Facebook has rebuffed a request from Attorney General William Barr that it halt its plan to deploy strong encryption across its messaging apps, calling the US government's pursuit of a "backdoor" into secure communications a "gift to criminals, hackers and repressive regimes." The tech giant delivered the message in a letter dated Dec. 9, and released Tuesday, roughly two months after Barr and his foreign counterparts said that Facebook's efforts would hamstring law enforcement around the world, particularly as they seek to investigate child sexual abuse.
"People's private messages would be less secure and the real winners would be anyone seeking to take advantage of that weakened security," Facebook wrote. "That is not something we are prepared to do."
Facebook's public defense marks the latest salvo in a long-running war between Silicon Valley and Washington over end-to-end encryption, which allows only the user and the sender to read or hear a conversation's content. The industry has united in opposition to demands from law enforcement for ways around encryption, stressing that so-called backdoors would introduce significant vulnerabilities into people's devices and services and threaten their privacy. Law enforcement officials around the world have contended for years that encryption allows criminals and terrorist to go "dark" and avoid detection.
Those tensions flared Tuesday, as Apple and Facebook testified at a congressional hearing on encryption where some Democrats and Republicans agreed that the tech industry needed a way to preserve the privacy of communications while allowing investigators the ability to get the data they seek.
"I think all of us want devices that protect our privacy," said Republican Sen. Lindsey Graham of South Carolina, the chairman of the Senate Judiciary Committee, as he opened the hearing. "Having said that, no American should want a device that becomes a safe haven for criminality."
Graham later threatened regulation if tech giants and law enforcement officials don't develop a solution on their own: "My advice for you is to get on with it, because this time next year, if we haven't found a way . . . we will impose our will on you."
Erik Neuenschwander, the director of user privacy at Apple, strongly defended encryption in response - and stressed the solution the government sought might be impossible: "We do not know of a way to deploy encryption that provides access only for the good guys without making it easier for the bad guys to break in," he told lawmakers
Four years ago, Apple battled federal law enforcement in court over authorities' demands that it unlock a password-protected iPhone tied to a deadly terrorist shooting in San Bernardino, California. Apple argued that doing so would threaten the security of all users' devices, and federal officials ultimately dropped their case after breaking into the iPhone by other means.
Now, the catalyst for controversy is Facebook, which plans to expand the deployment of encryption as part of a "privacy focused" retooling of its business, Facebook CEO Mark Zuckerberg has said.
Facebook's efforts, announced in March, target messaging on its main social service as well as the photo app Instagram and the chat app WhatsApp. The goal is to integrate all of those services, so that users can talk to each other across apps, while delivering "end-to-end" encryption for all those conversations.
In October, though, the US, Britain and Australia called on Facebook to halt its plans. They asked Facebook to "enable law enforcement to obtain lawful access to content in a readable and usable format." Absent that, US and foreign authorities said they would lose access to critical evidence, including millions of reports about child sexual exploitation.
"Our understanding is that much of this activity, which is critical to protecting children and fighting terrorism, will no longer be possible if Facebook implements its proposals as planned," they wrote.
On Monday, Facebook stressed it already does assist law enforcement - but said what the government sought is "simply impossible" to create without threatening users with harm.
"We believe that people have a right to expect this level of security, wherever they live," the company wrote.
© The Washington Post 2019