UK and US plead with Mark Zuckerberg to bin encryption plans
Home secretary pens open letter to the Facebook chief as the nations strike historic data-access agreement
The UK government has written to Facebook CEO Mark Zuckerberg to warn the social media giant against implementing end-to-end encryption in all its messaging services.
In an open letter, signed by the home secretary Priti Patel, has set out the UK's opposition to Facebook's plan to implement end-to-end encryption across its suite of messaging services. Its fellow signatories include US Attorney General William Barr, US secretary of homeland security Kevin McAleenan, and Australian minister for home affairs Peter Dutton.
The nations have collectively asked for Facebook and other social media companies to enable law enforcement agencies to obtain 'lawful access' to content in a readable and usable format. Their demands also list embedding the 'safety of the public' in system designs in order for companies to monitor illegal content more effectively and make prosecutions easier to carry out.
"Security enhancements to the virtual world should not make us more vulnerable in the physical world," the letter said.
"We must find a way to balance the need to secure data with public safety and the need for law enforcement to access the information they need to safeguard the public, investigate crimes, and prevent future criminal activity.
"Not doing so hinders our law enforcement agencies' ability to stop criminals and abusers in their tracks."
The signatories claimed that companies should not deliberately design their systems with technologies like end-to-end encryption in mind, as this precludes any form of access to content, even for investigating serious crime.
Patel and her counterparts also suggested the use of encryption for messaging services erodes a company's ability to detect and respond to illegal activity, from child sexual exploitation to terrorism.
Signatories acknowledged that Facebook carries out "significant work" to remove illegal content. For instance, the letter referenced the fact that in 2018 Facebook made 16.8 million reports to the US National Center for Missing & Exploited Children. This represented 90% of the total reports that year.
"Risks to public safety from Facebook's proposals are exacerbated in the context of a single platform that would combine inaccessible messaging services with open profiles, providing unique routes for prospective offenders to identify and groom our children," the letter continued.
"Facebook currently undertakes significant work to identify and tackle the most serious illegal content and activity.
"Our understanding is that much of this activity, which is critical to protecting children and fighting terrorism, will no longer be possible if Facebook implements its proposals as planned."
The letter's publication coincides with a historic data access agreement struck between the UK and US to allow law enforcement agencies to obtain data and information from service providers. Under the bilateral agreement, law enforcement agencies can directly ask tech companies either side of the Atlantic to access user data, rather than by having to go through governments.
Current arrangements see requests from law enforcement agencies submitted and approved by governments through the Mutual Legal Assistance (MLA) mechanism, which can take between six months and two years to process. The bilateral agreement would see this reduced to a matter of weeks, the UK government claims.
The UK has also "obtained assurances" that evidence obtained through this mechanism wouldn't be used in cases where the prosecution was seeking the death penalty, in line with its opposition, the government added.
The timing of the letter's publication is significant in light of the data-sharing agreement. WhatsApp has traditionally proved a thorn in the side of law enforcement, given the difficulty accessing the contents of messages sent between individuals through the service. The letter represents renewed efforts to overcome this barrier to law enforcement posed by encryption.
Executive Director of the Open Rights Group (ORG) Jim Killock has railed against suggestions that UK and US politicians are seeking alternatives to encryption, such as 'fingerprinting' files which can trace 'encrypted' content back to users.
"It is disturbing that Priti Patel alongside US politicians appear to wish to bully specific companies into stopping plans to allow users to encrypt their private communications," he said. "If politicians want companies to take action, they should be prepared to legislate.
"Encryption is used for many legitimate reasons, from banking through to keeping personal communications private from corporations."
He added it's "very worrying" that some politicians are suggesting that encryption systems should be used to examine files and communications before sending them, to examine these against already-banned communications.
"This could rapidly be deployed against whistleblowers, journalists and campaigners. Building global capabilities that can be used to suppress legitimate free expression is very unwise.
"We should be sceptical about concerns expressed about encryption, and ensure that our fears of the worst kinds of criminals are not used to limit our everyday rights to privacy and free speech."
Patel has joined a string of UK home secretaries, including her predecessors Sajid Javid and Amber Rudd, in campaigning against the use of the technology; particularly in light of Facebook's plans to wrap its disparate social messaging platforms into a unified service.
Javid was previously part of threats issued by the 'five eyes' nations to legislate if tech giants wouldn't voluntarily remove end-to-end encryption. These threats were made in September last year, but no legislation has since been forthcoming.
The bilateral agreement is similar in nature to the EU-US Privacy Shield which allows for cross-border data sharing for commercial purposes.
Four cyber security essentials that your board of directors wants to know
The insights to help you deliver what they needDownload now
Data: A resource much too valuable to leave unprotected
Protect your data to protect your companyDownload now
Improving cyber security for remote working
13 recommendations for security from any locationDownload now
Why CEOS should care about the move to SAP S/4HANA
And how they can accelerate business valueDownload now