AG Barr, Officials to Facebook: Don’t Encrypt Messaging

facebook data breach lawsuit

Officials say they are concerned about their ability to fight crime and protect citizens, while privacy advocates remain critical of government interference

U.S. Attorney General William Barr is among government officials asking Facebook CEO Mark Zuckerberg to halt or at least delay a plan to add end-to-end encryption to its messaging services in an effort to bolster consumer privacy.

The move, unveiled Thursday, once again sparked the privacy debate over how much access the government should have to people’s private interaction when using technology.

Several media outlets Thursday obtained a copy of an open letter that officials—including leaders from the United Kingdom and Australia—plan to send to Zuckerberg. The letter urges Facebook to reconsider its encryption plan—unveiled in March–unless it can ensure “that there is no reduction to user safety and without including a means for lawful access to the content of communications to protect our citizens,” according to the full draft of the letter posted on BuzzFeed.

The letter was signed by Barr; Kevin McAleenan, Acting U.S. Secretary of Homeland Security; Priti Patel, the U.K.’s Secretary of State for the Home Department; and Peter Dutton, Australian Minister for Home Affairs.

In particular, officials said they worry that encrypting messaging will hamper investigations into criminal activity such as child pornography and terrorism, whose organizers rely on internet-based communications.

“We must find a way to balance the need to secure data with public safety and the need for law enforcement to access the information they need to safeguard the public, investigate crimes and prevent future criminal activity,” according to the letter. “Not doing so hinders our law enforcement agencies’ ability to stop criminals and abusers in their tracks.”

The letter is in response to Zuckerberg’s “A Privacy-Focused Vision for Social Networking” which expressed clearly Facebook’s intention to ensure people can chat privately on the company’s messaging services, including Instagram and WhatsApp—the latter of which has 1.5 billion users worldwide.

In the manifesto published online, Zuckerberg acknowledged Facebook’s own issues with privacy concerning the company’s handling of user data—which was well-evidenced in the now-infamous Cambridge Analytica debacle.

However, the company sees “an opportunity to build a platform that focuses on all of the ways people want to interact privately,” and is committed to technological ways to do that, including end-to-end encryption, he said in the March post.

The letter from Barr and other officials, expected to be published Friday, drew immediate fire from privacy advocates, who aim to continue to block rampant government access to people’s private online messaging.

Indeed, government officials and lawmakers have been fighting to gain access to encrypted messages for some time, a conflict that came to a head in 2016 when a federal judge ordered Apple to unlock an iPhone recovered in a 2015 mass shooting in San Bernardino, Calif. Eventually, the FBI managed to access the device’s data without Apple’s help.

Privacy advocates took to the internet and social media to express their opposition over what they see as government officials’ latest attempt to block privacy.

Access Now, an organization that defends people’s digital rights worldwide, tweeted that the officials’ request is “an affront to digital rights and user security online.”

Privacy International, a charity that aims to promote people’s privacy against government snooping, praised Facebook for trying to keep messaging data private, calling any government interference with encryption “a step backward for privacy.”

“In seeking to improve the strength of the encryption applied to our communications, Facebook is trying to be a good actor,” according to post by the group. “Building more secure systems is important for everyone and urgent.”

What are the top cyber security issues associated with privileged account access and credential governance? Experts from Thycotic will discuss during our upcoming free Threatpost webinar, “Hackers and Security Pros: Where They Agree & Disagree When It Comes to Your Privileged Access Security.” Click here to register.

Suggested articles