Advertisement

DOJ asks Facebook to halt end-to-end encryption plans (updated)

AG Barr wants Mark Zuckerberg to give law enforcement backdoor access to messages.

The Department of Justice is set to ask Facebook to pause plans for end-to-end encryption across all of its messaging services. It will urge the company not to move forward "without ensuring that there is no reduction to user safety."

Attorney General William Barr is set to make the request in an open letter to Facebook CEO Mark Zuckerberg on Friday. Acting Homeland Security Secretary Kevin McAleenan, UK Home Secretary Priti Patel and Australian Minister for Home Affairs Peter Dutton also signed the draft letter, which BuzzFeed News and the New York Times obtained before publication. The US and the UK will reportedly announce a data-sharing agreement alongside the release of the letter.

In March, Facebook announced plans for a more privacy-focused approach to its services. It's also working towards unifying messaging across WhatsApp, Instagram and Messenger with end-to-end encryption.

Barr and the other signees are concerned that end-to-end encryption will hamper law enforcement from tackling illegal activity that occurs through Facebook's messaging platforms. That includes child sexual exploitation, terrorism and election meddling. Earlier this week, a NYT report indicated there were almost 12 million reports of child sexual abuse material on Messenger last year.

The letter argues Facebook should "enable law enforcement to obtain lawful access to content in a readable and usable format," effectively providing authorities with backdoor access to messaging across WhatsApp, Instagram and Messenger. It will ask Facebook to work with governments to ensure that's the case.

It also urges Facebook and other companies to "embed the safety of the public in system designs, thereby enabling [Zuckerberg] to continue to act against illegal content effectively with no reduction to safety, and facilitating the prosecution of offenders and safeguarding of victims."

Update (10:26PM ET): The Department of Justice released both the copy of the letter, and officially announced the US and UK cross-border data agreement. Notably however, they did not release the actual text of the agreement itself, saying "We anticipate releasing a copy of the agreement in the near future following Congressional and Parliamentary notification."

US-UK cross-border data agreement announcement from DOJ:

Both governments agreed to terms which broadly lift restrictions for a broad class of investigations, not targeting residents of the other country, and assure providers that disclosures through the Agreement are compatible with data protection laws. Each also committed to obtain permission from the other before using data gained through the agreement in prosecutions relating to a Party's essential interest—specifically, death penalty prosecutions by the United States and UK cases implicating freedom of speech.

The novel US-UK Bilateral Data Access Agreement will dramatically speed up investigations by removing legal barriers to timely and effective collection of electronic evidence. Under its terms, law enforcement, when armed with appropriate court authorization, may go directly to tech companies based in the other country to access electronic data, rather than going through governments, which can take years. The current Mutual Legal Assistance (MLA) request process, which sees requests for electronic data from law enforcement and other agencies submitted and approved by central governments, can often take many months. Once in place, the Agreement will see the timeline obtaining evidence significantly reduced.

The Agreement will accelerate dozens of complex investigations into suspected terrorists and pedophiles, such as Matthew Falder who was convicted in 2018 in the UK of 137 offenses after an eight-year campaign of online child sexual abuse, blackmail, forced labor and sharing of indecent images, which highlighted the need to speed up these investigations.

The United States will have reciprocal access, under a U.S. court order, to data from UK communication service providers. All requests for access to data will be subject to independent judicial authorization or oversight