
Open letter concerning Facebook's proposals to apply end-to-end encryption - Daviey
https://www.gov.uk/government/publications/open-letter-to-mark-zuckerberg
======
marcus_holmes
I'm writing a communication product that uses encryption to store the
communications. A couple of things spring to mind when reading this:

1\. It's trivially easy to write a communication service that end-to-end
encrypts using modern libraries (in my case, Go). The encryption part took
about a day to build, without me needing to understand any of the maths I was
using. I haven't had any penetration tests on it, yet, but I understand that
Go's encryption libraries are all tested and the implementation (plumbing them
together) is pretty simple and hard to get wrong. So even if FB gives the
security services some way of reading messages, then the bad people can have
their own tool within a few days.

1b. There are other services, not as popular, that provide solid end-to-end
encryption already (hello Keybase), that the bad people can use immediately.
This is not about stopping the bad people from encrypting their messages, this
is about getting access to what everyone else is saying.

2\. It's already practically infeasible for a communications company to
implement end-to-end encryption without breaking existing laws (mostly about
copyright). Facebook's "end-to-end encryption" on message content will have to
include a copyright content filter in order to not be targeted by the
copyright legal industry, and the incoming EU legislation on implementing
content filters on any service that can share content.

All this points at this not being about terrorists and protecting children,
but at it being about mass surveillance of civilian populations. It's notable
that of the "five eyes" participants, it's only the US, UK and Australia who
have contributed to the open letter. These three countries are the most keen
on mass domestic surveillance (in the West anyway).

~~~
SheinhardtWigCo
“Trivially easy” causes me to raise an eyebrow. Hubris and cryptography don’t
mix well. Which libraries are you using?

~~~
roblabla
It isn't hubris. I've written a toy E2E encrypted messaging as well. I haven't
had to write a single line of actual crypto - libraries like libsodium ensure
I just have to tell it the kind of security I want, and it handles all the
dirty work for me.

The hard part then shifts to the logic:

1\. Ensuring the protocol doesn't allow accidentally leaking the data to an
adversary somehow.

2\. Ensuring the data is secured on the endpoints (the phone) - making sure
the keys are secure and can't leak, and making sure the data is only decrypted
when needed and for the time period it's needed.

Not that this is easy to get right either. But with crypto being an
essentially "solved" problem, we get to spend more time ensuring those bits
work properly.

~~~
SheinhardtWigCo
The current state of the art in this space is Signal, which offers participant
consistency, destination validation, forward secrecy, post-compromise
security, causality preservation, message unlinkability, message repudiation,
participation repudiation, asynchronicity, speaker consistency, out-of-order
resilience, dropped message resilience, computational equality, trust
equality, subgroup messaging, and contractible and expandable group
membership. [1]

Which of these properties do you get out-of-the-box from Go’s standard library
and/or libsodium? Almost none of them. The gap is enormous and not at all
“trivial”.

So, yes, it is hubris for OP to state that they can build a competitive
protocol in “about a day”, “without me needing to understand any of the
maths”, by simply stringing together Go standard library calls. I think the
engineers and cryptographers who work on Signal, Keybase, etc would have a
good chuckle at the suggestion that this stuff is “pretty simple and hard to
get wrong”.

[1]
[https://en.m.wikipedia.org/wiki/Signal_Protocol#Properties](https://en.m.wikipedia.org/wiki/Signal_Protocol#Properties)

~~~
marcus_holmes
few things:

I'm not building a competitor to Signal, so most (if not all) of that list is
completely irrelevant for my application.

I'm also totally paranoid that I have, indeed, got some of this wrong. I'm
trying to find people I can trust who know more about this than I do so they
can look at my code and test my application. So far everyone I've approached
to look at it has said it looks OK. I've come to accept that I'll never "know"
completely for sure that this is bombproof, because there just isn't any
single person out there that can verify that this is bombproof.

And, as Bruce Schneider puts it; security is not absolute, it's about delaying
the bad people for long enough so you can catch them. Bank vaults are rated in
hours (the number of hours that a competent attacker will need to get into the
vault). No software implementation is 100% secure, but it can be secure enough
to be useful.

But building a basic protocol out of Go's standard library building blocks is
pretty simple, and hard to get wrong, for given values of "simple" and
"wrong". These aren't absolute, and depending on your application, may be
quite low.

------
erostrate
Some people, including in these comments, make the argument that preventing
E2EE on Facebook is pointless because offenders can simply move to another
service. That's not a very good argument for two reasons.

First, Facebook is already used by pedophiles _despite_ the lack of E2EE. 2500
arrests for child abuse last year according to the letter. An example is given
of a pedophile identified through his messages with an 11 year old girl. With
E2EE enabled he would not have been identified at that time.

Secondly, the letter highlights that a major problem is the combination of
open profiles of children with E2EE messaging. This does not apply to any
service, mainly Facebook and similar platforms.

Don't get me wrong, I am overall in favour of E2EE, and I share the usual
cynicism about the government's intentions.

You can make the argument that although absence of E2EE does help identify
pedophiles more easily, in the balance it is more important to enable E2EE to
protect privacy.

But you should not make the argument that absence of E2EE on FB would not help
identify pedophiles more easily, because this letter provides evidence that it
actually does.

~~~
thrwaway69
isn't Facebook for 13+ teens? Did they change the terms recently? And where
are the parents? Do you just hand your kid phone without any parental
controls? Why should we not focus educating parents about raising kids than
fucking over with everyone?

~~~
ClumsyPilot
Monday parents are not capable od seeing up parental controls, and I don't
think we will see that change in the next 10 years even if we direct quite a
lot of effort to the matter

~~~
thrwaway69
so by putting everyone at risk with really minimal security looking at
conviction rate and who really are sexually abusing the kids (hint, it's not a
rando on the internet) is a better alternative to a long term advantage of
having better highly educated parents that will stop cycle of mismanagement
across generation like how abuse spreads from one generation to another.
Principles and behavior do too.

Why not ask politicians to put forward regulations that makes it mandatory for
companies to make parental control accessible and usable? But of course that
won't do. Parents should have no responsibility beyond giving the kid an iPad
or a smart surveillance device.

------
jpswade
Why, in a time where Facebook is getting so much flack for privacy issues,
would they want to build a backdoor into their platform for the UK Government?

Why would their targets use Facebook for communication when there's many other
existing platforms that provide this service.

Privacy isn’t about having “nothing to hide” it's about freedom.

As soon as your privacy is taken away, so is your freedom.

~~~
choward
People don't seem to understand this. If you have nothing to hide would you
mind if the government went through your house whenever they felt like it? It
can be done in a way that doesn't inconvenience you like only when you're not
home. Think of all the criminals we would catch. Is that the world you want to
live in?

~~~
div
I quite like the following analogy:

Saying privacy is unnecessary because you have nothing to hide is like saying
free speech is unnecessary because you have nothing to say.

~~~
Terretta
That only works if you think free speech is always good.

Should we let people yell fire in a crowded theater?

Is freedom from fear a fundamental right? How fundamental?

Privacy yields to safety as free speech yields to safety...

For some time now, we’re no longer designing protections from probable harm,
but theater abating improbable fears.

~~~
mijkal
Free speech, in the US context, usually relates to the 1st Amendment, which
precludes _govt_ censorship.

You can yell 'fire' in a crowded theater; if there is indeed a fire, it's fine
— you're trying to help alert people to a dangerous situation. If there is
not, and you cause a panic that results in injury to others, you could (should
imo) be liable.

The US Supreme Court has a litmus test around when the line is crossed.
Logically, there must be a balance to ensure one's rights do not infringe on
another's, and when there is conflict, how to resolve it. In the case of party
A threatening violence on party B, the line is if there is an imminent threat
('fighting words' — inciting an immediate attack), A is in the wrong.
Otherwise, no 1A issue. It's much more difficult to prove in the case of
stochastic speech targeting a person or group (eg Said before an audience:
'$target is bad. Would be a shame if something happened to $target.' Implying
someone in earshot should take care of it.).

I also want to highlight that free speech doesn't mean free of consequence —
it only limits govt censorship. You can say what you want, but you may: incur
financial loses (eg job or contract losses, boycotts), be ridiculed or shamed
(ie become a pariah), be denied access to private properties / venues / events
/ forums (including web sites such as Twitter or Facebook), etc.

[https://xkcd.com/1357/](https://xkcd.com/1357/)

------
truculent
This is a government that _deported it 's own citizens_ asking to remove
encryption for "user safety". Okay.

~~~
sneak
Let’s also not forget the illegal imprisonment of Assange without trial for
the last few years in London, and now his appalling treatment in Belmarsh.

~~~
loriverkutya
You mean in the Embassy of Ecuador in London? That’s hardly a prison.

~~~
jonnypotty
Anywhere you are unable to leave is a prison.

~~~
trothamel
Assange was able to leave whenever he wanted to. He would then have been
arrested and given a trial, but it was his choice to avoid those.

~~~
ClumsyPilot
"They were free to leave Gulags whenever they wanted. They would then have
been shot, but it was their choice to avoid the bullet"

------
docdeek
In other words, please make sure that the government can access any
communication they might wish to by ensuring your encryption doesn't work.
Here's hoping Zuck ignores it.

~~~
m-p-3
And Apple does E2EE with iMessage but I don't see the government slamming them
publicly. Maybe it's because they don't consider Apple to have a big enough
marketshare, or Apple doesn't make the system as private as they claim it to
be and secretly collaborate with the authorities.

~~~
buboard
Easily explained: FB is the one who actually went the extra mile to start
spying on its users and report thousands of cases to the police. Now the
police have become lazy, they want more of that.

------
dnpp123
I skipped this link believing they were going to complain about data ownership
and privacy issues.

A bit astounted they try to stop one of the only decent thing FB is trying to
push for instead. What a world we live in.

------
deith
Why is this an "open letter" instead of being passed as law? I understand that
you might write an open letter when you are powerless to change something, but
this is a government...

~~~
LatteLazy
Because our "leaders" are not smart enough to understand this, they've just
been told it's bad.

Because they want to pretend it's ok to have zero encryption and that's much
harder if facebook and others say it's not.

Because passing an actual law to actually ban it would take effort and they're
lazy

Because there is a non-zero chance they can't _really_ ban it, at least not
without banning a lot of other things like e-commerce and online banking, so a
gentlemans' agreement to keep 95% vulnerable is much more manageable.

Because in at least some of the jurisdictions it might not be legal
("constitutional" in the US, "in accordance with the European convention on
human rights" in the UK etc) to force these things by law.

~~~
johnnycab
>Because our "leaders" are not smart enough to understand this, they've just
been told it's bad.

Your comment is partially correct, it is the Home Secretaries, past and
present, who have been routinely told by the civil servants to tow the anti-
encryption line, which goes back to RIPA 2000 and even further back. In
essence it is GCHQ who are asking and they understand encryption perfectly
well; since they can't ask directly, hence the role falls upon the relevant
minister in government to do it.

This will once again become a hot-button issue as outlined in the Queen's
speech. The Tory Party is also switching from Whatsapp to Signal ─ make of
that, what you will.

[https://www.theregister.co.uk/2017/07/10/former_gchq_wades_i...](https://www.theregister.co.uk/2017/07/10/former_gchq_wades_into_encryption_debate/)

[https://www.theguardian.com/politics/2019/dec/17/tories-
swit...](https://www.theguardian.com/politics/2019/dec/17/tories-switch-to-
messaging-app-signal-to-curb-whatsapp-
leaks?CMP=Share_AndroidApp_reddit_is_fun)

~~~
stan_rogers
Wee niggle: it's _toe the line_ , meaning "take your position", no matter
which of the several suggested etymological origins you favour (track and
field, school or naval parades†, international border, bare-knuckle boxing,
etc.).

† A parade is an assembly of some sort; it may or may not involve a march past
or route march.

~~~
johnnycab
Thank you. It is too late to edit now.

------
bluesign
They say: "Our technical experts are confident that we can do so while
defending cyber security and supporting technological innovation. We will take
an open and balanced approach in line with the joint statement of principles
signed by the governments of the US, UK, Australia, New Zealand, and Canada in
August 2018 and the subsequent communique agreed in July this year."

on the other hand, second link on this paragraph is not found
([https://www.gov.uk/government/publications/five-country-
mini...](https://www.gov.uk/government/publications/five-country-ministerial-
communique/joint-meeting-offive-country-ministerial-and-quintet-of-attorneys-
general-communique-london-2019))

------
badrabbit
Like it or not,outside of tech circles the majority of people think lawful
interception should be in place. E2E is fairly new so I doubt it would remain
legal for a commercial service to offer it.

I personally am a fanboy for E2EE. But in democratic countries the majority
rule so what could be done aside from educating the majority?

The message from the tech industry needs to be very simple and digestable. No
going on and on about how you can't backdoor E2EE because that's bad design or
implications of letting them have backdoor access,etc.... If it was up to me
the counterpoint message would be

"Yes, Lawful intercept should be a thing since the people want it but there
have been severe violations both by governments and criminals alike where they
used existing weakness that allowed lawful intercept for unlawful dragnet
surveillance with absolutely no repercussions. Therefore, even if a lawful
intercept backdoor was in place, history has shown it will be used for
unlawful ends and as such E2EE is merely preventing illegal interception. If
the people's will is truly to allow access to their communication then
individuals should be forced to install software on endpoints that facilitate
interception,much like e911 related software is by law mandated to be
installed in a way that is very hard to remove."

That said, I hope FB burns!!! (the company,not their people).

~~~
pjc50
Compare with the "Totok" (not tiktok) discussion also on the front page.
Suddenly people aren't so keen when it's a foreign intelligence agency doing
the snooping.

~~~
close04
> people aren't so keen when it's a foreign intelligence agency

True, when I pointed out how the bottom of the slippery slope of backdooring
looks like, it wasn't much appreciated. I'd rather assume it's not because so
many HNers are pro-snooping but rather pro "righteous" snooping. "Ours" vs.
"theirs" even if it probably degenerates towards the same end result.

------
teddyuk
Priti Patel pleading for everyone to give them what they want “can’t you just
think of the children”

------
Jabbles
Concentrating on the child abuse aspect:

Surely the hard part of eliminating child abuse is the _acting_ on information
about the whereabouts of pedophiles? That is hard part, the non-scaling part,
the bit where real people have to go and make arrests and free the children
and find a safe place for them to stay for the rest of their childhood.

Compared to that, finding the people swapping child abuse imagery online
sounds rather easy, even when you can no longer look at individuals' messages.

------
gnufx
C.f. use of Signal:
[https://news.ycombinator.com/item?id=21844303](https://news.ycombinator.com/item?id=21844303)

------
AaronFriel
Why not make end-to-end encryption available only for adults? This preserves
the ability to track the most serious abuses of children and the millions of
reports the governments describe in their open letter, while preserving the
right to privacy that adults should expect.

This would take the wind out of the government's argument and would have a
reasonable basis in common law's differential treatment of adults and minors.

------
sneak
Implicit in this is that they already have all the access they wish, via
Facebook, today.

~~~
deith
Of course they do. Facebook does not implement E2E encryption by default and
they have to respond to lawful requests.

------
HacklesRaised
Patel's signature alone should be sufficent to file this away in the bin.

------
user840148
Patriot Act is the proof that facing fear society will trade privacy for
security. And it is also the proof that gov will abuse their power and society
will never get that traded privacy back.

------
McDev
A bit strange after reading this headline:
[https://www.theregister.co.uk/2019/12/20/uk_conservatives_br...](https://www.theregister.co.uk/2019/12/20/uk_conservatives_brexit_from_whatsapp_to_signal/)

------
baby
Does the UK realizes that if their plan is implemented then any authoritarian
government can now ask to have access as well.

~~~
ben_w
The UK government does not understand how the UK government functions, never
mind the international implications of what they’re asking for.

------
libeclipse
Maybe we should get rid of the NHS, and oxygen as well, as those things have
the potential to benefit bad people.

Absolute idots. Cryptography benefits _everyone_, and this bullshit is at the
expense of everyone.

------
sys_64738
Western countries condemn the Russian software rules and the Communist
Firewall of China and VPN restrictions. Yet here we are with the UK trying the
such things in a similar vain.

------
chaz6
This is not new, but has been updated with a letter from "Director National
Security". The last line reads:-

"If we do not get this right then the impact on the safety of our citizens,
and our children, will be stark."

If only they were that worried about the environment and global warming.

~~~
GordonS
I think it's plain to many that they are not in fact worried about "our
children" \- it's a lazy argument that's easily seen through, yet appeals to
outraged tabloid readers.

It also makes it easy to retort to those who would oppose it: "then you don't
care about our children, you must be a monster!"

In reality, anyone who truly cared about our children, and indeed future
generations, would see the dangers of mass surveillance and strongly oppose it
on those grounds.

------
GhettoMaestro
Open Letter to UK Gov: Suck my balls, thanks.

------
pnako
British government: "Please think of the children!"

Also British government:
[https://en.wikipedia.org/wiki/Rotherham_child_sexual_exploit...](https://en.wikipedia.org/wiki/Rotherham_child_sexual_exploitation_scandal)

Pardon me for not trusting them too much.

