Facebook is not giving in to Department of Justice demands on weakening encryption, according to a new letter the company sent to U.S. Attorney General Bill Barr and acting Secretary of Homeland Security Chad Wolf on Monday.
“Cybersecurity experts have repeatedly proven that when you weaken any part of an encrypted system, you weaken it for everyone, everywhere,” Will Cathcart, vice president and head of WhatsApp, and Stan Chudnovsky, vice president and head of Facebook Messenger, wrote in the letter, which CyberScoop acquired. “The ‘backdoor’ access you are demanding for law enforcement would be a gift to criminals, hackers and repressive regimes, creating a way for them to enter our systems and leaving every person on our platforms more vulnerable to real-life harm.”
The letter comes as tech companies, privacy experts, lawmakers and government agencies continue to debate how law enforcement can track criminals when they are “going dark” by using encrypted commercially available communications and web browsing tools. Facebook’s letter reiterated the stance of many in the industry.
“It is simply impossible to create such a backdoor for one purpose and not expect others to try and open it,” Cathcart and Chudnovsky wrote.
Just a few months ago the Department of Justice — along with the Department of Homeland Security, U.K. Home Secretary Priti Patel and Australian Minister of Home Affairs Peter Dutton — asked Facebook to delay a rollout of end-to-end encryption across its messaging platforms — WhatsApp, Instagram, and Facebook Messenger.
The officials cited concerns that Facebook’s plans to do so would prevent the DOJ from pursuing child sex abusers that use the platform for their miscreant ways, but the argument isn’t holding water with Facebook.
Cathcart and Chudnovsky were adamant that allowing the DOJ access to some communications would be weakening security for everyone else seeking to use their platforms.
“The real winners would be anyone seeking to take advantage of that weakened security,” they wrote. “The fact that these messages are encrypted [is] the first line of defense, as it keeps them safe from cyber attacks and protected from falling into the hands of criminals,” as well as governments and hackers, they note.
Lawmakers are beginning to closely examine the issue — the first congressional hearing on the renewed encryption battle kicked off before the Senate Judiciary Committee on Tuesday. Several lawmakers from both sides of the aisle, including Sens. Lindsey Graham, R-S. Carolina, Sen. Dianne Feinstein, D-Calif., and Joni Ernst, R-Iowa, expressed interest in legislating on the matter if Silicon Valley does not provide a solution of its own.
“I’m not about to create a safe haven for criminals where they can plan their misdeeds,” said Graham, who serves as chair of the committee. “You’re going to find a way to do this or we’re going to do it for you.”
It wasn’t immediately clear what form any possible legislation would take. Feinstein told CyberScoop after the hearing her “sense is to do a bill in a limited form,” indicating she is more interested in access to devices found at crime scenes or implicated in crimes than amending Communications Assistance for Law Enforcement Act (CALEA) and dealing with access to online communications software.
Feinstein wouldn’t detail when she thought Congress should act. But Sen. Richard Blumenthal, D-Conn., said time is running out for big tech.
“Right now big tech enjoys uniquely — and I want to emphasize uniquely — almost complete immunity from legal responsibility,” Blumenthal said during the hearing. “That will end because the American people are losing patience … That kind of immunity will be short-lived if big tech isn’t able to do better.”
Deputy Assistant Attorney General Brad Wiegmann indicated last week that he was supportive of a legislative solution to the issue, noting that the DOJ may be interested in pushing its encryption designs on other tech titans asides from Facebook, possibly teeing up a larger battle.
Wiegmann would not specify what kind of legislation he would be supportive of or on what timeline it should come. When asked if he or the DOJ supported the idea of amending CALEA, he declined to comment.
Silicon Valley and DOJ at loggerheads
Facebook said it will continue to try helping the DOJ catch criminals by sharing information on child sex abusers.
“We will continue to respond to valid legal requests for the information we have available. We will also continue to prioritize emergencies, such as terrorism and child safety,” they wrote.
The DOJ has raised concerns that access to sexually abusive content will be drastically reduced if end-to-end encryption rolls out.
“We will no longer be able to see these child sexual abuse messages,” Wiegmann said at a CATO conference last week. “There is no substitute for seeing the content.”
Facebook said it will continue to work with the governments of the U.S., the U.K., and Australia to collaborate on solutions for sharing information even as it rolls out end-to-end encryption.
“We continue to commit to ongoing consultation as we build our product over the next couple of years. Every month we meet with officials from your governments to continue these conversations and we will continue to do so,” Cathcart and Chudnovsky wrote.
You can read the full letter from Facebook to U.S., U.K., and Australian officials below.