
Open Letter from Governments to Facebook Is an All-Out Attack on Encryption - schoen
https://www.eff.org/deeplinks/2019/10/open-letter-governments-us-uk-and-australia-facebook-all-out-attack-encryption
======
darawk
It's interesting how governments come to feel entitled to forms of
surveillance. For thousands of years financial transactions were completely
illegible to government. They took place hand to hand, either in cash or
barter. But now that transactions are digitized, it is actually illegal to
conduct certain types of transactions anonymously (KYC/AML laws). This came
about because governments got used to being able to peer into the financial
lives of their citizens, and once they got used to it, they didn't like it
when people circumvented that, so they made it a crime.

The same is true here of private messaging. Governments got used to being able
to read our messages. They have come to rely on it. And so now they want to
make it illegal for us to keep them out.

I guess what i'm saying is: We ought to be extremely careful what we allow our
governments to get used to doing. There is an argument to be made that the
original sin here was allowing wiretaps _at all_ , even when the medium was
un-encrypted.

~~~
lisper
You talk about governments as if they were an alien sentient life form
("governments ... feel entitled"). They're not. They are groups of people who
serve constituencies. You could tell the exact same story in reverse: the lack
of surveillance technology made people feel entitled to anonymous financial
transactions. The feelings of entitlement (if you want to call them that)
follow the available technology. But ultimately these decisions are always
trade-offs between one feeling of entitlement in one constituency and another
feeling of entitlement in another. In this case, one side feels entitled to
privacy, the other, to security (or the illusion of security, which some
people find valuable even in the absence of actual security).

I point this out not because I disagree with your baseline position that
privacy is valuable. I don't. I point this out because i believe that arguing
for it on the basis that government feelings of entitlement are somehow less
legitimate than the feeling of entitlement of non-governmental constituencies
is not going to be an effective strategy because it's based on a false
premise.

~~~
shakna
I've witnessed in the last couple of years several politicians arguing
vehemently for something their constituency wants, such as safe access to
encryption, and then they're taken aside and briefed on something by the
intelligence service, and completely flip their views.

The constituency hasn't changed their views. The politician was still elected
on the same platform. But they no longer serve the constituency.

I can well-understand the feeling that the government is a separate entity,
and behaves differently.

~~~
roenxi
It is very hard to put a finger on exactly why though. Politicians discover
that their pro-good-ideas stance puts them at odds with powerful forces.
Consistently. But it seems unlikely that there is an actual conspiracy afoot.
There is some powerful incentive structure at work. Take war for example. It
seems that consistently peaceful candidates are voted in then they end up
invading somewhere.

It may be military lobbying; but even then it seems a little strange that
absolutely no progress gets made on issues that seem to have a remarkable
amount of support from what must be most voters. People voting for humanity or
economic reasons would agree that endless overseas wars are a mistake - that
catches most voters. Realistically it should even catch the imagination of the
foreign policy people; power projection is one thing, but killing foreigners
doesn't put America in a great place for the next generation.

It would almost be more helpful for politicians to honestly state why they
keep flipping their positions rather than sending another smooth-talking
politician in to see if they flip. Surely there must be some equilibrium where
less people die but all the insiders are happy.

~~~
shakna
Some of the turnarounds are utterly baffling.

I would understand to a certain extent if the national intelligence briefing
informs the politician of a dozen programs that are reliant on the premise and
have prevented x number of attacks and so on.

But I've seen politicians flip completely after a single 20mins meeting. From
fiercely against to fiercely for. For those cases, I've held my judgement,
because I don't have a non-insane answer for why this happened, but everyone
involved is presumably a somewhat-logical human being, and people don't let go
of beliefs easily.

------
riazrizvi
Throughout history when societies enjoy above average improvement, it is
because they are able to displace inheritance-based systems. These
inheritance-based systems hand out benefits to random children, they subvert
progress by enabling the incompetent and disabling the competent. Commonly,
people who inherit stuff (money, authority, property) keep skewing laws to
prevent others benefiting from the fruits of their labor, so that inheritors
can maintain ownership. They do this by paying to skew laws to benefit owners
over achievers.

If privacy doesn't exist anymore, then the inheritors will receive a level of
power they have never had before. They will be unstoppable. We will reach an
end-state of cultural-political development where the inheritors will no
longer be challenged. We have had dark periods of time when inheritors have
ruled for long periods, ancient Egypt with mass enslavement for example.
Without privacy we will reach an event-horizon of wealth inequality, and no
political counter-movement will be able to take root to challenge it. We are
seeing the beginning of this in Hong Kong, we are seeing it in an
uncompetitive pay-to-play patent system, in an increasingly monopolistic
corporate environment, in increasingly uncompetitive marketplaces in dark pool
trading systems, and in Apple/Microsoft/Facebook/Google/Amazon app stores and
tech markets.

The threat to privacy is the greatest threat to progressive civilization we
have ever encountered IMO.

~~~
jonnybgood
> If privacy doesn't exist anymore, then the inheritors will receive a level
> of power they have never had before.

I’m having a hard time understanding your implication here. Wouldn’t the
inheritors want more privacy as that would lessen the visibility of their
actions and those involved?

~~~
deogeo
> Wouldn’t the inheritors want more privacy

For themselves - not necessarily for others. And when privacy is invaded, only
the powerful get access to the resulting information.

There's also the matter of who _needs_ privacy - the loss of it hurts those
without power to defend themselves more. E.g. Hong Kong protesters are rightly
worried of being identified.

------
deogeo
Let me remind everyone to never let the "going dark" rhetoric go unchallenged.
People are under _vastly_ more surveillance (with data flowing one way,
towards governments and corporations, not reciprocal like neighbors) than ever
in history. But somehow the tiny scrap of privacy that encryption allows us to
keep is framed as "going dark".

------
throwaway13337
The ability to privately communicate with other citizens of your country is
fundamental to a functioning representative democracy.

It should be as clear as day that an attack on encryption is an attack on the
values of America.

This is the tact that should be taken in the conversation - is the attorney
general so anti-American as to request this?

------
yen223
One good thing from this kerfuffle is the tacit confirmation that end-to-end
encryption actually works.

~~~
solotronics
The encryption works but the endpoints are compromised. The Intel management
engine and the AMD equivalent are good examples of how modern hardware is
complex enough to seed backdoor hardware into a system.

~~~
raxxorrax
I actually doubt this to be a current and feasible attack vector for mass
surveillance.

You could still route around it with software if these components are indeed
compromised. Random number generation has always been a hot topic and a
problem for deterministic machines, but I doubt there are usable hardware
exploits to crack modern encryption.

It could be viable for industrial espionage where systems are even more
uniform and it is imperative to keep an eye on that topic and hold hardware
developers accountable.

------
EGreg
You know, for many years I have been writing and speaking about the dangers of
centralizing power in the hands of a few social networks. That’s what all this
comes from. (Remember this? [https://www.eff.org/deeplinks/2018/12/congress-
censors-inter...](https://www.eff.org/deeplinks/2018/12/congress-censors-
internet-eff-continues-fight-fosta-2018-review)). We have no good software
alternatives to Facebook and Google — for now. So we accept FEUDALISM on the
Web! Look at the latest post here for example:

[https://qbix.com/blog](https://qbix.com/blog)

On HN and at EFF we all diagnose the problem correctly, but the solution
requires a platform to coordinate everyone. This platform currently does not
exist. And it must be open source, permissionless and work across domains. If
you want, come join me in making it. (Yes, scuttlebutt, matrix, mastodon etc.
exist but they are not mainstream. SAFE network is probably the best design
around, but they never even release it.)

I already went ahead and put about half a million $ of our company’s revenues
into building this platform. We have to go the other way — get people to use
it first, like they do Wordpress! 34% of all websites now. And then attract
developers.

We designed a crypto ecosystem for it to incentivize people to participate:
[https://qbix.com/token](https://qbix.com/token)

This is not encouraging anyone to buy anything. Just information about what we
are working on. I feel like very few people will get what we are doing until
it’s ready: liberating people from giant centralized corporations and giving
them control and choice. Like Linux and Wordpress and the Web did.

Contact me if you’re interested to contribute to this platform or use it for
your own web projects like you use Wordpress/Drupal (greg at-symbol and then
qbix.com)

------
gorgoiler
Writing “open letters” always feels incredibly passive aggressive. It’s
shameful to see it used as a tool of government policy.

If democratic governments want to force Facebook to keep files on their
citizens for law and order purposes, pass a law that says that explicitly.

This whole “nice social media business you have there, would be a shame if
something were to happen to it...” is extra-democratic bullying.

------
edoo
An all out attack on encryption is an all out attack on free speech. It is no
different than using shorthand, or symbols, or a made up language to
communicate.

~~~
chimi
You make me wonder if perhaps new languages evolved for exactly this purpose.
To conceal ideas and thoughts from the enemy.

~~~
Intermernet
There are elements of this. Two examples:

1\. Younger generations develop colloquial terms that the older generations
don't understand. This allows the younger generation to communicate more
freely.

2\. Highly specialised positions develop "jargon" which, although arguably
allows more accurate and concise communication, also allows elements of
protectionism and in-group gatekeeping.

Both of these examples are more complex than just "To conceal ideas and
thoughts from the enemy", but it's definitely a motivating factor in language
evolution.

~~~
beefalo
Do you have any citations for [1]? My intuition is that it's no different than
the jargon mentioned in [2], more of just a made up term to more
accurately/efficiently communicate.

~~~
Intermernet
No citations, just personal experience :-) Many nicknames for drugs, code
words for parties, colloquial terms for sex have survived the 20+ years since
I last had to use them.

EDIT: An interesting article that may aid in further research:
[https://www.theguardian.com/media/mind-your-
language/2016/ap...](https://www.theguardian.com/media/mind-your-
language/2016/apr/08/in-with-the-in-crowd-secret-languages-can-confuse-
exclude-or-empower)

------
yellow_postit
In addition to the defense of the need for real encryption I’d like to see EFF
and others go on a more proactive offense as well proposing solutions for the
bogeymen that governments keep raising — especially around child exploitation.

~~~
Canada
Why should the burden of solving that be placed on the defenders of privacy?
The people calling for the power to spy on everyone have not offered any
explanation of how backdooring everyone's communication reduces sexual abuse
of children.

Of course, they don't really care about child exploitation. They are cynically
using the issue as a pretext to preserve and normalize a massive expansion of
their power.

The DOD budget is $617B[1]. The entire DOJ budget is $6B, with about half of
that allocated to law enforcement[2]. I'm not sure precisely how much of that
is spent investigating child exploitation, but the DOJ doesn't view it as a
high enough high priority to even mention it in the budget. A couple of
highlights:

\- $295 to fight the opioid crisis. How successful was the drug war with the
ability to tap phones again?

\- $486M for violence against women programs and $45M for victims of human
trafficking. Maybe next they will tell us that reading our messages and
snooping our video calls will make women safer.

[Edit: Also interesting, the FBI's nearly $10B budget request[3]. The budget
request doesn't break down the spending, but it does include a section on
crimes against children almost at the very end. They highlight their recent
investigations have led to about 1000 arrests. The FBI's stated top
priorities[4] do not include crimes against children.]

[1]
[https://en.wikipedia.org/wiki/Military_budget_of_the_United_...](https://en.wikipedia.org/wiki/Military_budget_of_the_United_States)

[2]
[https://www.justice.gov/jmd/page/file/1033086/download](https://www.justice.gov/jmd/page/file/1033086/download)

[3] [https://www.fbi.gov/news/testimony/fbi-budget-request-for-
fi...](https://www.fbi.gov/news/testimony/fbi-budget-request-for-fiscal-
year-2019)

[4]
[https://en.wikipedia.org/wiki/Federal_Bureau_of_Investigatio...](https://en.wikipedia.org/wiki/Federal_Bureau_of_Investigation#Budget,_mission,_and_priorities)

~~~
bayesian_horse
Please explain to me how giving producers, traffickers and consumers of child
pornography would not benefit from easy and hurdle-less end-to-end encryption.

I'm not saying that this is a good reason to stop Facebook from implementing
this. But there is no question that it is going to make the lifes of a lot of
criminals a whole lot easier.

We may imagine criminals, especially the semi-organized ones, to be experts in
cryptography or at the very least covert communications. They really aren't.
If they can just use their usual facebook accounts, they'd really appreciate
that.

~~~
Canada
Yes, apparently something like 8000 incidents of attempted solicitation of
children on Facebook last year.

I'm not saying E2E and encryption of data at rest doesn't benefit these
scumbags. It does, no doubt, and that's exactly why the tech savvy ones use
them. I'm saying that inexpensive computers, digital cameras, and broadband
internet also benefit them, but these things are also an enormous benefit to
us all.

I'm not willing to give these things up because some bad guys use them. It's
fair to ask if the trade off is reasonable. Assume those 8000 incidents are
all different children and different predators and none of them are iffy/false
positives. (not likely) Assume 1 billion people used FB to send a message
during that time. (a low estimate) Is it weakening the security of 125,000
people for each one of these bad guys? Why should 999,992,000 people have to
go without for the sake of 8000?

To those who think that the many should have to suffer for the few, I ask:
Where does it stop? For example, Should all digital cameras be required to
upload photos to the police before allowing the user to see them? That would
certainly help the police, wouldn't it?

~~~
bayesian_horse
The problem is that your "1 Billion" have virtually no reduction in their
security, because the government doesn't have a warrant for their data,
whereas the 8000 incidents may each have severe consequences. And "attempted
solicitation" is by far not the only crime that is routinely prosecuted with
evidence from Facebook or other types of surveillance.

The slippery slope arguments are as stupid here as they are in gun debates.
Not making encryption the default for text messaging, thereby leaving a chance
of court-ordered disclosure, is not remotely comparable to total surveillance.

But I guess that's not the kind of distinctions the audience here is going to
appreciate, is it?

~~~
raxxorrax
> The problem is that your "1 Billion" have virtually no reduction in their
> security

Yes they do. Ambitions tend to grow with opportunities. That is especially
true for government, you just have to look at China and other regimes.

Your personal conquest against crime doesn't justify compromising security.

~~~
bayesian_horse
The point is that technology is not the point to argue and fight over when it
comes to government overreach.

A government needs both the technology and the will to overreach. And you are
talking like western democracies, are, well, not democratic. That would be the
only reason to fight over the technology, and not try to fight over the will
(i.e. legislation) to do harm. And it wouldn't work, in that case, either,
because "the government" is always the one with the power. If someone else is
more powerful, then that's the government.

------
concordDance
> As well as child abuse imagery, these referrals include more than 8,000
> reports related to attempts by offenders to meet children online and groom
> or entice them into sharing indecent imagery or meeting in real life.

It would be nice if people could commit to seperating out the requests by
shoolmates for naked pics of 17 year olds and requests by older men for naked
pics of 10 year olds when presenting these stats. :/

As it is, information like this (and indeed most stats you see in public
discourse) is useless for determining the scale of a problem and sensible
public policy approaches.

------
pharrington
The open letter, for context:

[[https://www.justice.gov/opa/pr/attorney-general-barr-
signs-l...](https://www.justice.gov/opa/pr/attorney-general-barr-signs-letter-
facebook-us-uk-and-australian-leaders-regarding-use-end)]

[[https://www.gov.uk/government/publications/open-letter-to-
ma...](https://www.gov.uk/government/publications/open-letter-to-mark-
zuckerberg)]

[[https://www.gov.uk/government/publications/open-letter-to-
ma...](https://www.gov.uk/government/publications/open-letter-to-mark-
zuckerberg/open-letter-from-the-home-secretary-alongside-us-attorney-general-
barr-secretary-of-homeland-security-acting-mcaleenan-and-australian-
minister-f)]

------
nerbert
I'm baffled to see how governments are able to synchronize, send a crystal
clear message and take action when it serves their interests.

------
m-p-3
It's always about control under the pretense of security. Rights to privacy
can be violated and dismissed, but good encryption itself cannot. Encryption
is the last frontier of privacy, and we must defend it vigorously.

Encryption, like any tool, can be used to do good things and bad things, stop
blaming the tool for the user's behavior. Law enforcement agencies will need
to adapt to that reality instead of using a blanket ban or backdoors into
everyone's lives under the pretense that there are bad people out there and to
_think of the children_ ™ excuse that has been used and abused over and over
again.

------
EGreg
Bruce Shneier always had a good response to these governments:

Which other governments would you like to have a backdoor?

~~~
TheCapeGreek
Five to Fourteen-eyes[0] wouldn't mind.

[0]:
[https://en.wikipedia.org/wiki/Five_Eyes](https://en.wikipedia.org/wiki/Five_Eyes)

------
nhumrich
I find it funny, that in effort to "catch criminals", government tries to pass
laws to make things those criminals do, illegal. If you make encryption
illegal, its not going to stop the human trafficker from using it. They are
already breaking the law... what's another smaller law to help protect them?
So they go to jail for encryption rather than human trafficking. The laws are
now helping them, while hurting all the good citizens that just want privacy.

------
sbhn
Your governments have been reading your facebook messages, sms, logging
telephone calls forever. This attack on encryption is attempt by the
governments to suggest that somehow facebook is actually your friend and has
some weight in protecting you. Facebook is losing dominance on the access of
your communications, and your government wants you back on facebook where its
contractors monetise it most with the least amount of effort. The security
contracts need to maintain high ROI, otherwise they will lobby for more of
your tax money in the name of security.

------
thelazydogsback
But they aren't demanding this of Apple, for instance?

~~~
heretoo
I don't think this open letter is for Facebook. It is for the general public.

~~~
buboard
It's for Zuck

------
K0SM0S
What is the (business) rationale for Facebook to refuse?

I mean, beyond the personal political opinion of Mark and shareholders, why
would this company defy those governments?

(asking naively because I feel blinded by my opinion, I can't make a good
strategic case for it, only a moral one)

~~~
dodobirdlord
> What is the (business) rationale for Facebook to refuse?

Advertising, market segment/product substitution.

There's a pervasive idea that Facebook must be gobbling up your communication
data and it's starting to weird the general public out. It's very common to
see people discussing how their phones must be recording for Facebook because
they said something near their phone and then they saw a Facebook ad for it.
Making a big publish show of fighting the government over whether messages can
be intercepted _at all_ provides the kind of advertising that money can't buy.

Also, there will likely always be some subset of people who are more
technically savvy and care more about their privacy. These people tend to also
set technical trends for the rest of the population. People may leave your
platform for being too insecure, but nobody is going to leave your platform
for being _too secure_ , so build a secure product and target both market
segments. This will give you a larger market, and will also deny your
competitors the opportunity to grow by luring away a subset of your users by
offering what is to those users a superior product.

------
Havoc
I find it rather ominous that they are coordinated in this too.

Not big on shadow world gov conspiracy theories but that seems
rather...strange

------
bayesian_horse
Users will eventually switch to services that offer end-to-end encryption, and
Facebook won't have a choice.

Some governments will eventually try to shut down such services.

------
michannne
Is there some way Facebook can implement it quietly?

~~~
bryan_w
It's actually available today in messenger, but you have to start a "Secret
conversation" first. FB's plan is to make it default

------
heretoo
Perhaps if we only broke encryption only for messages to/from all children,
that would satisfy their requirements?

~~~
bayesian_horse
That's not such a bad idea actually, because text messaging is a primary part
of predatory "grooming" activity.

I'm sure those predators would appreciate "secret" Facebook messaging. They'll
probably tell their victims that nobody can ever see the pictures they send
"secretly".

------
no_opinions
EFF is special in that is completely disregards legitimate use cases to access
information.

I thought civil liberties was about fine tuning the scope of the government's
power from sweeping in innocent citizens. EFF doesn't attempt to suggest a
statute to do a better job in these areas. It lumps together a complicated
subject.

They appear to believe _any_ reason the government has to want to access E2E
communication is illegitimate.

> Facebook and others would face immense pressure to also provide them to
> authoritarian regimes, who might seek to spy on dissidents in the name of
> combatting terrorism or civil unrest, for example.

It's blocked in China. Russians use VK.

> Many people—including journalists, human rights activists, and those at risk
> of abuse by intimate partners—use encryption to stay safe in the physical
> world as well as the online one.

If someone's safety was at risk, why would they be on Facebook at all though.

They sell their data in bulk. Maybe what you really want is a GDPR-like
assurance as a consumer.

> “enable law enforcement to obtain lawful access to content in a readable and
> usable format.”

It's public information this is already done by large companies.

Why not make this into a conversation about who can access the data, for what
reasons, and what threshhold of proof is needed to minimize the sweep?

> law enforcement and national security agencies in these three countries are
> asking for nothing less than access to every conversation that crosses every
> digital device.

Law enforcement and national security are not the same thing.

They're exacerbated by places like EFF that blur them together to get
donations and keep laypeople running in circles.

EFF is supposed to be staffed with lawyers. The least it could do is help the
public understand the intricacies.

~~~
koboll
I strongly disagree with you.

But I just want to say it's disappointing that you're being downvoted by
people because they disagree with you, rather than because you're not
contributing to the conversation.

~~~
kick
Paul Graham:

 _I think it 's ok to use the up and down arrows to express agreement.
Obviously the uparrows aren't only for applauding politeness, so it seems
reasonable that the downarrows aren't only for booing rudeness._

 _It only becomes abuse when people resort to karma bombing: downvoting a lot
of comments by one user without reading them in order to subtract maximum
karma. Fortunately we now have several levels of software to protect against
that._

[https://news.ycombinator.com/item?id=117171](https://news.ycombinator.com/item?id=117171)

~~~
smudgymcscmudge
That’s good to know. I hadn’t read that before.

