The fight between law enforcement and tech companies over encryption is about to enter another round.
The U.S. government, along with the support of Australia and the U.K., has written a letter asking Facebook CEO Mark Zuckerberg to delay adding encryption to its messaging services until the company can ensure that the security feature won’t be a detriment to public safety.
The letter, a copy of which has been seen by CyberScoop, is signed by U.S. Attorney General William Barr and U.S. Secretary of Homeland Security Kevin McAleenan. U.K. Home Secretary Priti Patel and Australian Minister for Home Affairs Peter Dutton have also signed the letter.
The letter, dated Oct. 4, states that if Facebook adds encryption by default to its messaging services, it will hinder law enforcement’s ability to find illegal activity that takes place on the services.
BuzzFeed News was the first to report on the letter’s existence.
The U.S. Department of Justice is hosting a summit Friday on this very issue with a focus on how encrypted communications can hamper investigations into child sex exploitation.
“Our hope is to use the child exploitation issue as a particular lens,” a U.S. government official told reporters in a background briefing Thursday.
The effort comes after a speech Barr made in July in which he referred to “warrant-proof” encryption as “enabling dangerous criminals to cloak their communications and activities behind an essentially impenetrable digital shield.”
Facebook owns a number of different messaging platforms. The most popular is WhatsApp, which already encrypts user conversations by default. Facebook Messenger gives users the ability to turn encryption on via its “Secret Conversations” feature. Earlier this year, Facebook CEO Mark Zuckerberg announced WhatsApp, Instagram and Facebook Messenger will be encrypted as the company moves to power each messaging app on a unified back-end system.
Zuckerberg predicted the move would force law enforcement to push back, because it might limit the data they can access in sensitive criminal cases.
“Our big push to get towards more encryption across our messaging apps … will, over time, be very sensitive when we get closer to rolling it out. Law enforcement, obviously, is not going to be psyched about that,” Zuckerberg said, according to audio released by The Verge earlier this week. “But we think it’s the right thing to protect peoples privacy more, so we’ll go defend that when the time is right.”
Zuckerberg has acknowledged Facebook has a responsibility to work with law enforcement to help prevent child exploitation and terrorism, but a U.K. government official told reporters Thursday that the U.K. has not seen sufficient effort from Facebook to change their plans.
“They must be willing to engage in a detailed technical consultation with governments that can have a genuine impact on how they implement their design and make their decisions. We’re not seeing a willingness from Facebook’s part to do this. That’s why the [U.K.] Home Secretary is taking action today,” the government official said.
Multiple officials said they are neither interested in singling out Facebook nor imposing any one particular design on companies.
“We are not interested in pushing particular design solutions or any particular technology to make those changes,” one official said, referring to not using end-to-end encryption.
History of encryption backdoor tension
Debates over whether law enforcement should be able to access encrypted messages has long stirred up tension.
“End-to-end encryption already protects the messages of over a billion people every day. It is increasingly used across the communications industry and in many other important sectors of the economy,” a Facebook spokesperson said in a statement to CyberScoop. “We strongly oppose government attempts to build backdoors because they would undermine the privacy and security of people everywhere.”
Sen. Ron Wyden (D-Ore.) told CyberScoop backdoors to encryption will make Americans less safe.
“The scourge of child sexual exploitation is a serious problem, but the attorney general’s proposal will only make things worse,” Wyden said. “Mr. Barr’s proposal to have tech companies tap the phones of innocent Americans will do nothing but drive criminals to use foreign encryption services, where they will be even harder for the police to catch.”
“Encryption is an increasingly important part of the digital ecosystem because it is a foundational technology for cybersecurity both for secure data in transit and to secure data at rest,” said Tommy Ross, the senior director of policy at The Software Alliance (BSA), which counts Apple as a member.
Ross told CyberScoop he thinks pushing for technology companies to not use end-to-end encryption in the context of child sexual exploitation shows “intent to browbeat the tech community” and that this is a “pretty misguided approach” to trying to increase public safety.
“Our members are generally in the same place: they don’t think these conversations are constructive,” Ross said.
The letter is just the latest push from law enforcement for a way around encryption. The Five Eyes alliance, in which the U.K., Australia, New Zealand, Canada, and the U.S. share intelligence, asked last year for the private sector to provide access to encrypted communications, noting “privacy is not absolute.”
The countries threatened in a joint statement that if they continue to be blocked from accessing decrypted materials, they “may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions.”
They issued a similar joint statement this July.
One government official said the Friday summit will touch on a theme taking issue with the Communications Assistance for Law Enforcement Act (CALEA) of 1994, which Congress passed to help law enforcement wiretap phone calls. The act has telecommunications companies create interception capabilities when served court orders for electronic surveillance — but it does not apply to all communications software. The government official said that gap “doesn’t make sense.”
“It is a little bit odd that if you’re a young woman being trafficked for sex if your tormenters are using regular ordinary cell phones to communicate, law enforcement has the ability to essentially track those communications, and yet if your tormenters are using iMessage … you don’t.”
The FBI tried in 2010 and 2013 to expand the act to include all online communications software. The official would not comment on whether the U.S. will be proposing changes to CALEA moving forward.
You can read the full letter below.