As FBI war on crypto intensifies, Facebook, Google, WhatsApp to intensify use of encryption

FBI Director James Comey arrives for a House Judiciary hearing on “The Encryption Tightrope: Balancing Americans’ Security and Privacy” on Capitol Hill in Washington March 1, 2016. REUTERS

In response to the FBI's attack on Apple's use of encryption-based security methods, some of the biggest names in technology are reported to be planning an expanded use of encryption for user data that passes through, or is stored on, their products and services.

As The New York Times reports, the DOJ is locked in a "prolonged standoff" with popular messaging service WhatsApp over access to user data.

Facebook, Google and Snapchat are among the largest tech brands working to increase privacy and security measures for users, while Apple defends against an intensifying legal assault by the U.S. government.

[NYT]

[GIF: @standardregular for NYT]

The Guardian reports:

The projects could antagonize authorities just as much as Apple’s more secure iPhones, which are currently at the center of the San Bernardino shooting investigation. They also indicate the industry may be willing to back up their public support for Apple with concrete action.

Within weeks, Facebook’s messaging service WhatsApp plans to expand its secure messaging service so that voice calls are also encrypted, in addition to its existing privacy features. The service has some one billion monthly users. Facebook is also considering beefing up security of its own Messenger tool.

Snapchat, the popular ephemeral messaging service, is also working on a secure messaging system and Google is exploring extra uses for the technology behind a long-in-the-works encrypted email project.

Engineers at major technology firms, including Twitter, have explored encrypted messaging products before only to see them never be released because the products can be hard to use – or the companies prioritized more consumer-friendly projects. But they now hope the increased emphasis on encryption means that technology executives view strong privacy tools as a business advantage – not just a marketing pitch.

The Guardian's trend piece here does acknowledge that all of these projects began before the FBI and Justice Department entered a court battle with Apple, over demands that Apple assist the government in backdooring one of the suspected San Bernardino terrorists' iPhones.

Apple is scheduled to appear in a federal court in California later this month to fight the government's order.

Facebook, Google and WhatsApp plan to increase encryption of user data [Guardian]

Exterior of U.S. Department of Justice building in DC. Photo: Reuters.

Exterior of U.S. Department of Justice building in DC. Photo: Reuters.

Over at WIRED, Andy Greenberg spoke with Nate Cardozo, attorney with the Electronic Frontier Foundation (EFF). “This is definitely the first in what we can be confident will be a multi-pronged attack on apps,” says Nate. “The most important thing for developers to take away is that they need to develop their apps to make this kind of thing very difficult.”

Cardozo warns that the WhatsApp order, coming on the heels of the Apple case, signals that the Justice Department is taking a more aggressive stance toward software companies that use end-to-end encryption to put the the power to decipher communications exclusively in device-owners hands. He says he’s worked with “a handful” of those companies over the last 18 months who have all have been contacted by the FBI and warned that pedophiles, criminals or terrorists had used their privacy-preserving app, and asked that the app be re-engineered to give law enforcement access to “plaintext”—decrypted communications. “They say, ‘If you don’t cooperate with us and modify your system to give us plaintext going forward…you’ll have to face the public consequences that the FBI can come out and say you hindered an investigation,'” Cardozo describes the FBI’s position. “That’s a strong threat.”

Sure is.

Notable Replies

  1. I see this as a really strong money making opportunity for a family run business that has, at times, had an adversarial relationship with the FBI to invest some of the family money into a strongly encrypted messaging platform.

  2. those companies... have been contacted by the FBI and warned that pedophiles, criminals or terrorists had used their privacy-preserving app..."

    So were these convicted terrorists? Or just accused terrorists being publicly slandered before trial? Or could they be... you know... imaginary terrorists?

  3. If FBI accuses a vendor of hindering investigation and/or supporting terrorists, I'll take it as an endorsement of the product.

    Are there actually any people who'd prefer to be surveilled by the cops and get law enforced on their idle chitchat?

  4. Even if you are of the childlike-trust-in-the-goodness-of-the-feds school; every party who can't access your data is a party who can't spill it all over the place when they screw up.

    Given that data breaches are somewhere between 'daily news' and 'too common to amount to news anymore' why would you want any potential weak links in the chain if you don't absolutely have to include them? You hardly need to posit malice on the part of the vendor to prefer that they be architecturally incapable of screwing up and losing the data. Heck, on those occasions when I am 'the vendor' I prefer to avoid possessing or retaining anything not specifically required to get the job done, so that I can't screw it up.

  5. Imaginary terrorists are the most dangerous kind!

    They can strike Imagination Land :frowning:

Continue the discussion bbs.boingboing.net

2 more replies

Participants