08/27/18 The Cybersecurity 202: FBI’s encryption fight with Facebook could have broad impact on smartphone users’ privacy

Originally posted by Derek Hawkins | The Washington Post on August 27th, 2018

The court battle reportedly brewing between the FBI and Facebook could have a bigger impact on the average smartphone user's privacy than the bureau's legal showdown with Apple posed in 2016. 

Per Reuters, the FBI is asking a federal judge in California to force Facebook to break the encryption on its Messenger app so investigators can listen in on an alleged MS-13 gang member's voice conversations. The case, which remains under seal, raises some of the same privacy concerns as the FBI’s unsuccessful effort to force Apple to engineer a way into the encrypted iPhone of one of the San Bernardino mass shooters.

But the FBI’s request in the Facebook case could have a broader impact, since the bureau reportedly wants to intercept communications in real time. Rather than seeking access to a smartphone they’ve already seized, investigators reportedly want Facebook to help them wiretap a suspect just like a phone company would. 

“It essentially applies to any smartphone user,” said John D. Villasenor, a professor of technology and public policy at the University of California at Los Angeles. “Most of us would be able to say our phones haven’t been in the custody of law enforcement, but we all use messaging platforms of one kind or another.”

“The Apple case, as important as it was, involved a physical device that the government already had possession of,” he told me, “whereas the Facebook matter involves communications between users and the question of what obligations companies like Facebook have with respect to communication services they offer.” The Apple case caused an uproar in the privacy community, and was seen as a proxy for the debate over whether companies should be forced to create built-in ways for law enforcement to bypass encryption in their products. (Ultimately, the FBI found an outside contractor to crack into the San Bernardino shooter's iPhone, putting the fight to rest.)

Although it's not entirely clear what each side is arguing in the Facebook case — again, the records are under seal and the only reporting on the matter has come from Reuters — experts agree that prosecutors are likely basing their case on a law called the Wiretap Act. Passed in 1968, it requires telephone companies to provide technical assistance to law enforcement in tapping a phone if they present a court order.

Whether that applies to Messenger is the key question — and the law might favor the feds, writes Russell Brandom of the Verge.

“Facebook’s biggest problem is the Wiretap Act,” Brandom writes. “The system was designed for companies like AT&T, and it’s relatively uncontroversial for the past 30 years, sometimes put forward as a model of how courts can hold otherwise-invasive surveillance techniques in check. There are ways to contest a given order, arguing it’s too disruptive to the service or otherwise burdensome — or simply that messaging services aren’t subject to the Wiretap Act — but the government’s argument is far more straightforward than what Apple faced.”

A ruling in the government’s favor probably wouldn’t stop with Facebook Messenger, Villasenor said. The government might seek to compel other messaging services such as WhatsApp to help the government listen in on voice conversations.

It could also reverberate outside the United States, he added. “Regardless of what one thinks of the U.S. government's assertions regarding a right to access the conversations in this particular case, if Facebook is forced to comply and shows that it is technically able to do so, other governments — including authoritarian governments — will take notice. That will put Facebook in a very challenging position when faced with requests in the future from governments in countries where there are far fewer privacy protections than we have in the U.S.”

Facebook is pushing back, saying a technical solution might be too onerous, according to Reuters. The company is arguing in court that Messenger voice calls “are encrypted end-to-end, meaning that only the two parties have access to the conversation,” Reuters reports. “Facebook says it can only comply with the government’s request if it rewrites the code relied upon by all its users to remove encryption or else hacks the government’s current target, according to the sources.”

Comments are closed.