US, UK, Australia write open letter demanding backdoors to encrypted messengers

[Delicieuxz]

In an open letter which is to be published tomorrow, but which some outlets have already got a copy of, the Australian, UK, and US governments are collectively demanding backdoor access to encrypted messengers, saying, "We are writing to request that Facebook does not proceed with its plan to implement end-to-end encryption across its messaging services without ensuring that there is no reduction to user safety", and, "Companies should not deliberately design their systems to preclude any form of access to content, even for preventing or investigating the most serious crimes".

 

I don't know why they used the words "even for" in that sentence instead of "especially for", as if the most serious crimes are the least of their concerns when it comes to encryption. Probably some sociopath logic about trying to manipulate people, and also a slip of the tongue indicating their primary objectives are not anything moral.

 

Facebook is apparently not on board:

 

Attorney General Bill Barr Will Ask Zuckerberg To Halt Plans For End-To-End Encryption Across Facebook's Apps

Quote

In a three paragraph statement, Facebook said it strongly opposes government attempts to build backdoors. A spokesperson for the Department of Justice declined to comment.

 

"I actually wouldn’t be surprised if we end up having similar engagements like this on other socially important things that we’re trying to move, like our big push to get towards more encryption across our messaging apps," Zuckerberg said in a closed-door July meeting with employees, according to leaked audio obtained by the Verge. "That will, over time, be very sensitive when we get closer to rolling it out."

 

Here's a pre-release copy of the open letter:

Quote

4 October 2019

Dear Mr. Zuckerberg,

OPEN LETTER: FACEBOOK’S “PRIVACY FIRST” PROPOSALS

We are writing to request that Facebook does not proceed with its plan to implement end-to-end encryption across its messaging services without ensuring that there is no reduction to user safety and without including a means for lawful access to the content of communications to protect our citizens.

In your post of 6 March 2019, “A Privacy-Focused Vision for Social Networking,” you acknowledged that “there are real safety concerns to address before we can implement end-to-end encryption across all our messaging services.” You stated that “we have a responsibility to work with law enforcement and to help prevent” the use of Facebook for things like child sexual exploitation, terrorism, and extortion. We welcome this commitment to consultation. As you know, our governments have engaged with Facebook on this issue, and some of us have written to you to express our views. Unfortunately, Facebook has not committed to address our serious concerns about the impact its proposals could have on protecting our most vulnerable citizens.

We support strong encryption, which is used by billions of people every day for services such as banking, commerce, and communications. We also respect promises made by technology companies to protect users’ data. Law abiding citizens have a legitimate expectation that their privacy will be protected. However, as your March blog post recognized, we must ensure that technology companies protect their users and others affected by their users’ online activities. Security enhancements to the virtual world should not make us more vulnerable in the physical world. We must find a way to balance the need to secure data with public safety and the need for law enforcement to access the information they need to safeguard the public, investigate crimes, and prevent future criminal activity. Not doing so hinders our law enforcement agencies’ ability to stop criminals and abusers in their tracks.

Companies should not deliberately design their systems to preclude any form of access to content, even for preventing or investigating the most serious crimes. This puts our citizens and societies at risk by severely eroding a company’s ability to detect and respond to illegal content and activity, such as child sexual exploitation and abuse, terrorism, and foreign adversaries’ attempts to undermine democratic values and institutions, preventing the prosecution of offenders and safeguarding of victims. It also impedes law enforcement’s ability to investigate these and other serious crimes. Risks to public safety from Facebook’s proposals are exacerbated in the context of a single platform that would combine inaccessible messaging services with open profiles, providing unique routes for prospective offenders to identify and groom our children.

Facebook currently undertakes significant work to identify and tackle the most serious illegal content and activity by enforcing your community standards. In 2018, Facebook made 16.8 million reports to the US National Center for Missing & Exploited Children (NCMEC) – more than 90% of the 18.4 million total reports that year. As well as child abuse imagery, these referrals include more than 8,000 reports related to attempts by offenders to meet children online and groom or entice them into sharing indecent imagery or meeting in real life. The UK National Crime Agency (NCA) estimates that, last year, NCMEC reporting from Facebook will have resulted in more than 2,500 arrests by UK law enforcement and almost 3,000 children safeguarded in the UK. Your transparency reports show that Facebook also acted against 26 million pieces of terrorist content between October 2017 and March 2019. More than 99% of the content Facebook takes action against – both for child sexual exploitation and terrorism – is identified by your safety systems, rather than by reports from users.

While these statistics are remarkable, mere numbers cannot capture the significance of the harm to children. To take one example, Facebook sent a priority report to NCMEC, having identified a child who had sent self-produced child sexual abuse material to an adult male. Facebook located multiple chats between the two that indicated historical and ongoing sexual abuse. When investigators were able to locate and interview the child, she reported that the adult had sexually abused her hundreds of times over the course of four years, starting when she was 11. He also regularly demanded that she send him sexually explicit imagery of herself. The offender, who had held a position of trust with the child, was sentenced to 18 years in prison. Without the information from Facebook, abuse of this girl might be continuing to this day.

Our understanding is that much of this activity, which is critical to protecting children and fighting terrorism, will no longer be possible if Facebook implements its proposals as planned. NCMEC estimates that 70% of Facebook’s reporting – 12 million reports globally – would be lost. This would significantly increase the risk of child sexual exploitation or other serious harms. You have said yourself that “we face an inherent tradeoff because we will never find all of the potential harm we do today when our security systems can see the messages themselves”. While this tradeoff has not been quantified, we are very concerned that the right balance is not being struck, which would make your platform an unsafe space, including for children.

Equally important to Facebook’s own work to act against illegal activity, law enforcement rely on obtaining the content of communications, under appropriate legal authorisation, to save lives, enable criminals to be brought to justice, and exonerate the innocent.

We therefore call on Facebook and other companies to take the following steps:

· Embed the safety of the public in system designs, thereby enabling you to continue to act against illegal content effectively with no reduction to safety, and facilitating the prosecution of offenders and safeguarding of victims;
· Enable law enforcement to obtain lawful access to content in a readable and usable format;
· Engage in consultation with governments to facilitate this in a way that is substantive and genuinely influences your design decisions; and
· Not implement the proposed changes until you can ensure that the systems you would apply to maintain the safety of your users are fully tested and operational.

We are committed to working with you to focus on reasonable proposals that will allow Facebook and our governments to protect your users and the public, while protecting their privacy. Our technical experts are confident that we can do so while defending cyber security and supporting technological innovation. We will take an open and balanced approach in line with the joint statement of principles signed by the governments of the US, UK, Australia, New Zealand, and Canada in August 2018[1] and the subsequent communique agreed in July this year[2].

As you have recognised, it is critical to get this right for the future of the internet. Children’s safety and law enforcement’s ability to bring criminals to justice must not be the ultimate cost of Facebook taking forward these proposals.

Yours sincerely,

Rt Hon Priti Patel MP
United Kingdom Secretary of State for the Home Department

William P. Barr
United States Attorney General

Kevin K. McAleenan
United States Secretary of Homeland Security (Acting)

Hon Peter Dutton MP
Australian Minister for Home Affairs

 

 

US, UK & Australia demand Facebook give backdoor access to WhatsApp & other encrypted messengers

 

 

This is not a particularly surprising development, as banning encryption is something the "Five Eyes" countries (New Zealand, Australia, Canada, UK, US) have been seeking for some years:

 

83 organisations send strong message to Five Eyes

Leaked documents reveal UK government is planning to BAN encryption to get access to your WhatsApp messages

We want to limit use of e2e encryption, confirms UK minister

Australian govt promises to push Five Eyes nations to break encryption

Australian Lawmakers Join Forces to Cast Magic Encryption Spell

Official statements from the Five Country Ministerial meeting make it clear: Voluntarily build lawful access into encrypted messaging systems, or else

 

FBI Director Wray: I strongly share Barr’s concerns about encrypted devices and messaging platforms, cites Sutherland Springs Apple case

 

 

[ACEHACK]

how is it even mathematically possible, encryption either exist or it doesn't. man first net neutrality now this, what's next ,competing with china and north korea to see whose the worst first 

[SpaceGhostC2C]

22 minutes ago, ACEHACK said:

how is it even mathematically possible, encryption either exist or it doesn't. man first net neutrality now this, what's next ,competing with china and north korea to see whose the worst first 

i think you found their solution to the problem.

[PlayStation 2]

Police states make it easy to control your citizens' every move. There's a reason self-defense and privacy is quickly disappearing all across the world.

[Vishera]

That's straight asking to make vulnerabilities on purpose and then get surprised when a hacker uses it,

The hacker could ironically use it to access the encrypted messages of those who proposed the backdoor.

[Gegger]

cambridge analytical again...but sponsored by some stupid governments

[Ashleyyyy]

boohoo we can't invade the privacy of millions of people we are the government and we demand to be able to do that boohoo

[ACEHACK]

seriously what the hell is happening to the world. and you know what worse, at least in us it will end up being  a right left issue and people will fight each other instead of the bullshit laws and regulations. just like how pai fucked everyone over

[FezBoy]

Oh god, please no.

[Bananasplit_00]

1 hour ago, ACEHACK said:

how is it even mathematically possible, encryption either exist or it doesn't. man first net neutrality now this, what's next ,competing with china and north korea to see whose the worst first 

The laws of mathematics are commendable, but the only law in Australia is the law of Australia

 

-some absolute nutthead important Australian

[S w a t s o n]

I refuse to believe five eyes governments dont understand how having a backdoor works. They fully understand that they are asking for a deliberate, security breaking vulnerability to be placed so they may use it for their "truly righteous and morally correct" needs.

 

They may as well be trying to ban encryption, which they themselves need soooooooo yea.

[ACEHACK]

 

1 minute ago, S w a t s o n said:

I refuse to believe five eyes governments dont understand how having a backdoor works. They fully understand that they are asking for a deliberate and security breaking vulnerability be placed so they may use it for their "truly righteous and morally correct" needs.

 

They may as well be trying to ban encryption, which they themselves need soooooooo yea.

its only a matter of time.

these people don't understand anything beside a $ and control.

when an agency tells them they do it like a robot responding to its master 

[it_dont_work]

Hon Peter Dutton MP
Australian Minister for Home Affairs

 

 

NOTE: this photo was (be it accidentally) released by his office.

 

 

[LAwLz]

1 hour ago, ACEHACK said:

how is it even mathematically possible, encryption either exist or it doesn't. man first net neutrality now this, what's next ,competing with china and north korea to see whose the worst first 

It's a bit more complex than that.

It is possible to change the apps so that we have encryption, but that can be broken. For example instead of how WhatsApp does it right now:

encrypts on one phone -> Never gets decrypted and can not be decrypted on the way -> decrypts on the other phone

it could be:

encrypt on one phone -> send to Facebook's servers -> Decrypt the message -> re-encrypt it -> send it to other phone -> decrypt on the other phone

This is how it works for Facebook Messenger right now, and it allows Facebook to read your messages and possibly hand them over to the government. The drawback is... Facebook can read all your messages and possibly hand them over to the government.

 

The biggest worry and threat to security is when the government tasks for backdoors in the software itself, or unrestricted access. For example ask for a way to send a special command to a WhatsApp enabled phone and it starts spitting out unencrypted message logs. That's where the massive risk of third parties discovering and abusing it. I haven't read the full letter but it seems like 5 eyes aren't asking for a backdoor they themselves can use. Just that they want Facebook to keep the current design where Facebook can read all messages, and they can hand it over to whoever.

 

It actually seems somewhat reasonable to me (as long as they are asking for the design to say the same, and not weaken it further) but on the other hand, I think privacy has become such a massive issue that we need to fight back and assume the worst. Since things are the way they are, I feel constantly monitored and unsafe using my devices and the only thing that can change that, is more and better encryption with strong emphasis on privacy like WhatsApp and Signal has.

 

If the 5 eyes wanted to be able to catch criminals then they should not have overstepped their boundaries by doing mass surveillance. Besides, it's already been proven time and time again that more surveillance does not equal more criminals stopped. After the Paris attack for example the investigators said that they had collected every single message and phone call the perpetrators made before the attack happened, but that they had so much data to go through that it overlooked them.

It's like trying to find a needle in a haystack, and their solution is to dump MORE hay on it because "if we triple the amount of hay we also double the amount of needles, thus increasing the odds of catching something!".

[dfsdfgfkjsefoiqzemnd]

They can demand all they want, doesn't mean they'll get it. 

Even if they can create laws that force companies to build in a backdoor, nothing stops people from creating their own means of end-to-end encryption.  The genie is out of the bottle.

[ACEHACK]

23 minutes ago, Captain Chaos said:

They can demand all they want, doesn't mean they'll get it. 

Even if they can create laws that force companies to build in a backdoor, nothing stops people from creating their own means of end-to-end encryption.  The genie is out of the bottle.

well sure but not for your everyday basic user, facebook is convenient and they don't care or understand privacy and 24/7 monitoring. for example, my mom, uses facebook even though i have tried to convince her many times to stop using it and close her account, but nope. 

even if you make a new tech competing and or trying to involve your basic user is extremely difficult. all it needs is someone spreading false info about it on facebook and your done. it will spread like wildfire.

[RejZoR]

Oh boy if this garbage goes through like it has in retarded Australia, I hope people involved in this idiocy get burned so hard through same backdoors they want to have at disposal. I want their personal data to be breached through said backdoors so hard so they'll realize how stupid their demands are.

[mr moose]

2 hours ago, Vishera said:

That's straight asking to make vulnerabilities on purpose and then get surprised when a hacker uses it,

The hacker could ironically use it to access the encrypted messages of those who proposed the backdoor.

They're not surprised when that happens, they just don't care and can use the full weight of every government authority to capture in such a criminal. 

 

25 minutes ago, RejZoR said:

Oh boy if this garbage goes through like it has in retarded Australia, I hope people involved in this idiocy get burned so hard through same backdoors they want to have at disposal. I want their personal data to be breached through said backdoors so hard so they'll realize how stupid their demands are.

 

For the umpteenth time, it has not gone through in Australia, there is no law that can force any person or company to put a backdoor in their products, that is why they are writing letters and asking and fighting for it, because if they could just demand it they would.

 

 

 

 

 

[LeSheen]

If facebook implements this encryption the USA might invest some more in quantum computers so they might be able to crack it. Trying to stay possitive

[ACEHACK]

2 minutes ago, LeSheen said:

If facebook implements this encryption the USA might invest some more in quantum computers so they might be able to crack it. Trying to stay possitive

they already do and with this now https://venturebeat.com/2019/02/27/d-wave-previews-quantum-computing-platform-with-over-5000-qubits/ its going to be super easy

[LeSheen]

6 minutes ago, ACEHACK said:

they already do and with this now https://venturebeat.com/2019/02/27/d-wave-previews-quantum-computing-platform-with-over-5000-qubits/ its going to be super easy

Luckily it looks like it will still take some decades.

https://www.tomshardware.com/news/quantum-computers-encryption-decades-researchers,38819.html

[ACEHACK]

well we went from 50 to 5000 so if d wave keeps up i would say next 5 years 

[LeSheen]

44 minutes ago, ACEHACK said:

well we went from 50 to 5000 so if d wave keeps up i would say next 5 years 

I'm not that familiar with quantum computing. But I don't think it will keep going at the same pace. Or is there a kind of moore's law for these things as well (not that moore's law is still in effect)?

[leadeater]

7 minutes ago, LeSheen said:

I'm not that familiar with quantum computing. But I don't think it will keep going at the same pace. Or is there a kind of moore's law for these things as well (not that moore's law is still in effect)?

Early tech usually rapidly advances before we can start setting progression trends like Moore's Law. I'd probably equate ourselves to being in the end of wire wound magnetic-core memory for Quantum computing.

 

Spoiler

This is what Quantum today looks like in relation to memory chips of today to where Quantum computing will be in 10 years time (probably).

 

[LAwLz]

3 hours ago, mr moose said:

For the umpteenth time, it has not gone through in Australia, there is no law that can force any person or company to put a backdoor in their products, that is why they are writing letters and asking and fighting for it, because if they could just demand it they would.

Yes there is.

On 2/8/2019 at 12:09 PM, LAwLz said:

The Australian law requires companies to under some circumstances implement a method for the Australian government or people working for the government to gain access to data on individuals, possibly without their consent or knowledge. That is a backdoor.

The law (flimsily and with a ton of loopholes) forbids "systemic weaknesses", but not all backdoors are systemic. It is therefore 100% correct to say that the Australian government can require backdoors. Although it might be a bit misleading because a lot of people think of systemic backdoors when they think of backdoors.

 

But I'd also argue that any weakness can be applied as a systemic weakness, but that's something the Australian government refuses to acknowledge. They refuse to listen to feedback from researchers, developers civil liberties organizations and tech companies.