As Germany Floats The Idea Of Encryption Backdoors, Facebook May Already Be Planning To Undermine Its Own Encryption

The German government's desire to mandate backdoors in encrypted communications had barely been expressed when it was discovered Facebook might be willing to let them do exactly such a thing.

The German proposal is nowhere near ready to become law but the gist of it is this: it's too difficult to break into encrypted devices so maybe tech companies could just start storing encrypted communications in plain text... just in case these agencies ever need to access them. Sure, encryption makes things more secure but it's just creating some sort of criminal/terrorist Wild West and we can't have that -- even when that doesn't actually appear to be happening.

Facebook may already be making backdoored communications a reality. This isn't happening because it wants to be the inflection point for undermining encryption but because it really, really wants to keep accessing users' communications for its own purposes. Kalev Leetaru of Forbes points out Facebook put its encryption-undermining plans on display earlier this year, while discussing its plans to address another request being made by multiple governments: content moderation.

Touting the importance of edge content moderation, Facebook specifically cited the need to be able to scan the unencrypted contents of users' messages in an end-to-end encrypted environment to prevent them from being able to share content that deviated from Facebook's acceptable speech guidelines.

[...]

Even more worryingly, Facebook's presentation alluded to the company's need to covertly harvest unencrypted illicit messages from users' devices without their knowledge and before the content has been encrypted or after it has been decrypted, using the client application itself to access the encrypted-in-transit content.

If so, Facebook's proposed moderation efforts are encryption backdoors. If Facebook can access the content of encrypted communications, so can governments. And so can anyone else who can access the "encryption removed here :)" point where Facebook grabs communications to monitor content and train its moderation AI.

At this point, this effort is still in the research phase. It has not been implemented yet, but once more governments realize the implications of this content moderation effort, pressure will be applied. And this pressure will be applied to all companies offering encrypted communications under the not-unreasonable theory that if Facebook can do it, anyone can do it. Those refusing to comply with backdoor demands will have Facebook's efforts used against them during legislative sessions and criminal prosecutions.

The argument against backdoors isn't that they aren't technically possible. They are and always have been. The argument is that they make the encryption useless by converting the protection to an attack vector. Facebook's move may solve some of its own problems, but it will be sacrificing its users' security to appease ridiculous moderation demands being made by a handful of governments. And while these governments wring their hands about terrorist content, other governments unconcerned about terrorists or their content will be leaning on the company to grant them access to the communications of critics, dissidents, and activists.