Data Privacy Matters: Facebook Expands Encryption Just After Facebook Messages (Obtained Via Search Warrant) Used To Charge Teen For Abortion
from the encrypt-all-the-things dept
In the wake of the Dobbs decision overturning Roe v. Wade, there has been plenty of attention paid to the kinds of data that companies keep on us, and how they could be exposed, including to law enforcement. Many internet companies seemed somewhat taken by surprise regarding all of this, which is a bit ridiculous, given that (1) they had plenty of time to prepare for this sort of thing, and (2) it’s not like plenty of us haven’t been warning companies about the privacy problems of having too much data.
Anyway, this week, a story broke that is re-raising many of these concerns, as it’s come out that a teenager in Nebraska has been charged with an illegal abortion, after Meta turned over messages on Facebook Messenger pursuant to a search warrant, which was approved following an affidavit from Norfolk Police Detective Ben McBride.
This is raising all sorts of alarms, for all sorts of good reasons. While many are blaming Meta, that’s somewhat misplaced. As the company notes (and as you can confirm by looking at the linked documents above), the search warrant that was sent to the company said it was an investigation into the illegal burning and burial of a stillborn infant, not something to do with abortion. Given that, it’s not difficult to see why Meta provided the information requested.
Of course, there’s a bigger question here: which is about why Meta should even have access to that information in the first place. And, it appears that Meta agrees. Just days after this all came out, the company announced that it is (finally) testing a much more encrypted version of Messenger (something the company has been talking about for a while, but which has proven more complicated to implement). The new features include encrypted backups of messages and also making end-to-end encrypted chats the default for some users.
While the timing is almost certainly a coincidence, many observers are making the obvious connection to this story.
While the Nebraska story is horrifying in many ways, it’s also a reminder of why full end-to-end encryption is so incredibly important, and how leaving unencrypted data with third parties means your data is always, inherently at risk.
Arguably, Facebook should have encrypted its messaging years ago, but it’s been a struggle for a variety of reasons, as Casey Newton laid out in a fascinating piece. Facebook has certainly faced technical challenges and (perhaps more importantly) significant political pushback from governments and law enforcement who like the ability to snoop on everyone.
But also part of the problem is the end users themselves:
The first is that end-to-end encryption can be a pain to use. This is often the tradeoff we make in exchange for more security, of course. But average people may be less inclined to use a messaging app that requires them to set a PIN to restore old messages, or displays information about the security of their messages that they find confusing or off-putting.
The second, related challenge is that most people don’t know what end-to-end encryption is. Or, if they’re heard of it, they might not be able to distinguish it from other, less secure forms of encryption. Gmail, among many other platforms, encrypts messages only when a message is in transit between Google’s servers and your device. This is known as transport layer security, and it offers most users good protection, but Google — or law enforcement — can still read the contents of your messages.
Meta’s user research has shown that people grow concerned when you tell them you’re adding end-to-end encryption, one employee told me, because it scares them that the company might have been reading their messages before now. Users also sometimes assume new features are added for Meta’s benefit, rather than their own — that’s one reason the company labeled stored-message feature “secure storage,” rather than “automatic backups,” so as to emphasize security in the branding.
It’s also interesting to note that Casey’s piece says that Meta’s user survey found that most of their users don’t think encrypting their own data is that much of a priority, as they’re just not that concerned. This does not surprise me at all — as we’ve now had decades of revealed preferences that show that, contrary to what many in the media suggest, most people don’t actually care that much about their privacy.
And, yet, as this story shows, they really should. But if we’ve learned anything over the past couple decades, no amount of horror stories about revealed data will convince the majority of people to take proactive steps to better secure their data. So, on that front, it’s actually a positive move that Meta is pushing forward with effectively moving people over to fully encrypted messaging — hopefully in a user-friendly manner.
Data privacy does matter, and the answer to it has to come from making it widely available in a consumer friendly version — even when that’s a really difficult challenge. Laws are not going to protect privacy. Remember, governments seem more interested in banning or breaking end-to-end encryption than encouraging it. And while perhaps the rise of data abuse post-Dobbs will expand the number of people who proactively seek to use encryption and take their own data privacy more seriously, history has shown that most people will still take the most convenient way forward.
And that means it’s actually good news that Facebook is finally moving forward with efforts to make that most convenient path… still end-to-end encrypted.
Filed Under: abortion, data, data privacy, encrypted backups, encryption, end to end encryption, facebook messenger, privacy
Companies: facebook, meta
Comments on “Data Privacy Matters: Facebook Expands Encryption Just After Facebook Messages (Obtained Via Search Warrant) Used To Charge Teen For Abortion”
Good encryption
Encryption has so many ways to be cracked, But also can only be created in certain ways.
Using hardware means you have to have very Equal/like machines that think/Add/this and that, the same. Other wise you get Things messed up. Software can be read and diagnosed, and you can find a way to reverse the encryption.
Using 2 keys to encrypt a msg, is great as long as no one has the 2 programs or the keys. And a key should be made when the program is installed, Every time its installed. Which can be a hassle if you loose the first install, as every install has a new key.
But anything you can do, Laws and regulators, state and fed, and try to undo.
Re:
What??
Relying on nobody else having the software is security by obscurity.
I found it interesting how many people thought that FB could refuse, like they’ve never heard about how courts & the law work.
Its truly shitty that they got the information but what was the lesson from Jan 6??
That right if you are going to crime don’t post it on FB.
It is truly saddening that a young woman felt her only possible option was to secretly acquire & use pills to end an unwanted abortion. But this has nothing to do with the fact there was a lawful warrant that FB complied with. There were no grounds for them to challenge it…
If what happened here upsets you, vote for those who support abortion rights & demand the government get out of your very personal decisions.
But then corpses have more rights than women now in the land of the free.
Re:
And in the mean time, learn the meaning of “Jury Nullification”.
Re: Re: Jury nullification is the opposite of a panacea
Jury nullification is an unreliable tool. Jurors don’t have to be informed that jury nullification exists, and knowing about jury nullification can get jury candidates removed from a case (and, rarely, de facto disqualified from jury service in the future). Moreover, the jury selection process is somewhat biased against people with greater technical knowledge or knowledge of laws.
Most people know little about jury nullification. Those who do sometimes get kicked out. And not all of the ones left may have the guts to exercise the implied right to jury nullification even if they disagree with the expected verdict. Courts have made it as hard as constitutionally possible to use it.
CGP Grey’s video on jury nullification: https://www.youtube.com/watch?v=uqH_Y1TupoQ
Disclaimers:
1. Please don’t attempt to get out of jury duty. Some of the people in the comments of the video I linked are deplorable on this matter.
2. Jury nullification is the last line of defense against out-of-touch lawmakers and corrupt judges. The US constitution grants this power, so use it wisely, but don’t be surprised if you get no chances to.
Re: Re: Re:
…and knowing about jury nullification can get jury candidates removed from a case (and, rarely, de facto disqualified from jury service in the future).
Er, no. Jurors have to actually engage in jury nullification to be disqualified from jury service, not merely know about it. Also, since jury nullification occurs at the end of a trial by definition, any jury would be dismissed at that point whether or not they engaged in jury nullification.
Re: Re: Re:2
I think you missed the point, knowing about jury nullification and admitting it to the defense/prosecution during the jury selection may make either or both of them see you as an unsuitable juror.
Re: Re:
And in the meantime are you willing to pay their legal fees to attempt to fight this??
When your only hope is jury nullification, in a state that passed very restrictive abortion laws, yeah you comply.
While we want to to fight for us, we should never expect them to.
Re:
It is truly saddening that a young woman felt her only possible option was to secretly acquire & use pills to end an unwanted abortion.
o.O Did you mean “unwanted pregnancy”?
Re: Re:
My brain sometimes glitches.
This was one of those glitches.
Facebook aided the government of Singapore in “defamation lawsuits”.
I can’t trust the entire company, since now they have precedent in Singapore to comply with the Singapore government in whatever totalitarian bullshit they want to enforce.
This also extends to WhatsApp as well.