Facebook will share encrypted messages with UK police

A new US-UK treaty due to be signed next month will compel Facebook to share encrypted messages with UK police…

Bloomberg reports.

Social media platforms based in the U.S. including Facebook and WhatsApp will be forced to share users’ encrypted messages with British police under a new treaty between the two countries, according to a person familiar with the matter.

The accord, which is set to be signed by next month, will compel social media firms to share information to support investigations into individuals suspected of serious criminal offenses including terrorism and pedophilia, the person said.

Although the piece mentions Facebook-owned WhatsApp too, those messages are end-to-end encrypted. That means Facebook doesn’t have access to the content and so can’t in fact share it with anyone.

However, Facebook Messenger conversations don’t use end-to-end encryption by default. They are encrypted, but Facebook holds the key so can decrypt them. Only Secret Messages are end-to-end encrypted, which is only available in the app and only if someone selects it – when many don’t even know it exists.

Facebook says that it acts on legal requests, and that this means there is no justification for government pressure on tech companies to compromise strong encryption.

“We oppose government attempts to build backdoors because they would undermine the privacy and security of our users everywhere,” Facebook said in a statement. “Government policies like the Cloud Act allow for companies to provide available information when we receive valid legal requests and do not require companies to build back doors.”

There has been consistent government pressure among the Five Eyes nations (Australia, Canada, New Zealand, the UK, and US) for tech companies to either disable end-to-end encryption or create workarounds like the so-called ‘ghost user‘ proposal from the UK.

It’s relatively easy for a service provider to silently add a law enforcement participant to a group chat or call. The service provider usually controls the identity system and so really decides who’s who and which devices are involved — they’re usually involved in introducing the parties to a chat or call…. In a solution like this, we’re normally talking about suppressing a notification on a target’s device… and possibly those they communicate with.”

In short, Apple — or any other company that allows people to privately chat — would be forced to allow the government to join those chats as a silent, invisible eavesdropper.

All the tech giants, including Apple, have rejected calls to share encrypted messages.

This proposal to add a “ghost” user would violate important human rights principles, as well as several of the principles outlined in the GCHQ piece. Although the GCHQ officials claim that “you don’t even have to touch the encryption” to implement their plan, the “ghost” proposal would pose serious threats to cybersecurity and thereby also threaten fundamental human rights, including privacy and free expression. In particular, as outlined below, the ghost proposal would create digital security risks by undermining authentication systems, by introducing potential unintentional vulnerabilities, and by creating new risks of abuse or misuse of systems. Importantly, it also would undermine the GCHQ principles on user trust and transparency set forth in the piece.

While governments argue the compromises they want are targeted at criminals and terrorists, the problem is that any privacy weakness which can be exploited by law enforcement can also be used by criminals or hackers. The best way to protect your privacy is to use platforms and apps offering end-to-end encryption, where nobody but the parties in the message can read the content. Examples include iMessage, FaceTime, WhatsApp, Telegram, and Signal.

Photo: Shutterstock

Check out 9to5Mac on YouTube for more Apple news:

You can follow iPhoneFirmware.com on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Apple and the Web.