Connect with us

NEWS

Facebook is being leaned on by US, UK, Australia to ditch its end-to-end encryption expansion plan

Published

on

Here we go again. Western governments are once again dialing up their attack on end-to-end encryption — calling for either no e2e encryption or backdoored e2e encryption so platforms can be commanded to serve state agents with messaging data in “a readable and usable format.”

U.S. Attorney General William Barr, acting U.S. Homeland Security Secretary Kevin McAleenan, U.K. Home Secretary Priti Patel and Australia’s minister for home affairs, Peter Dutton, have co-signed an open letter to Facebook calling on the company to halt its plan to roll out e2e encryption across its suite of messaging products. Unless the company can ensure what they describe as “no reduction to user safety and without including a means for lawful access to the content of communications to protect our citizens,” per a draft of the letter obtained by BuzzFeed ahead of publication later today.

If platforms have e2e encryption, a “means for lawful access” to the content of communications sums to a backdoor in the crypto — presumably along the lines of the “ghost protocol” that U.K. spooks have been pushing for the past year. AKA an “exceptional access mechanism” that would require platforms CC’ing a state/law enforcement agent as a silent listener to eavesdrop on a conversation on warranted request.

Facebook-owned WhatsApp was one of a number of tech giants joining an international coalition of civic society organizations, security and policy experts condemning the proposal as utter folly earlier this year.

The group warned that demanding a special security hole in encryption for law enforcement risks everyone’s security by creating a vulnerability which could be exploited by hackers. Or indeed, service providers themselves. But the age-old “there’s no such thing as a backdoor just for you” warning appears to have fallen on deaf ears.

In their open letter to Facebook, the officials write: “Companies should not deliberately design their systems to preclude any form of access to content, even for preventing or investigating the most serious crimes. This puts our citizens and societies at risk by severely eroding a company’s ability to detect and respond to illegal content and activity, such as child sexual exploitation and abuse, terrorism, and foreign adversaries’ attempts to undermine democratic values and institutions, preventing the prosecution of offenders and safeguarding of victims. It also impedes law enforcement’s ability to investigate these and other serious crimes.”

Of course, Facebook is not the only messaging company using e2e encryption, but it’s in the governments’ crosshairs now on account of a plan to expand its use of e2e crypto — announced earlier this year, as part of a claimed “pivot to privacy.” And, well, on account of it having two billion+ users.

The officials claim in the letter that “much” of the investigative activity, which is critical to protecting child safety and fighting terrorism, “will no longer be possible if Facebook implements its proposals as planned.”

Advertisement

“Risks to public safety from Facebook’s proposals are exacerbated in the context of a single platform that would combine inaccessible messaging services with open profiles, providing unique routes for prospective offenders to identify and groom our children,” they warn, noting that the Facebook founder expressed his own concerns about finding “the right ways to protect both privacy and safety.”

In March, Mark Zuckerberg also talked about building “the appropriate safety systems that stop bad actors as much as we possibly can within the limits of an encrypted service.”

Which could, if you’re cynically inclined, be read as Facebook dangling a carrot to governments — along the lines of: “We might be able to scratch your security itch, if your regulators don’t break up our business.”

Ironically enough, the high-profile intervention by officials risks derailing Facebook’s plan to unify the backends of its platforms — widely interpreted as a play to make it harder for regulators to act on competition concerns and break up Facebook’s business empire along messaging product lines: Facebook, WhatsApp, Instagram.

Or, well — alternative scenario — Facebook could choose to strip e2e crypto from WhatsApp, which is currently the odd one out in its messaging suite on account of having proper crypto. Governments would sure be happy if it did that. But it’s the opposite of what Zuckerberg has said he’s planning.

Curiously, the draft letter makes no mention of platform metadata. Which is not shielded by even WhatsApp’s e2e encryption. And thus can be extracted — via a warrant — in a readable format for legit investigative purposes. And let’s not forget U.S. spooks are more than happy to kill people based on metadata.

Instead the officials write: “We must find a way to balance the need to secure data with public safety and the need for law enforcement to access the information they need to safeguard the public, investigate crimes, and prevent future criminal activity. Not doing so hinders our law enforcement agencies’ ability to stop criminals and abusers in their tracks.”

The debate is being framed by spooks and security ministers as all about content.

Advertisement

Yet a scrambled single Facebook backend would undoubtedly yield vastly more metadata, and higher-resolution metadata, on account of triangulation across the services. So it really is a curious omission.

We’ve reached out to Facebook for its reaction to the letter. BuzzFeed reports that it sent a statement in which it strongly opposes government attempts to build backdoors. So if Facebook holds firm to that stance it looks like another big crypto fight could well be brewing. À la Apple versus the FBI.

Bilateral Data Access Agreement

In another announcement being made today, the U.K. and the U.S. have signed a “world first” Bilateral Data Access Agreement that’s intended to greatly speed up electronic data access requests by their respective law enforcement agencies.

The agreement is intended to replace the current process, which sees requests for communications data from law enforcement agencies submitted and approved by central governments via a process called Mutual Legal Assistance — which can take months or even years.

Once up and running, the claim is the new arrangement will see the process reduced to a matter of weeks or even days.

The agreement will work reciprocally with the U.K. getting data from U.S. tech firms, and the U.S. getting access from U.K. communication service providers (via a U.S. court order).

Any request for data must be made under an authorisation in accordance with the legislation of the country making the request and will be subject to independent oversight or review by a court, judge, magistrate or other independent authority, per the announcement.

The U.K. also says specifically that it has obtained “assurances” which are in line with the government’s continued opposition to the death penalty in all circumstances. Which is only mildly reassuring given the home secretary’s previous views on the topic.

Advertisement

The announcement also makes a point of noting the data access agreement does not change anything about how companies can use encryption — nor prevent them from encrypting data.

For interfering with proper encryption the plan among this trio of signals intelligence allies is, seemingly, to reach for the old PR lever and apply public pressure. So, yeah, here we go again.

NEWS

Google December Product Reviews Update Affects More Than English Language Sites? via @sejournal, @martinibuster

Published

on

Google’s Product Reviews update was announced to be rolling out to the English language. No mention was made as to if or when it would roll out to other languages. Mueller answered a question as to whether it is rolling out to other languages.

Google December 2021 Product Reviews Update

On December 1, 2021, Google announced on Twitter that a Product Review update would be rolling out that would focus on English language web pages.

The focus of the update was for improving the quality of reviews shown in Google search, specifically targeting review sites.

A Googler tweeted a description of the kinds of sites that would be targeted for demotion in the search rankings:

“Mainly relevant to sites that post articles reviewing products.

Think of sites like “best TVs under $200″.com.

Goal is to improve the quality and usefulness of reviews we show users.”

Advertisement

Advertisement

Continue Reading Below

Google also published a blog post with more guidance on the product review update that introduced two new best practices that Google’s algorithm would be looking for.

The first best practice was a requirement of evidence that a product was actually handled and reviewed.

The second best practice was to provide links to more than one place that a user could purchase the product.

The Twitter announcement stated that it was rolling out to English language websites. The blog post did not mention what languages it was rolling out to nor did the blog post specify that the product review update was limited to the English language.

Google’s Mueller Thinking About Product Reviews Update

Screenshot of Google's John Mueller trying to recall if December Product Review Update affects more than the English language

Screenshot of Google's John Mueller trying to recall if December Product Review Update affects more than the English language

Product Review Update Targets More Languages?

The person asking the question was rightly under the impression that the product review update only affected English language search results.

Advertisement

Advertisement

Continue Reading Below

But he asserted that he was seeing search volatility in the German language that appears to be related to Google’s December 2021 Product Review Update.

This is his question:

“I was seeing some movements in German search as well.

So I was wondering if there could also be an effect on websites in other languages by this product reviews update… because we had lots of movement and volatility in the last weeks.

…My question is, is it possible that the product reviews update affects other sites as well?”

John Mueller answered:

“I don’t know… like other languages?

My assumption was this was global and and across all languages.

But I don’t know what we announced in the blog post specifically.

Advertisement

But usually we try to push the engineering team to make a decision on that so that we can document it properly in the blog post.

I don’t know if that happened with the product reviews update. I don’t recall the complete blog post.

But it’s… from my point of view it seems like something that we could be doing in multiple languages and wouldn’t be tied to English.

And even if it were English initially, it feels like something that is relevant across the board, and we should try to find ways to roll that out to other languages over time as well.

So I’m not particularly surprised that you see changes in Germany.

But I also don’t know what we actually announced with regards to the locations and languages that are involved.”

Does Product Reviews Update Affect More Languages?

While the tweeted announcement specified that the product reviews update was limited to the English language the official blog post did not mention any such limitations.

Google’s John Mueller offered his opinion that the product reviews update is something that Google could do in multiple languages.

Advertisement

One must wonder if the tweet was meant to communicate that the update was rolling out first in English and subsequently to other languages.

It’s unclear if the product reviews update was rolled out globally to more languages. Hopefully Google will clarify this soon.

Citations

Google Blog Post About Product Reviews Update

Product reviews update and your site

Google’s New Product Reviews Guidelines

Write high quality product reviews

John Mueller Discusses If Product Reviews Update Is Global

Watch Mueller answer the question at the 14:00 Minute Mark

[embedded content]

Searchenginejournal.com

Continue Reading

DON'T MISS ANY IMPORTANT NEWS!
Subscribe To our Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

Trending

en_USEnglish