BEL: +32 (0)488 90 57 80 | IRL: +353 (0)87 7794892
Wexford & Antwerpen
info@haycom.eu

Why weak encryption is everybody?s problem

September 20, 2019 In Design News,Digital Freedom

Representatives of the UK Home Department, US Attorney General, US
Homeland Security and Australian Home Affairs have joined forces to
issue an open letter to Mark Zuckerberg. In their letter of 4 October,
they urge Facebook to halt plans for end-to-end (aka strong) encryption
across Facebook?s messaging platforms, unless such plans include ?a
means for lawful access to the content of communications?. In other
words, the signatories are requesting what security experts call a
?backdoor? for law enforcement to circumvent legitimate encryption
methods in order to access private communications.

The myth of weak encryption as safe

Whilst the US, UK and Australia are adamant that their position enhances
the safety of citizens, there are many reasons to be skeptical of this.
The open letter uses emotive language to emphasise the risk of ?child
sexual exploitation, terrorism and extortion? that the signatories claim
is associated with strong encryption, but fails to give a balanced
assessment which includes the risks to privacy, democracy and most
business transactions of weak encryption. By positioning weak encryption
as a ?safety? measure, the US, UK and Australia imply (or even
explicitly state) that supporters of strong encryption are supporting crime.

Government-led attacks on everybody?s digital safety aren?t new. Since
the 1990s, the US has tried to prevent the export of strong encryption
and?when that failed?worked on forcing software companies to build
backdoors for the government. Those attempts were called the first
?Cryptowars?.

In reality, however, arguing that encryption mostly helps criminals is
like saying that vehicles should be banned and all knives blunt because
both have been used by criminals and terrorists. Such reasoning ignores
that in the huge majority of cases strong encryption greatly enhances
people?s safety. From enabling secure online banking, to keeping
citizens? messages private, internet users and companies rely on strong
encryption every single day. It is the foundation of trusted, secure
digital infrastructure. Weak encryption, on the other hand, is like
locking the front door of your home, only to leave the back one open.
Police may be able to enter more easily ? but so too can criminals.

Strong encryption is vital for protecting civil rights

The position outlined by the US, UK and Australia is fundamentally
misleading. Undermining encryption harms innocent citizens. Encryption
already protects some of the most vulnerable people worldwide ?
journalists, environmental activists, human rights defenders, and many
more. State interception of private communications is frequently not
benign: government hacking can and does lead to egregious violations of
fundamental rights.

For many digital rights groups, this debate is the ultimate groundhog
day, and valuable effort is expended year after year on challenging the
false dichotomy of ?privacy versus security?. Even the European
Commission has struggled to sort fact from fear-mongering.

However, it is worth remembering that Facebook?s announcement to encrypt
some user content is so far just that: an announcement. The
advertisement company?s approach to privacy is a supreme example of
surveillance capitalism: protecting some users when it is favourable for
their PR, and exploiting user data when there is a financial incentive
to do so. To best protect citizens? rights, we need a concerted effort
between policy-makers and civil society to enact laws and build better
technology so that neither our governments nor social media platforms
can exploit us and our personal data.

The bottom line

Facebook must refuse to build anything that could constitute a backdoor
into their messaging platforms. Otherwise, Facebook is handing the US,
UK and Australian governments a surveillance-shaped skeleton key that
puts Facebook users at risk worldwide. And once that door is unlocked,
there will be no way to control who will enter.

EDRi Position paper on encryption: High-grade encryption is essential
for our economy and our democratic freedoms (25.01.2015)
https://www.edri.org/files/20160125-edri-crypto-position-paper.pdf

Encryption ? debunking the myths (03.05.2017)
https://www.edri.org/files/20160125-edri-crypto-position-paper.pdf

Encryption Workarounds: a digital rights perspective (12.09.2017)
https://edri.org/files/encryption/workarounds_edriposition_20170912.pdf

(Contribution by Ella Jakubowska, EDRi intern)