Connect with us

Hi, what are you looking for?


Data Protection

Officials Push Facebook for Way to Peek at Encrypted Messages

Officials are calling on Facebook not to use encryption in its messaging services that does not provide authorities a way to see what is being sent.

Officials are calling on Facebook not to use encryption in its messaging services that does not provide authorities a way to see what is being sent.

The request was made in a letter signed by US Attorney General William Barr, British home secretary Priti Patel and Australian minister for home affairs Peter Dutton.

“We are writing to request that Facebook does not proceed with its plan to implement end-to-end encryption across its messaging services… without including a means for lawful access to the content of communications to protect our citizens,” said a copy of the letter obtained by AFP and dated October 4.

The letter called on Facebook and other companies to make sure messaging systems were not so well-encrypted that law enforcement couldn’t see “content in a readable and usable format” when needed.

The request, addressed to Facebook chief Mark Zuckerberg, raises anew the conflict between technology firms intent on protecting user privacy by scrambling messages with encryption, and government agencies contending that doing so would let wrongdoers hide their schemes.

The leading social network already encrypts WhatsApp messages from end-to-end — meaning only the sender and recipient can read the message, which is saved in encrypted form — and is working to extend the technology to other apps in its family, including Messenger.

End-to-end encryption protects the messages of over a billion people every day, according to Facebook.

Advertisement. Scroll to continue reading.

“It is increasingly used across the communications industry and in many other important sectors of the economy,” Facebook said in response to an AFP query.

“We strongly oppose government attempts to build backdoors because they would undermine the privacy and security of people everywhere.”

During a live-streamed question session with employees, Zuckerberg said the company recognized the challenge in balancing privacy with fighting crimes such as child exploitation and terrorism, and was working with authorities to get it right.

“Having the availability to look at the content is a useful signal, and when you lose that you are fighting that battle with at least a hand tied behind your back and you hope there is a lot of good stuff you can do with your other hand,” Zuckerberg said.

He felt the scale was still tipped toward encryption, which can help protect journalists, political protesters, and others.

Privacy has been a sore point for Facebook, and users have been clamoring for encryption of messages, according to Zuckerberg.

Clues such as patterns of behavior and connections between accounts can be used as signals of illicit behavior even if data in messages can’t be seen, he noted.

– Scare tactics? –

The nonprofit Center for Democracy and Technology (CDT), based in Washington, contended that governments signing the letter were using scare tactics to weaken security of global communications and build in surveillance.

“Strong encryption and end-to-end security are bedrock technologies that keep information safe online,” said CDT senior technologist Hannah Quay-de la Vallee.

“These technologies protect billions of communications every day, from the sensitive correspondence of victims of domestic violence to businesses’ financial records to our private medical information.”

Facebook early this year said it was trying to get its messaging apps to be friends, allowing encrypted missives be exchanged no matter which of its services are used.

The California-based social network is behind free, stand-alone smartphone apps Instagram, Messenger and WhatsApp.

Each service is popular, but users have to be in the same application to exchange messages.

– CLOUD Act –

The joint letter to Facebook, paired with a freshly signed “CLOUD” data sharing agreement between Britain and the US, should set off “red flags” for citizens in both countries who care about governments monitoring and sharing their communications, the CDT argued.

The CLOUD Act Agreement will allow British and US law enforcement agencies to demand electronic data regarding serious crimes directly from tech companies based in the other country, according to a Department of Justice statement.

The agreement will allow “more efficient and effective access to data needed for quick-moving investigations,” Barr said in the statement.

“Only by addressing the problem of timely access to electronic evidence of crime committed in one country that is stored in another, can we hope to keep pace with twenty-first century threats,” he added.

Facebook interpreted the CLOUD Act to allow technology companies to enable users to have private online conversations and be required to provide available information to valid legal requests — not build backdoors into encrypted systems.

“Creating a law that would mandate weaker and less secure technology is like mandating crumbling sidewalks to prevent criminals from escaping,” said Quay-de la Vallee.

“It’s ridiculous, it won’t work, and it puts us all at far greater risk of serious injury.”

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.