US, UK, Australia warn Facebook against end-to-end encryption

The US Department of Justice (DoJ), UK Home Secretary Priti Patel, and the Australian Minister for Home Affairs Peter Dutton are set to block Facebook's plan to roll out end-to-end encryption across its entire messaging portfolio, over concerns that national security would be adversely impacted.

In traditional client-server communications, encryption only protects data in-transit. A message sent via Twitter, for example, is encrypted from the sender's PC to Twitter's server, decrypted, re-encrypted, then send to the recipient. A security agency wanting the content of that message need only ask Twitter, which has access to the plain-text version of the message.

End-to-end encryption, by contrast, encrypts the message such that only the final recipient can access its contents. While the message typically still goes through a server en-route to its final destination, the server never has access to the plain-text message - and thus can't hand it over to security agencies no matter how nicely they ask.

Facebook-owned WhatsApp is one of the most popular end-to-end messaging clients around, and the central technology is one Facebook - under fire over various breaches of its users' rights to privacy - is looking to roll out to other messaging platforms under its umbrella, including Facebook Messenger and Instagram. It's a move which would grant its users additional privacy, but one the governments of the UK, US, and Australia have reportedly vowed to block.

According an open letter released by the US Department of Justice, US Attorney General William Barr, Acting Homeland Security Secretary Kevin McAleenan, UK Home Secretary Priti Patel, and Australian Minister for Home Affairs Peter Dutton are calling for Facebook  to 'enable law enforcement to obtain lawful access to content in a readable and usable format under the spectre of terrorism, child abuse, and other online ills.

'Companies should not deliberately design their systems to preclude any form of access to content, even for preventing or investigating the most serious crimes,' the letter reads. 'This puts our citizens and societies at risk by severely eroding a company’s ability to detect and respond to illegal content and activity, such as child sexual exploitation and abuse, terrorism, and foreign adversaries’ attempts to undermine democratic values and institutions, preventing the prosecution of offenders and safeguarding of victims. It also impedes law enforcement’s ability to investigate these and other serious crimes. Risks to public safety from Facebook’s proposals are exacerbated in the context of a single platform that would combine inaccessible messaging services with open profiles, providing unique routes for prospective offenders to identify and groom our children.'

At the same time, the governments of the US and UK announced a cross-border data access agreement, penned under the CLOUD Act, which will allow US investigators to request data from UK companies and vice-versa with considerably less legal oversight than under the current Mutual Legal Assistance process. 'This historic agreement will dramatically speed up investigations, allowing our law enforcement agencies to protect the public,' claims Patel of the deal. 'This is just one example of the enduring security partnership we have with the United States and I look forward to continuing to work with them and global partners to tackle these heinous crimes.'

Facebook has not publicly responded to the open letter, but Patel's involvement has been excoriated by pro-privacy campaign organisation the Open Rights Group (ORG). 'It is disturbing that Priti Patel alongside US politicians appear to wish to bully specific companies into stopping plans to allow users to encrypt their private communications. If politicians want companies to take action, they should be prepared to legislate,' claims ORG executive director Jim Killock of the open letter. 'Encryption is used for many legitimate reasons, from banking through to keeping personal communications private from corporations.

'It is very worrying that some politicians are suggesting that encryption systems should examine files and communications before sending them, to check them against "banned" communications. This could rapidly be deployed against whistleblowers, journalists and campaigners. Building global capabilities that can be used to suppress legitimate free expression is very unwise. While the debate on encryption appears to run and run, police can use ever greater amounts of digital information available to detect crime. We should always remember that policing detection powers are much greater in the digital age. We should be sceptical about concerns expressed about encryption, and ensure that our fears of the worst kinds of criminals are not used to limit our everyday rights to privacy and free speech.'