(Mis)Uses of Technology

from the breaking-Messenger-will-leave-criminals-with-only-dozens-of-secure-options dept

Tue, Oct 13th 2020 10:42am — Tim Cushing

The world's law enforcement agencies are back at it, advocating for the demise of end-to-end encryption. The last time they all got together like this, they were complaining to Facebook for thinking about adding encryption to its Messenger service.

Because Facebook does so well reporting child porn to the proper authorities, the proper authorities have gathered to decry its decision to encrypt this service, claiming it would result in a lot of unobserved child porn being passed between users. With Facebook unable to eavesdrop on messages, the images and videos can be shared unnoticed.

And, again, the international law enforcement community is asking for weaker encryption… and namechecking Facebook as the cause of and potential solution to all the world's child porn problems. The new "international statement" opens up with a united declaration that everyone loves encryption, before getting to the long list of "buts."

We, the undersigned, support strong encryption, which plays a crucial role in protecting personal data, privacy, intellectual property, trade secrets and cyber security. It also serves a vital purpose in repressive states to protect journalists, human rights defenders and other vulnerable people, as stated in the 2017 resolution of the UN Human Rights Council. Encryption is an existential anchor of trust in the digital world and we do not support counter-productive and dangerous approaches that would materially weaken or limit security systems.

Of course, that last sentence is a lie. At best, it's completely disingenuous. Almost immediately following this assertion that the undersigned have no intention or pursuing counterproductive/dangerous approaches, the Five Eyes crew (along with India and Japan) lists the counterproductive/dangerous ways they'd like encryption to be broken.

Particular implementations of encryption technology, however, pose significant challenges to public safety, including to highly vulnerable members of our societies like sexually exploited children. We urge industry to address our serious concerns where encryption is applied in a way that wholly precludes any legal access to content. We call on technology companies to work with governments to take the following steps, focused on reasonable, technically feasible solutions:

 

• Embed the safety of the public in system designs, thereby enabling companies to act against illegal content and activity effectively with no reduction to safety, and facilitating the investigation and prosecution of offences and safeguarding the vulnerable;

• Enable law enforcement access to content in a readable and usable format where an authorisation is lawfully issued, is necessary and proportionate, and is subject to strong safeguards and oversight; and

• Engage in consultation with governments and other stakeholders to facilitate legal access in a way that is substantive and genuinely influences design decisions.

 

I'm not sure what sort of "strong encryption" can handle all of these weak spots being introduced without turning into something easily misused, but these government reps are pretty sure people at these companies will come up with something. These governments have convinced themselves they're "stakeholders" in private conversations between citizens that are facilitated by services like Facebook's Messenger.

And that's what this is about. The statement cites Facebook's success in handling child porn while trying to use that against it.

In 2018, Facebook Messenger was responsible for nearly 12 million of the 18.4 million worldwide reports of CSAM [child sexual abuse material to the US National Center for Missing and Exploited Children (NCMEC)]. These reports risk disappearing if end-to-end encryption is implemented by default, since current tools used to detect CSAM [child sexual abuse material] do not work in end-to-end encrypted environments.”

If this is true, then there's nothing else that can be done. Weakened encryption that allows Facebook to intercept users' messages does nothing for the millions of Facebook users who've never trafficked in illegal content. The company can either give users security and privacy, or it can give these governments what they want. There's no middle ground that's going to accommodate both groups.

And this push against Facebook is working. These statements were converted into news articles claiming Facebook is "responsible" for 94% of all reported child porn. But that wording suggests Facebook is the problem, rather than its users. Facebook made 94% of the reports, showing once again it's been doing what it can to combat the problem.

Its decision to offer encryption to Messenger users isn't being made lightly. It's aware of the downside. But it's also aware of the threat posed to its users by a number of malicious entities, which include authoritarian governments and state-sponsored hackers. If it wants to protect its millions of innocent users, it has to offer the same shelter to criminals using the service. That's how it goes. The middle ground governments think the private sector should nerd towards simply doesn't exist.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team