“Security enhancements to the virtual world should not make us more vulnerable in the physical world,” they said in a letter to CEO Mark Zuckerberg.
Senior government officials are pressuring Facebook to build a backdoor into the end-to-end encryption on its messaging services, giving law enforcement access to communications that are currently locked away with virtually impenetrable security measures.
In a letter to Facebook CEO Mark Zuckerberg, Attorney General William Barr and Homeland Security Acting Secretary Kevin McAleenan will ask the company to back off plans to encrypt the messaging services until it could guarantee law enforcement access to the content of the messages and ensure “there is no reduction to user safety.”
The letter, dated Oct. 4, was also signed by two high-ranking officials from Australia and the United Kingdom. The request was first reported by Buzzfeed News.
“We support strong encryption, which is used by billions of people every day for services such as banking, commerce and communications. We also respect promises made by technology companies to protect users’ data,” officials wrote in the letter. “However ... we must ensure that technology companies protect their users and others affected by their users’ online activities. Security enhancements to the virtual world should not make us more vulnerable in the physical world.”
In recent years, the government has sporadically butted heads with the tech industry over its use of end-to-end encryption, a security scheme that lets users encode digital information so it’s only accessible to intended recipients. Technologists argue the measures are necessary to protect users’ privacy, while law enforcement says it allows criminals to act with impunity.
The most recent bout was sparked by a New York Times report that child predators are increasingly turning to encryption to share videos and images of child sexual abuse while evading detection from law enforcement. Last year, law enforcement officials received nearly 12 million reports of child abuse material being shared on Facebook Messenger, one of the services the company plans to encrypt. If end-to-end encryption is rolled out, users could still send communications to each other but neither the platform nor law enforcement could see the contents.
“This would significantly increase the risk of child sexual exploitation or other serious harms,” officials said of Facebook’s encryption proposal. Referring to previous remarks from Zuckerberg about balancing those risks with the potential harm of leaving users’ communications unprotected, they added, “while this tradeoff has not been quantified, we are very concerned that the right balance is not being struck, which would make your platform an unsafe space, including for children.”
Law enforcement called on Facebook and other companies that use encryption to find technical solutions that give law enforcement access to communications without undermining privacy and security. However, technologists argue that any backdoor would weaken the security of the entire system, so such a solution is untenable.
“Strong encryption and end-to-end security are bedrock technologies that keep information safe online,” Hannah Quay-de la Vallee, senior technologist at the Center for Democracy and Technology, said in a statement. “Creating a law that would mandate weaker and less secure technology is like mandating crumbling sidewalks to prevent criminals from escaping. It’s ridiculous, it won’t work, and it puts us all at far greater risk of serious injury.”
The Justice Department will host an event Friday highlighting the potential link between encryption and child sexual abuse. Senior department officials on Thursday said representatives from Facebook are expected to attend, though they noted their encryption concerns will extend far beyond the social media platform.
“We’re not trying to demonize Facebook, we’re not trying to pick on any one particular company,” a senior official said on a call with reporters. “But those of us in law enforcement are not doing our jobs if we don’t highlight this problem.”
On Thursday, officials from the U.S. and U.K. also signed a bilateral agreement that permits law enforcement agencies from both countries to share information about terrorism, child sexual exploitation and other crimes that they obtain from tech companies.