Digital rights groups are reacting to two of the latest attempts by governments to undermine existing encryption protections, as well as put an end to plans to introduce more encryption to private communications taking place online.
In one instance, American, British, and Australian governments sent a joint letter to Facebook CEO Mark Zuckerberg, urging him not to implement a plan announced earlier in the year that would provide end-to-end encryption across a suite of Facebook messaging apps.
Zuckerberg’s plan came as the company was under fire for privacy and security violations – and governments and politicians often like to point to this shortcoming of Facebook when they go after the social media giant. However, end-to-end encryption remains a fundamental feature that users have to protect their online privacy.
So, despite being declaratively in favor of privacy protections, this doesn’t seem to be a sincere concern of the authorities – at least not judging by the letter, criticized by the Electronic Frontier Foundation (EFF) as an all-out attack on encryption tech.
Double your web browsing speed with today's sponsor. Get Brave.
BuzzFeed, who had early access to the letter before it was released, writes that it was signed by US Attorney General Bill Bar, UK Home Secretary Priti Patel, acting US Homeland Security Secretary Kevin McAleenan, who argue that more privacy that Facebook wants to give its users would mean less public safety.
Specifically – that encrypted communications would prevent access of security agencies to Facebook’s messaging apps, and in this way prevent them from discovering various illegal activities, including “terrorism, child sexual exploitation, and election meddling.”
This means that security agencies want Facebook to give them backdoor access to personal communications on the platform, EFF said. The San Francisco-based rights group qualified the request as “a staggering attempt to undermine the security and privacy of communications tools used by billions of people” and urged Facebook to resist it.
And even though the letter is released at the same time as the announcement about the facilitating of access to electronic data located in the other country signed by the US and the UK – EFF sees the letter as more dangerous, and also more telling of the policy conducted by these governments.
For one thing, the intent seems one-sided as it would make life easier for law enforcement, but at the same time putt users in jeopardy – for example, journalists, activists, and abuse victims who rely on safe, encrypted communication, sometimes for their lives.
Also, EFF recalls, encryption protects everyone using it from prying and spying criminals and companies, and from governments, particularly those labeled as authoritarian. In its reaction, the rights group also observes that once encryption is weakened by backdoors, these become available to everyone to exploit – not just the governments that pushed for their presence. And considering the number of people who use Facebook – nearly 2.5 billion – it’s clear that the damage from this could be real and wide-spread.
This effort to ensure Facebook’s compliance comes as the US-UK data-sharing deal is announced. Privacy International notes that the deal came under America’s Clarifying Lawful Overseas Use of Data (CLOUD) Act.
Those who designed the agreement see it as a triumph for security agencies and their ability to fight crime, this UK-based digital rights group said – but in reality, the standard of privacy available to citizens in these two democracies is suffering.
In the past, foreign agencies who wished to access data stored by US platforms like Facebook and Google had to prove probable cause to succeed – and this provision served as protection for users around the world, Privacy International said.
The new agreement, however, allows the UK to bypass this requirement by letting it apply its own legal rules. And in the case of the UK, the rights organization warned, these rules are not as reliable as those in the US.
Not only that, but the UK is now hoping to be able to erode encryption, oblivious to the dangers of this – and of the fact that implementing end-to-end encryption cannot be cherry-picked – “either it is turned on for everyone, or broken for everyone.”
What the new agreement and the letter sent to Facebook reveal is that a coordinated attack on encryption is being launched by several leading western countries, and it remains to be seen how and if the beleaguered tech giant can resist it, without putting itself under even more pressure from these authorities.