one would have their privacy protected against anyone capable of picking up a stolen master key, let alone authorities, on whatever flimsy pretext the latter might suggest.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
You're seriously claiming that Trump administration officials are in the camps sexually abusing children?
That's what happens when you choose to proudly declare your preference to "grab 'em by the pussy". Maybe next time don't be such a fucking jock.
[ link to this | view in thread ]