Proposed encryption backdoor would be ‘gift to criminals’, says Facebook


11 Dec 2019136 Views

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Image: © Carballo/Stock.adobe.com

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Facebook has argued that installing a backdoor, a measure lawmakers around the globe have called for, would be a security nightmare.

Facebook has advised that installing a backdoor into planned encryption across its messaging apps would be a “gift to criminals”.

The social network is considering end-to-end encryption on Facebook Messenger and Instagram Direct – on top of WhatsApp, which is already encrypted – meaning no-one, apart from the sender and recipient, can read or modify the messages.

In October, politicians in the UK, US and Australia wrote to Facebook boss Mark Zuckerberg expressing concerns that the move could prevent child abusers and terrorists being caught.

‘People’s private messages would be less secure and the real winners would be anyone seeking to take advantage of that weakened security’
— WILL CATHCART AND STAN CHUDNOVSKY

But in a response letter by two senior Facebook executives, the tech giant said it would be “simply impossible to create such a backdoor for one purpose and not expect others to try and open it”.

“The ‘backdoor’ access you are demanding for law enforcement would be a gift to criminals, hackers and repressive regimes, creating a way for them to enter our systems and leaving every person on our platforms more vulnerable to real-life harm,” WhatsApp head Will Cathcart and Facebook Messenger head Stan Chudnovsky said in a joint letter.

“People’s private messages would be less secure and the real winners would be anyone seeking to take advantage of that weakened security. That is not something we are prepared to do.”

Jay Sullivan, Facebook’s product management director for privacy and integrity in Messenger, appeared before the US Senate judiciary committee on Tuesday, arguing that people should be able to send private information without fears it will “fall into the hands of identity thieves or others with malicious intent”.

“We understand that there are people who attempt to misuse our services and do,” he said in his opening statement. “This is why we’ll continue to be a leader in detecting, preventing and responding to harm in our messaging services.”

Tackling online safety

A spokesperson from the UK Home Office said: “This response fails to address the very serious points raised in the home secretary’s [Priti Patel] letter, particularly the grave threat their proposals pose to the safety of our children.

“Facebook has not addressed or mentioned reports from the US National Centre for Missing & Exploited Children that 12m referrals of child sexual abuse would be lost annually if Facebook implemented end-to-end encryption as planned.

“The [UK] government supports strong encryption but has been clear that Facebook’s end-to-end encryption plans put at risk the ability to tackle online child sexual exploitation and abuse including online grooming and the sharing of child sexual abuse material, terrorism and serious organised crime – something Facebook itself admits in this letter.”

Dr Martha Kirby, NSPCC policy manager for child safety online, added: “This letter deliberately sidesteps the legitimate concerns child safety experts and governments have about encryption.

“Facebook argues that they prioritise child safety, but they clearly don’t as they seem intent on pursuing their plans which we know could endanger young people. Not one sentence properly explains how they will detect and report child abuse imagery and grooming if they end-to-end encrypt their services.

“We’ve said it before and we’ll say it again – encryption will give abusers a place to hide in the shadows and risk turning Facebook into a one-stop grooming shop.”

Though lawmakers have long been keen to install a workaround on encrypted social media, many working in the world of data privacy and cybersecurity have expressed fears about the implications of such a move.

Speaking to Siliconrepublic.com, former chief privacy officer of Google Lea Kissner noted that a backdoor would likely collapse the entire system of a network’s encryption and leave it vulnerable to attack. “Installing a backdoor in encryption technologies is like installing a backdoor in a balloon: poking one hole makes the whole thing fail,” she said.

— PA Media, with additional reporting by Eva Short