New Delhi: Facebook has said it will continue to develop new ways to maintain users’ security, at a time when seven countries including India have made a renewed push to get access to encrypted messages for law enforcement purposes.
On 11 October, seven countries — India, Japan, and the ‘Five Eyes Alliance’ set up to cooperate on intelligence purposes (UK, United States, Canada, Australia, and New Zealand) — issued a statement titled ‘International Statement: End-To-End Encryption And Public Safety’.
The countries said: “While encryption is vital and privacy and cyber security must be protected, that should not come at the expense of wholly precluding law enforcement, and the tech industry itself, from being able to act against the most serious illegal content and activity online.”
Facebook said it has always held that end-to-end encryption is necessary to protect people’s privacy, and would continue to maintain “high security”.
“We’ve long argued that end-to-end encryption is necessary to protect people’s most private information. In all of these countries, people prefer end-to-end encrypted messaging on various apps because it keeps their messages safe from hackers, criminals, and foreign governments. Facebook has led the industry in developing new ways to prevent, detect, and respond to abuse while maintaining high security and we will continue to do so,” the social networking giant said on behalf of a Facebook spokesperson in a statement emailed to ThePrint on 12 October.
A follow-up email, asking if the Facebook-owned WhatsApp would comply with this renewed request from countries for backdoor access to encrypted messages, did not receive a response.
WhatsApp’s public stance has been that it will not allow backdoor access to law enforcement agencies, and that not even WhatsApp knows what the message content is because it is end-to-end encrypted.
WhatsApp is used by two billion users globally, including over 400 million in India.
What the 7 countries want
This is not the first time India or the ‘Five Eyes’ countries have asked for access to encrypted platforms. The ‘Five Eyes’ had issued a similar request in July 2019, while in October 2019, India’s Information Technology Minister Ravi Shankar Prasad had reiterated that law enforcement agencies should be able to trace the source of messages even on end-to-end encrypted platforms like WhatsApp.
The latest statement from the countries asked tech companies to “enable law enforcement access to content in a readable and usable format where an authorisation is lawfully issued, is necessary and proportionate, and is subject to strong safeguards and oversight”.
The statement also said the companies should consult with governments and stakeholders to “facilitate legal access in a way that is substantive”.
It challenged “the assertion that public safety cannot be protected without compromising privacy or cyber security”.
“End-to-end encryption that precludes lawful access to the content of communications” creates severe risk to public safety — like when law enforcement agencies cannot access user messages to investigate “serious crimes”, the countries stated. They added that these risks are now in “sharp focus” due to “proposals to apply end-to-end encryption across major messaging services”.
Facebook has planned to apply end-to-end encryption to all its platforms, but the plan is yet to be put in place. The governments’ statement specifically mentions Facebook Messenger, the only service named in it.
“In 2018, Facebook Messenger was responsible for nearly 12 million of the 18.4 million worldwide reports of CSAM [child sexual abuse material],” the statement read.
“These reports risk disappearing if end-to-end encryption is implemented by default, since current tools used to detect CSAM [child sexual abuse material] do not work in end-to-end encrypted environments.”
Other service providers’ response
ThePrint asked for reactions to the governments’ statement from other encrypted services such as ProtonMail and messaging app Telegram. The latter didn’t respond, but ProtonMail’s public relations manager Edward Shone said: “Proton has never and will never cooperate with a request from a government to install a backdoor into our systems. There is no such thing as a key that only lets the good guys in. As soon as a ‘master key’ is created, every hacker in the world will be after it, putting millions of people around the world at risk of criminals.”
An April 2020 blog on another encrypted chat app, Signal, said: “Bad people will always be motivated to go the extra mile to do bad things. If easy-to-use software like Signal somehow became inaccessible, the security of millions of Americans (including elected officials and members of the armed forces) would be negatively affected. Meanwhile, criminals would just continue to use widely available (but less convenient) software to jump through hoops and keep having encrypted conversations.”
The blog was written to explain how a proposed US law will make it unlikely that companies can integrate end-to-end encryption into their platforms if that company also wants to claim protection under a separate law (that already exists) that won’t hold companies responsible for what users do on the company’s online platform.