As Germany Floats The Idea Of Encryption Backdoors, Facebook May Already Be Planning To Undermine Its Own Encryption

from the really?-backdoors-for-content-moderation? dept

The German government's desire to mandate backdoors in encrypted communications had barely been expressed when it was discovered Facebook might be willing to let them do exactly such a thing.

The German proposal is nowhere near ready to become law but the gist of it is this: it's too difficult to break into encrypted devices so maybe tech companies could just start storing encrypted communications in plain text... just in case these agencies ever need to access them. Sure, encryption makes things more secure but it's just creating some sort of criminal/terrorist Wild West and we can't have that -- even when that doesn't actually appear to be happening.

Facebook may already be making backdoored communications a reality. This isn't happening because it wants to be the inflection point for undermining encryption but because it really, really wants to keep accessing users' communications for its own purposes. Kalev Leetaru of Forbes points out Facebook put its encryption-undermining plans on display earlier this year, while discussing its plans to address another request being made by multiple governments: content moderation.

Touting the importance of edge content moderation, Facebook specifically cited the need to be able to scan the unencrypted contents of users’ messages in an end-to-end encrypted environment to prevent them from being able to share content that deviated from Facebook’s acceptable speech guidelines.

[...]

Even more worryingly, Facebook’s presentation alluded to the company’s need to covertly harvest unencrypted illicit messages from users’ devices without their knowledge and before the content has been encrypted or after it has been decrypted, using the client application itself to access the encrypted-in-transit content.

If so, Facebook's proposed moderation efforts are encryption backdoors. If Facebook can access the content of encrypted communications, so can governments. And so can anyone else who can access the "encryption removed here :)" point where Facebook grabs communications to monitor content and train its moderation AI.

At this point, this effort is still in the research phase. It has not been implemented yet, but once more governments realize the implications of this content moderation effort, pressure will be applied. And this pressure will be applied to all companies offering encrypted communications under the not-unreasonable theory that if Facebook can do it, anyone can do it. Those refusing to comply with backdoor demands will have Facebook's efforts used against them during legislative sessions and criminal prosecutions.

The argument against backdoors isn't that they aren't technically possible. They are and always have been. The argument is that they make the encryption useless by converting the protection to an attack vector. Facebook's move may solve some of its own problems, but it will be sacrificing its users' security to appease ridiculous moderation demands being made by a handful of governments. And while these governments wring their hands about terrorist content, other governments unconcerned about terrorists or their content will be leaning on the company to grant them access to the communications of critics, dissidents, and activists.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: backdoors, content moderation, encryption, end to end encryption, monitoring
Companies: facebook, instagram, whatsapp


Reader Comments

Subscribe: RSS

View by: Thread


  1. icon
    dhess (profile), 9 Jun 2019 @ 3:36pm

    Re: https *IS* end-to-end encryption

    This kind of attack has a danger for the attacker and especially the certificate authority. Forging the certificate provides proof that the attacker did this and that the certificate authority is compromised unless they somehow get the private key associated with the public key that the certificate authority certified.

    This is why governments do not routinely use this method of attack. It irrefutably destroys the certificate authority's credibility as a couple have discovered much to their woe.

    Facebook of course could hand over their private key as well allowing the government to impersonate them undetected which is just another reason not to trust them.


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat

Warning: include(/home/beta6/deploy/itasca_20201215-3691-c395/includes/right_column/rc_promo_discord_chat.inc): failed to open stream: No such file or directory in /home/beta6/deploy/itasca_20201215-3691-c395/includes/right_column/rc_module_promo.inc on line 8

Warning: include(): Failed opening '/home/beta6/deploy/itasca_20201215-3691-c395/includes/right_column/rc_promo_discord_chat.inc' for inclusion (include_path='.:/usr/share/pear:/home/beta6/deploy/itasca_20201215-3691-c395:/home/beta6/deploy/itasca_20201215-3691-c395/..') in /home/beta6/deploy/itasca_20201215-3691-c395/includes/right_column/rc_module_promo.inc on line 8
Recent Stories
.

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.