Justice Department officials have long pushed for some sort of backdoor to permit warranted surveillance and searches of encrypted communications. Recently, that push has been taken international with Attorney General William Barr and his counterparts from the United Kingdom and Australia making an open plea to Facebook to delay plans to use end-to-end encryption across all the company’s messaging tools.
Now, the Department of Justice and Federal Bureau of Investigations are attempting to get an even larger international consensus on banning end-to-end encryption by way of a draft resolution authored by officials at the FBI for the International Criminal Police Organization’s 37th Meeting of the INTERPOL Specialists Group on Crimes against Children. The event took place from November 12 to November 15 at the INTERPOL headquarters in Lyon, France.
A draft of the resolution viewed by Ars Technica stated that INTERPOL would “strongly urge providers of technology services to allow for lawful access to encrypted data enabled or facilitated by their systems” in the interest of fighting child sexual exploitation. Currently, it is not clear whether Interpol will issue a statement.
The draft resolution went on to lay responsibility for child exploitation upon the tech industry:
The current path towards default end-to-end encryption, with no provision for lawful access, does not allow for the protection of the world’s children from sexual exploitation. Technology providers must act and design their services in a way that protects user privacy, on the one hand, while providing user safety, on the other hand. Failure to allow for Lawful Access on their platforms and products, provides a safe haven to offenders utilizing these to sexually exploit children, and inhibits our global law enforcement efforts to protect children.
Attendees of the conference told Ars that the resolution’s statement was due to be published this week. But in an email to the New York Times’ Nicole Perlroth, an INTERPOL spokesperson denied that the resolution was considered:
Interpol telling me this Reuter’s story is inaccurate:
Dear Ms Perlroth,
As per our statement there are, and were, no plans at this time for the INTERPOL General Secretariat to issue a statement in relation to encryption.
— Nicole Perlroth (@nicoleperlroth) November 18, 2019
Ars requested comment from an FBI official and has not yet received a response.
In a statement that flies in the face of the consensus of cryptographers and other technical experts, the draft resolution asserted that “technologists agree” that designing systems to “[allow] for lawful access to data, while maintaining customer privacy…can be implemented in a way that would enhance privacy while maintaining strong cyber security.” In order to “honor and enforce” standards for prohibiting the distribution of “child sexual abuse material,” the draft resolution states, “providers should fully comply with court orders authorizing law enforcement agencies access to data related to criminal investigations involving the sexual exploitation of children.”
Facebook and other companies currently comply with warranted requests for data under the terms of the CLOUD Act—a law passed in 2018 that requires technology companies to provide data requested by warrant or subpoena to law enforcement, regardless of where in the world it is stored. But the officials behind this draft resolution claim such compliance cannot be achieved while allowing end-to-end encryption of communications.
As Barr and his compatriots noted in their October letter to Facebook, Facebook’s ability to run analytics on and moderate content within users’ communications amounted to 90 percent of the reports of child pornography to the National Center for Missing and Exploited Children in 2018. By providing end-to-end encryption, officials contend, Facebook would essentially allow future child pornography distribution to “go dark” and prevent law enforcement from gathering evidence against suspects.
Today, there’s little evidence that encryption has been a major impediment to interception of communications by law enforcement to date. According to statistics from the Administrative Office of the US Courts, out of a total of 2,937 wiretaps in 2018, only 146 were encrypted—and of those, only 58 could not be decrypted.
Facebook has already deployed end-to-end encryption in products such as WhatsApp and Facebook Messenger (though Messenger does not provide end-to-end encryption by default). In response to Barr’s letter, Facebook officials responded:
End-to-end encryption already protects the messages of over a billion people every day. It is increasingly used across the communications industry and in many other important sectors of the economy. We strongly oppose government attempts to build backdoors because they would undermine the privacy and security of people everywhere.
As Ars has repeatedly reported, many experts in the field of cryptography and security agree with Facebook’s assessment. The security community has largely opposed most of the pushes for encryption backdoors on the grounds that any secret “golden key” to decrypt encrypted messages would be technically infeasible—and potentially exploitable by malicious third parties.