Here we go again: US govt tells Facebook to kill end-to-end encryption for the sake of the children

Uncle Sam calls on tech giants to open up platforms for government snooping


The US government is renewing its efforts to talk tech firms out of using end-to-end encryption methods that would keep police from snooping on conversations.

The Department of Justice on Friday held what it dubbed the "Lawful Access Summit," a morning-long presentation aimed at convincing people that police must be able to see all conversations on messaging platforms in order to protect the public, specifically children, from predators.

"Outside the digital world, none of us would accept the proposition that grown-ups should be permitted to mingle in closed rooms with children they don’t know in order to groom them for sexual exploitation," offered US deputy attorney general Jeffrey Rosen.

"Neither would we ever accept the idea that a person should be allowed to keep a hoard of child sexual abuse material from the scrutiny of the justice system when all of society’s traditional procedures for protecting the person’s privacy, like the Fourth Amendment’s warrant requirement, have been satisfied. But in the digital world, that is increasingly the situation in which we find ourselves."

In particular, the DOJ has zeroed in on Facebook. The social network recently announced its intention to make all of its chat services, not just WhatsApp, end-to-end encrypted platforms that will place keys in the hands of the users themselves.

"We must find a way to balance the need to secure data with public safety and the need for law enforcement to access the information they need to safeguard the public, investigate crimes, and prevent future criminal activity," the DOJ says to the social network.

"Not doing so hinders our law enforcement agencies’ ability to stop criminals and abusers in their tracks."

Rather than demand the backdoor ability to decrypt communications on demand, the DOJ is suggesting tech firms instead offer a "front door" to let police present a warrant and receive copies of the conversations they wish to view. Unfortunately, the authorities don't seem to have any idea what that "front door" would actually look like in the context of an end-to-end encrypted service.

While Facebook did not respond to a request for comment, this discrepancy was noted by critics of the plan, including Senator "Silicon" Ron Wyden, who point out that, in essence, the DOJ is still asking for a backdoor to get at encrypted communications. He warned that those backdoors are likely to be abused, either by unscrupulous law enforcement officers or by hackers who steal the encryption keys and use them for their own ends.

"Nearly every aspect of our lives depends on the defense of strong encryption – our home devices, location tracking, microphones and cameras on our phones, bank accounts, and on and on. If companies succumb to this pressure campaign, then child predators, domestic abusers and internet crooks will have a red carpet to do harm to innocent people," said Wyden.

barr

Low Barr: Don't give me that crap about security, just put the backdoors in the encryption, roars US Attorney General

READ MORE

"It is no surprise that William Barr, with his long record of calling for government surveillance of innocent Americans, is pushing another bad-faith effort to vastly expand surveillance without addressing the real problems facing our people.”

Wyden also points out that the DOJ's push can only extend to companies located in the US, which are just a small fraction of those currently offering end-to-end encrypted services.

"American providers of end-to-end encrypted apps like WhatsApp regularly share valuable metadata with law enforcement. This enables the police to locate criminals and identify those they are talking to. In contrast, foreign encrypted messaging services like Telegram will not share any data with the US government," Wyden offers.

"Mr. Barr’s proposal to have tech companies tap the phones of innocent Americans will do nothing but drive criminals to use foreign encryption services, where they will be even harder for the police to catch." ®

Similar topics


Other stories you might like

  • Cuba ransomware gang scores almost $44m in ransom payments across 49 orgs, say Feds

    Hancitor is at play

    The US Federal Bureau of Investigation (FBI) says 49 organisations, including some in government, were hit by Cuba ransomware as of early November this year.

    The attacks were spread across five "critical infrastructure", which, besides government, included the financial, healthcare, manufacturing, and – as you'd expect – IT sectors. The Feds said late last week the threat actors are demanding $76m in ransoms and have already received at least $43.9m in payments.

    The ransomware gang's loader of choice, Hancitor, was the culprit, distributed via phishing emails, or via exploit of Microsoft Exchange vulnerabilities, compromised credentials, or Remote Desktop Protocol (RDP) tools. Hancitor – also known as Chanitor or Tordal –  enables a CobaltStrike beacon as a service on the victim's network using a legitimate Windows service like PowerShell.

    Continue reading
  • Graviton 3: AWS attempts to gain silicon advantage with latest custom hardware

    Key to faster, more predictable cloud

    RE:INVENT AWS had a conviction that "modern processors were not well optimized for modern workloads," the cloud corp's senior veep of Infrastructure, Peter DeSantis, claimed at its latest annual Re:invent gathering in Las Vegas.

    DeSantis was speaking last week about AWS's Graviton 3 Arm-based processor, providing a bit more meat around the bones, so to speak – and in his comment the word "modern" is doing a lot of work.

    The computing landscape looks different from the perspective of a hyperscale cloud provider; what counts is not flexibility but intensive optimization and predictable performance.

    Continue reading
  • The Omicron dilemma: Google goes first on delaying office work

    Hurrah, employees can continue to work from home and take calls in pyjamas

    Googlers can continue working from home and will no longer be required to return to campuses on 10 January 2022 as previously expected.

    The decision marks another delay in getting more employees back to their desks. For Big Tech companies, setting a firm return date during the COVID-19 pandemic has been a nightmare. All attempts were pushed back so far due to rising numbers of cases or new variants of the respiratory disease spreading around the world, such as the new Omicron strain.

    Google's VP of global security, Chris Rackow, broke the news to staff in a company-wide email, first reported by CNBC. He said Google would wait until the New Year to figure out when campuses in the US can safely reopen for a mandatory return.

    Continue reading

Biting the hand that feeds IT © 1998–2021