Monday 1 June 2015

Facebook just made a move that will infuriate law enforcement

Facebook has announced it is letting users add encryption keys to their profiles and opt in to have notification emails sent in an encrypted format.

The news comes as some US surveillance powers expire and tensions rise between the US government and the tech community over the use of strong encryption.

Strong encryption refers to data coded in such a way that it cannot be understood by anyone who does not have the correct key to decrypt it.

It can help internet users keep their sensitive communications safe online — but some people believe it poses a potential security risk, as it cannot be decrypted by authorities even with a search warrant.

Following revelations of mass government surveillance by exiled whistleblower Edward Snowden over the last few years, big tech companies have increasingly incorporated strong encryption into their products.

This hardened stance is frustrating law enforcement, who fear they will lose access to vital evidence. When Apple announced it would implement strong encryption on its iOS mobile operating system, for example, one senior US police officer claimed the iPhone "will become the phone of choice for the pedophile." But Apple argues that it is imperative that it protects users' privacy, with CEO Tim Cook saying the company has "never worked with any government agency from any country to create a backdoor in any of our products or services... And we never will."

Facebook has previously operated an "onion site" that lets users access the social network via Tor, a network only accessible by a special web browser that obscures users' identities. Now, the site's security team announced today in a note, users will be able to add their "public keys" to their profiles to encourage others to contact them using encryption.

Public keys are how people communicate with most popular encryption products. Every user has a public and a private key — the public is shared freely, while the private is kept secret. Anyone can encrypt a message using someone else's public key, which can then only be decrypted by the owner of that public key — using their private key.

Here's how a public key looks displayed on a Facebook user's about section:


Facebook is also letting users opt in to have email notifications sent in an encrypted format. This means that even if you gained access to a user's email inbox who had the feature switched on, you would be unable to understand emails from Facebook without their private key.

Alongside the announcement, Facebook also directs users towards a more detailed explainer on encryption, and how to install it on their own computers. But this strong pro-encryption statement comes as the US government openly pleads with tech companies to move away from the technology.

President Obama hasn't advocated for an outright ban on encryption, but nonetheless wants to be able to track communication when possible.

"When we have the ability to track [online communication] in a way that is legal, conforms with due process, rule of law and presents oversight, then that's a capability we have to preserve," he said in January. According to The Hill, the president is now calling on lawmakers "to update a 1994 wiretapping law to require tech companies to build a way for the government to access suspects’ data."

But security experts warn that such an approach is dangerous, and that any back door in encryption products will weaken the entire product and make users vulnerable to attacks from hackers and criminals. "There's no back door that only works for good guys," writes activist and author Cory Doctorow.

Meanwhile in Europe, British Prime Minister David Cameron indicated in a speech prior to this year's general election that he plans to outlaw strong encryption entirely.

In March, the head of European police force Europol Rob Wainwright also said that the rise in use of messaging platforms that law enforcement cannot decrypt has "become perhaps the biggest problem for the police and the security service authorities in dealing with the threats from terrorism."

No comments:

Post a Comment