Earlier this year, Mark Zuckerberg had what appeared to be a damascene conversion to the merits of online privacy.
Having created a company built on exploiting user data for personal profit, Zuckerberg, worn down by the relentless barrage of privacy scandals and negative headlines appeared to have caved. He confirmed that Facebook was planning to introduce encryption to its platform.
Some critics praised his belated conversion while others expressed scepticism about his true intentions. It seems the latter were right to be doubtful about his true intentions.
Facebook’s real encryption plans
The revelations about Facebook’s true encryption intentions came from a rather innocuous source.
Ram Ramanathn, Facebook’s Head of Project Management and AI Solutions for Integrity recently gave a presentation entitled “Applying AI to Keep the Platform Safe” alongside two of Facebook’s Applied Research Scientists, Reshef Shilon and Pinar Donmez.
In it, they revealed how Facebook is planning for its encrypted service to work. Their plans make for deeply troubling reading as tech entrepreneur Kalev Leetaru has revealed.
Facebook plans to equip all encrypted communications with filtering algorithms and a variety of other content-monitoring tools. These will scan each message in clear text before it is encrypted and sent off to its intended recipient. They will also scan all received messages after they have been decrypted.
The Facebook algorithms will be running on users devices but will be continually updated from a central cloud service.
If these algorithms pick up any content which they deem unsatisfactory, a copy of this message will be sent back to Facebook’s central servers where it will be analysed further.
The user will have no say over this and, quite likely, no knowledge that it has actually happened.
An encryption backdoor by stealth
This latter proposal is nothing less than a wiretap by another name, Facebook is planning to scan all of your communications and take a copy of anything that piques its interest.
But what their broader plans amount to is effectively an encryption backdoor by stealth. This is a little different to the encryption backdoors which have been mooted before.
Facebook’s plans to not involve handing over encryption keys to the US government or creating vulnerabilities in the encryption itself. Their plan is to place a backdoor into their software before and after the data is encrypted that will allow it to spy on users, block content, and censor anything it doesn’t like.
Perhaps most worrying, Facebook is not just planning to use these algorithms on its newly-introduced encrypted communications. It also wants to add it to the encryption communication tools it already owns. That means WhatsApp is about to become a lot less secure.
Why is Facebook planning to break encryption?
The instinctive assumption would be that Facebook is planning to compromise encryption in this way to boost its profit margins. After all, Mark Zuckerberg is all about making money right?
It is, of course, perfectly possible that Facebook will find a way to monetise their access to encrypted communication in time. But it seems likely that at the moment, it is pressure from the US government and their influential Five Eyes allies which has prompted the move.
The US authorities have bemoaned the fact that they cannot access encrypted communication for years without ever really providing any proper justification for breaking end-to-end encryption to do so.
Other countries, most notably the UK and Australia, have passed laws which give them the power to demand access to encrypted communications. These have been used sparingly to date but the knock-on effect on Australia’s tech industry especially has already been profound.
Facebook’s proposal appears to be the answer to all these government’s prayers. It is giving them access to encrypted communications without breaking the encryption itself.
Is this the death of end-to-end encryption?
If Facebook’s algorithms are introduced across their platform, then they certainly mean the death of end-to-end encryption on WhatsApp.
If encrypted communications can be analysed before and after they are sent, the encryption becomes essentially meaningless and the focus will turn to the algorithms themselves and how Facebook is going to keep that process secure.
It seems likely that the US Government, and other international administrations, would then seek to pressure other encrypted communication platforms to follow Facebook’s approach and implement similar measures. A number would no doubt fall in line.
But there will always be some that resist. Encrypted communication tools like Telegram and Signal have always prioritised the security and privacy of their user’s communication and resisted any government efforts to compromise these.
It seems highly unlikely that these platforms would cave to pressure to introduce algorithms like this. Even if they did, other services would quickly emerge to replace them.
The truth is that end-to-end encryption cannot be put back in its box. The technology is now out there and while Facebook can destroy it on its own software, it cannot kill it off elsewhere.
There will always be a vital role for end-to-end encryption in keeping journalists, activists, and businesspeople safe and secure online. And no algorithms are going to change that.