Encryption’s Unlikely – and Flawed – Champion
The FBI’s latest assault on privacy-enabling technology sets Facebook squarely in its’ sights
Recently, The Cybersecurity 202, the Washington Post’s cybersecurity policy newsletter, describes a new front in the FBI’s continuing assault on encryption.
What’s alarming about this case, is that if the government prevails, and messaging services are deemed to be subject to the Wiretap Act, it won’t just seek to apply it to Facebook Messenger. It is easy to imagine the domino effect as the ruling is applied to all providers of applications for encrypted communications – essentially eliminating truly secure communications by leaving the back door open for all communications to be monitored, whether for lawful use or more illicit purposes.
It also isn’t any stretch of the imagination to consider that authoritarian regimes with little or no privacy safeguards will, upon seeing that Facebook can technically fulfill the government’s request, will begin pressuring Facebook, and others, to do it for them too.
While the case remains under seal, it raises some of the same privacy concerns as the FBI’s effort to force Apple to break their own encryption to gain access to the iPhone of one of the San Bernardino shooters.
The episode with Apple didn’t end conclusively, since the FBI gained access to the iPhone through the efforts of a third-party and the case was dropped without any ruling. This appears to have emboldened the FBI which, this time, has filed a request that has much broader implications: instead of trying to gain access to a phone they already possess, federal agents are attempting an innovative approach that would force Facebook to help them wiretap a suspect similarly to how a phone company would. To illustrate the scope of this request, the 202 quotes John D. Villasenor, a professor of technology and public policy at UCLA, as saying:
“It essentially applies to any smartphone user. Most of us would be able to say our phones haven’t been in the custody of law enforcement, but we all use messaging platforms of one kind or another. The Apple case, as important as it was, involved a physical device that the government already had possession of, whereas the Facebook matter involves communications between users and the question of what obligations companies like Facebook have with respect to communication services they offer.”
Can Facebook Champion Privacy?
Whereas Apple could position itself as a champion of privacy rights and call on support from privacy stakeholders across the country, Facebook, because of their business model, is a flawed advocate. It’s not hard to imagine the government pointing out that Facebook eavesdrops on its users on behalf of advertisers and what’s good for the goose should be available to the government’s gander.
Encryption, which KoolSpan and others consider to be a fundamental enabler of privacy, is under sustained assault waged by a federal government that seems blindly intent on breaking it and naively convinced that their forced entry-point will be accessible only to them. As officials craft innovative new arguments and legal justifications, the effort to preserve encryption as an enabler of privacy will partly depend on solutions offered by providers who can demonstrate that they go beyond merely talking a good game on privacy, and – like Apple, KoolSpan and others – actually walk the walk.