DOJ Asking Court To Force Facebook To Break Encryption On Messenger Voice Calls
from the with-an-eye-on-undermining-all-encrypted-messaging-services dept
The DOJ’s war on encryption continues, this time in a secret court battle involving Facebook. The case is under seal so no documents are available, but Reuters has obtained details suggesting the government is trying to compel the production of encryption-breaking software.
The U.S. government is trying to force Facebook Inc to break the encryption in its popular Messenger app so law enforcement may listen to a suspect’s voice conversations in a criminal probe, three people briefed on the case said, resurrecting the issue of whether companies can be compelled to alter their products to enable surveillance.
The request seeks Facebook’s assistance in tapping calls placed through its Messenger service. Facebook has refused, stating it simply cannot do this without stripping the protection it offers to all of its Messenger users. The government disagrees and has asked the court for contempt charges.
Underneath it all, this is a wiretap order — one obtained in an MS-13 investigation. This might mean the government hasn’t used an All Writs Acts request, but is rather seeking to have the court declare Messenger calls to be similar to VoIP calls. If so, it can try to compel the production of software under older laws and rulings governing assistance of law enforcement by telcos.
A federal appeals court in Washington D.C. ruled in 2006 that the law forcing telephone companies to enable police eavesdropping also applies to some large providers of Voice over Internet Protocol, including cable and other broadband carriers servicing homes. VoIP enables voice calls online rather than by traditional circuit transmission.
However, in cases of chat, gaming, or other internet services that are not tightly integrated with existing phone infrastructure, such as Google Hangouts, Signal and Facebook Messenger, federal regulators have not attempted to extend the eavesdropping law to cover them, said Al Gidari, a director of privacy at Stanford University Law School’s Center for Internet and Society.
Calls via Messenger are still in a gray area. Facebook claims calls are end-to-end encrypted so it cannot — without completely altering the underlying software — assist with an interception. Regular messages via Facebook’s services can still be decrypted by the company but voice calls appear to be out of its reach.
Obviously, the government would very much like a favorable ruling from a federal judge. An order to alter this service to allow interception or collection could then be used against a number of other services offering end-to-end encryption.
It’s unknown what legal options Facebook has pursued, but it does have a First Amendment argument to deploy, if nothing else. If code is speech — an idea that does have legal precedent — the burden falls on the government to explain why it so badly needs to violate a Constitutional right with its interception request.
This is a case worth watching. However, unlike the DOJ’s very public battle with Apple in the San Bernardino case, there’s nothing to see. I’m sure Facebook has filed motions to have court documents unsealed — if only to draw more attention to this case — but the Reuters article says there are currently no visible documents on the docket. (The docket may be sealed as well.) There is clearly public interest in this case, so the presumption of openness should apply. So far, that hasn’t worked out too well for the public. And if the DOJ gets what it wants, that’s not going to work out too well for the public either.
Filed Under: doj, encryption, facebook messenger, voip, wiretapping
Companies: facebook
Comments on “DOJ Asking Court To Force Facebook To Break Encryption On Messenger Voice Calls”
Proof of effort
Can the government penalize an entity like Facebook for refusing to actively modify or create something like their software?
Even if they get an order, how can they prove that Facebook put in their best effort? What if they claim it would take 12 months and cost $80,000,000? If the government can prove their efforts are fake , aren’t they capable of making the modification themselves?
It’s one thing to order a bank to open a vault, it’s another to ask the bank to invent a new form of key.
Re: Proof of effort
If the government can prove their efforts are fake , aren’t they capable of making the modification themselves?
Yes, the government is perfectly capable of making the modification themselves. Breaking encryption from the source is extremely easy. It’s so easy, in fact, that it usually happens even when nobody is intending to do so, which is why you keep getting security updates on all your software, firmware, and occasionally even your hardware.
Further, the government isn’t (necessarily) asking facebook to invent anything. They’re not actually asking for a "secure backdoor" (though the invention of such would satisfy their demand). They’re simply saying "remove the encryption now." If the only way facebook has to comply is making this an unencrypted app, then that is what the government is telling them to do. It’s an extremely simple request, when it comes down to it. Stupid and dangerous, but simple.
So Facebook disables encryption on all messenger calls and informs members of same. Case closed.
Re: Re:
Why
Re: Re:
Even if the DOJ is ultimately successful and the courts order FB to do this, what on earth makes you think the government would allow FB to announce the results? To the government’s way of thinking, if the “bad guys” know their secure communications are no longer secure, the investigation is compromised. That’s probably the point of sealed proceedings in the first place.
Re: Re: Re:
No – I was saying that would be funny for FB to do because all sorts of silliness would ensue.
Re: Re: Re:
Given the government’s willingness to just oust itself in broad daylight over the whole encryption issue, I don’t think any “bad guys” are being deluded. If there are any left to delude that is. The government has been wanting unfettered access for decades, and everyone serious about security knows it.
Re: Re:
But that’s not necessarily what the government is asking facebook to do.
“Facebook has refused, stating it simply cannot do this without stripping the protection it offers to all of its Messenger users. The government disagrees and has asked the court for contempt charges.”
My reading of this means that the gov is trying to force FB to create some way to give them access to communication for some people, while keeping encryption for others.
Re: Re: Re:
The problem is, everybody using the service needs to be using the same encryption system. So to be able to give the government access to some messages, means that the ability is there for all messages. Either everybody using the system has secure encryption, or everybody has weakened encryption.
How are you
Unflagged, unlike you.
we all know that there are 2 sets of rules. 1 is for us, the people, whereby when something is wanted, asked for, whether in or out of court, but denied, we are not allowed to ask for that again! however, when it comes to the government (and any corporation, industry, company or wealthy/powerful individual even, anything they are denied and the number of times they are denied is irrelevant! they can come back again and again and again and simply keep asking until the judge they want gets the request and then grants it, regardless of the thousand and 1 other times the same request has been denied!!
Re: Re:
“The only thing necessary for the triumph of evil is for good men to do nothing.”
If the number of attempts you need to make to thwart evil has increased, maybe you should start attacking it’s root rather than attack it’s leaves.
Is there a relationship between the seal and the demand?
It’s the first question that came to my mind:
Is the case sealed specifically to obfuscate public information regarding this attempt by the state to dynamite open a big gap in public privacy for its own purposes?
There are a lot of courts in the US that are overly friendly to the Department of Justice and unfriendly to the public. We’re the enemy now.
I get the lawful order angle, warrants, wishes, blah blah to enable listening however for prior “exceptions” they are not a choice most of us could route-around and the nature of those orders basically applied to “clear” mediums and purpose-built “central” infrastructures.
The right to communicate in private is really, essentially, a natural human right (yes, it is).
What they’re asking to subvert is not cool or lawful (imho) and the mere existence of encrypted communications means people are actively attempting to communicate in private and assert this (natural) right.
Encryption means “you” get to choose what’s private and what’s not – lawmen be damned along with the next guy.
In short you don’t get to make a new reality and math is already real.
If facebook is forced to fold then who suffers? MS-13 or every other non-criminal motherfucker on the planet?
You decide.
Hypocrisy
Police/first responders across the nation are encrypting their radio communications so the public can no longer listen to them.
They often claim this is for privacy of citizens they are helping and/or to prevent criminals from listening to police communications.
Then they complain when citizens use encryption for privacy and to prevent their information from falling into criminals hands.
They are actively implementing the same thing they advocate taking away from you.
Re: Hypocrisy
Oh not hypocritical at all. It’s very simple really:
Those with badges(or money, or the right connections…) are The Good Guys, and as such deserve all the protection and privacy they can possibly get, because of course they’d never abuse it and really, privacy is an important thing all on it’s own.
Those without badges(or money, or the right connections) are The Bad Guys, and most certainly do not deserve privacy, because really, you just know they’ll do something bad with it, and only want it to hide their nefarious actions in the first place, such that if The Good Guys can’t see what they’re doing at all times it can only lead to Bad Stuff, making it clear that privacy is the enemy of safety.
Re: Re: Hypocrisy
Well, The Good Guys went out of business, which could be considered Bad Stuff, especially when it lead to Best Buy’s growth, which then lead to Best Buy’s tech people searching computers brought in for service in the name of the FBI. Definitely Bad Stuff.
Sorry.
Re: Re: Hypocrisy
I am so sick of living in this country. I know this is happening everywhere but only the US and other despots made everything illegal or deemed every activity a threat. You have rights on paper but there’s always an exception allowing the pretext to detain and investigate further. I’m working on getting out. I have very little optimism about the future. I want to live in a free(er) country and one that is more of a democracy than this one is.
Re: Re: Re: Hypocrisy
Be thankful you are not in california. I cant believe we became a sanctuary state – wtf!?
I wonder..
If the laws created are Equal to AFTER THE FACT instances..
On the Old phone services and CELLPHONES, you cant get anything AFTER the fact…you have to be recording DURING the instance..
And if anything…Unless someone KEPT the data file, THERE ISNT ANY..
I dont think the Cellphone companies DO the recording, it has to be done ONSITE..
Old phone systems couldnt be done remote..They had to be in the local relay..
ANd you had to have ONLY certain individuals to do the work.
If it's not open source, it's not secure.
No one using Facebook Messenger should have any expectation of privacy. They knew what they were getting into.
Re: They knew what they were getting into.
That reminds me of the photographer who used Megaupload as a cyberlocker to store all his pictures off-site. Then ICE shut down the servers and he suddenly had no access to his business.
ICE’ response was (I paraphrase) that’s what he gets for doing business with a criminal.
It smacks of the same kind of presumption.
I suspect most Facebook users expect their privacy to be respected, otherwise they might not use Facebook for private matters. The same with most social network and communication services.
Any time someone talks about private patters across a path of communication, expecting their disclosures to stay private, there is, (by tautology) an expectation of privacy.
So no, they did not know what they were getting into.
Re: If it's not open source, it's not secure.
Except that to nearly everyone, open source and closed source are practically identical. Digital security is a complex field, and nobody without extensive training in said field is going to have any idea whether your open source software is actually secure. You can show me as much code as you want, but it won’t achieve anything. I’m just going to listen when you say “this is secure,” and decide if I trust you. Closed source is “I trust this specific development group enough” and open source is “I trust this amorphous development group enough.”
Especially in cases like this, where for facebook to comply it would just update a previously secure system to make it insecure, neither of those promises mean anything. Either group could do that in an update without any real warning.
Re: Re: If it's not open source, it's not secure.
The difference between open source and closed source is that with open source an expert can look at the code whether the authors want them to or not, and with closed source they cannot.
Another interesting difference is, because of the development model, open source software has cleaner modularization, and better adherence to module interfaces, which aids the security of the software.
I have complete faith that Facebook will do the right thing, as they’ve always done in the past.