Message encryption is a security measure which makes a lot of sense to everyone who is concerned about their privacy, not wanting the things they say to be accessible outside. It’s something which social media giant Facebook was slow to the party to implement, but now that it has its getting pressure from certain governments (United States, UK and Australia) who question the needs of encryption over the needs of being able to scan messages to counter the threats of terrorism, child exploitation, and other crimes.
After writing to Facebook to request them to reconsider their plans for end-to-end encryption, the social media giant turned around and promptly said no:
Cybersecurity experts have repeatedly proven that when you weaken any part of an encrypted system, you weaken it for everyone, everywhere. The ‘backdoor’ access you are demanding for law enforcement would be a gift to criminals, hackers and repressive regimes, creating a way for them to enter our systems and leaving every person on our platforms more vulnerable to real-life harm. It is simply impossible to create such a backdoor for one purpose and not expect others to try and open it. People’s private messages would be less secure, and the real winners would be anyone seeking to take advantage of that weakened security. That is not something we are prepared to do
As much as I’m no fan of Facebook’s business practices, I wholeheartedly agree with their response and the importance of keeping messages private. The problem is that governments are getting increasingly sensitive around aspects of big companies’ ownership of potentially important data that they cannot act upon and with this placing the onus on these big companies to respond to these harmful messages and not governments themselves. As a result, we are seeing a shift towards governments creating legislation to better manage or ven gain access to this information.
As we can see from a response by the US senate following Facebook’s answer:
Lawmakers of both parties echoed those worries on Tuesday, threatening to take action if the companies didn’t satisfy their concerns.
“You’re going to find a way to do this, or we’re going to do this for you,” said Senator Lindsey Graham, Republican of South Carolina and the chairman of the Judiciary Committee. “You’re either the solution or you’re the problem.”
We’ve also already seen legislation from Australia which mandates companies to break encryption upon request. On the face of it, Australia’s law makes sense when criminal actions are involved, allowing them to intercept threats or find cause, the truth though is that governments are not really using it for that. As illustrated by this example:
Law enforcement’s powers granted under the Data Retention Act in 2015 were augmented by the new powers the Assistance and Access Act provided at the end of 2018, creating the framework that authorised the federal police in mid-2019 to raid the homes and offices of journalists over articles published in July 2017 and April 2018, in defiance of international norms. Because parliament passed these laws, the federal police had the power to strike a chilling blow against press freedom in Australia and call it lawful.
While I can understand the concerns of governments wanting to protect their citizens, the excessive surveillance of their people is likely to only cause more distrust and issues between governments and people. Where do you draw the line on certain communication channels? While you could argue social media is an open communication platform and shouldn’t need to be encrypted, many people use it to engage in private messages and its not fair that anyone has access to that.
Companies like Facebook, Google and Microsoft can only say no for so long to some of these privacy concerns before government regulation will eventually win. The question though is should either of those parties even be allowed to determine what happens with the private communication of people? I suspect we could see an interesting fight over the next few years that could change the face of how we communicate over the internet.
And while our government is currently staying out of these issues (they have other more pressing issues to deal with), it’s only a matter of time before we possibly see South Africa follow suit with what the big players are doing in this regard. I hope I’m wrong though.
The views and opinions expressed in this article are those of the author(s) and do not necessarily reflect the official policy or position of Critical Hit as an organisation.
Last Updated: December 12, 2019