Politicians from the UK, the US and Australia have penned an open letter to Facebook CEO Mark Zuckerberg requesting the team delay end-to-end encryption plans.
Signed by UK Secretary of State Priti Patel, US Attorney General William Barr, Acting-Secretary of Homeland Security Kevin McAleenan, and Australian Minister for Home Affairs Peter Dutton, the letter requests that before any encryption technologies are applied to messaging services Facebook includes a means for enforcement agencies to access the content transmitted across the platforms.
Once again, politicians are defying logic by requesting the creation of a backdoor to by-pass the security and privacy features which are being implemented on messaging platforms and services.
“We are committed to working with you to focus on reasonable proposals that will allow Facebook and our governments to protect your users and the public, while protecting their privacy,” the letter states. “Our technical experts are confident that we can do so while defending cyber security and supporting technological innovation.”
It is as if the politicians do not live in the real world. We understand governments have a duty to protect society, and part of this will include monitoring the communications and activities of nefarious individuals, but this is not the right way to go about doing it.
Using the argument of security to undermine security and make citizens less secure is a preposterous idea, almost laughable. The ‘technical experts’ might be confident a backdoor can be built, but how do you protect it? This letter is requesting the construction of a vulnerability into security features, and once a vulnerability is there, it is only a matter of time before it is exposed by the suspect individuals in the rotting corners of society.
What is being suggested here is similar to building a high-security facility in the real world, with 15-foot, electrified walls, guards and watch-dogs, helicopters patrolling overhead, but then asking to leave the backdoor unlocked. It doesn’t matter how good defences are, eventually someone will find their way to the backdoor, open it and then let all his/her friends know how it was done. Chaos would eventually find a way.
This is of course a theoretical situation, the hackers might never find a way to or through the backdoor, but why tempt fate? No-one leaves their home believing they might be burgled that night, but they lock the door in any case. Why create a situation where the prospect of chaos is a possibility, irrelevant as to how faint? This seems like nothing more than simple logic.
As mentioned before, police forces and intelligence agencies are being tasked with keeping society safe. This is a very difficult job, especially with the progress of technology. Facebook, and others in the technology industry, should assist wherever possible (and legal), though this is not the right way to go about the situation.
This does put Facebook in a difficult position. The company is currently attempting to repair the damage to its reputation, as well as re-gain trust from both governments and wider society. However, it is increasingly looking like an impossible situation to satisfy both parties.
In March, Facebook CEO Mark Zuckerberg outlined a new focus for the company; it would hold the concept of privacy dear, and all new services will be built with privacy at the forefront of demands. Thanks to the Cambridge Analytica scandal, Facebook’s reputation as a guardian of personal information has been severely damaged, thus this new approach is critical to regaining credibility in the eyes of its users.
However, end-to-end encryption is a key element of this privacy strategy. Facebook cannot fulfil its promise to the user and satisfy the demands being laid out in this letter. If it was to build in a vulnerability, it could not tell the user in all honesty it has done everything possible to ensure security and privacy.
As the letter states, Facebook is doing more to clean-up its platform.
“In 2018, Facebook made 16.8 million reports to the US National Center for Missing & Exploited Children (NCMEC) – more than 90% of the 18.4 million total reports that year,” the letter states. “As well as child abuse imagery, these referrals include more than 8,000 reports related to attempts by offenders to meet children online and groom or entice them into sharing indecent imagery or meeting in real life.”
This is the situation which Facebook is in. It is never going to be able to remove all the hideous conversations and activity on its platform, but governments will demand it does. Something will always slip through the net, and the sharp stick of the law will be there to punish the company. Facebook will never be able to do enough to satisfy the demands of governments, and therefore will always be a defensive position.
However, you should not be distracted by the rhetoric which is being put forward in this letter. Yes, there are some horrendous activities which occur on the platform. Yes, Facebook should, and probably could, do more to assist police forces and intelligence services. Yes, the digital economy has largely shirked responsibility in the years leading to today. But no, building vulnerabilities in the system is not the right way forward.
These politicians are saying the right things to gain public support. These actions are in the pursuit of catching child molesters and terrorists; who wouldn’t want to help? But you have to look at the collateral damage. Users would be left open to identify theft, fraud and blackmail. These messaging platforms are used to have private conversations, exchange bank account details and discuss holiday plans. The number of criminals which could be caught is nothing compared to the billions who would be exposed to hackers on the web.
The idea which is presented here does have good intentions, but it pays no consideration to the collateral damage. The negatives of introducing a backdoor vastly outweigh the positives.
Quite frankly, we are still surprised to be having this conversation. Undermining security is no way to improve security. Governments need to understand this is not a viable option.