Two months ago we reported on an open letter by Attorney General William Barr and his counterparts in Australia and the United Kingdom, calling on Facebook to create encryption backdoors in its messaging apps. This was followed by the FBI urging Interpol to condemn the use of strong encryption.
Facebook has officially responded to the Attorney General’s request, via an open letter of their own. In the letter, Will Cathcart, Head of WhatsApp, and Stan Chudnovsky, Head of Messenger, highlight the inherent risks of making encryption weaker, or creating backdoors for authorities to access.
“We believe that people have a right to expect this level of security, wherever they live. As a company that supports 2.7 billion users around the world, it is our responsibility to use the very best technology available to protect their privacy. Encrypted messaging is the leading form of online communication and the vast majority of the billions of online messages that are sent daily, including on WhatsApp, iMessage, and Signal, are already protected with end-to-end encryption.
“Cybersecurity experts have repeatedly proven that when you weaken any part of an encrypted system, you weaken it for everyone, everywhere. The ‘backdoor’ access you are demanding for law enforcement would be a gift to criminals, hackers and repressive regimes, creating a way for them to enter our systems and leaving every person on our platforms more vulnerable to real-life harm. It is simply impossible to create such a backdoor for one purpose and not expect others to try and open it. People’s private
“And we are not alone. In response to your open letter asking that Facebook break encryption, over 100 organizations, including the Center for Democracy and Technology and Privacy International, shared their strong views on why creating backdoors jeopardize people’s safety. Cryptography Professor Bruce Schneier said earlier this year: ‘You have to make a choice. Either everyone gets to spy, or no one gets to spy. You can’t have ‘We get to spy, you don’t.’ That’s not the way the tech works.’ And Amnesty International commented: ‘There is no middle ground: if law enforcement is allowed to circumvent encryption, then anybody can.’”
The two executives argued that law enforcement already has viable ways of getting the information they need in cases that demand it.
“That doesn’t mean that we cannot help law enforcement. We can and we do, as long as it is consistent with the law and does not undermine the safety of our users…. We deeply respect and support the work these officials do to keep us safe and we want to assure you that we will continue to respond to valid legal requests for the information we have available. We will also continue to prioritize emergencies, such as terrorism and child safety, and proactively refer to law enforcement matters involving credible threats.”
Our initial report on the Attorney General’s open letter highlighted the dangers of weakening encryption or creating backdoors. As Amnesty International said, “there is no middle ground.” Encryption is about basic math. It’s no more possible to have strong encryption with backdoors than it is to break the laws of physics. Hopefully, Facebook’s questionable history with privacy and security will not cloud the very valid argument they are making about the importance of encryption.
It seems Google’s decision to have a third party conduct an audit didn’t work out in its favor. Stroz Friedberg, the consulting and technical services firm Google hired, produced a 23-page document (available