Court Says DOJ's Attempt To Force Facebook To Break Encryption Can Remain Under Seal

from the thanks-for-sticking-up-for-the-millions-of-little-guys dept

Late last summer, the DOJ attempted to get a court to force Facebook to break encryption on its Messenger service so investigators could tap into phone calls being made by criminal suspects. Facebook responded that doing so would fundamentally alter the way Messenger works. The request was a non-starter according to Facebook. According to the DOJ, it was nothing more than asking a few smart people to do a few smart things, so the burden Facebook complaints about "burdensome requests" was overstated.

A couple of months later, the DOJ had again failed to obtain favorable anti-encryption precedent. The underlying documents remain under seal, but sources "close to the case" had indicated the court had sided with Facebook.

The secret litigation over software alterations that would affect millions of Facebook users continues. Messenger's encryption is no longer at stake -- at least not for the time being -- but the government still wants the public to stay out of its private discussions with our federal court system.

Petitions have been filed by a number of rights groups and journalists to have these documents unsealed. According to the latest Reuters report on this legal battle, the federal court in California is siding with the government on this issue.

Groups including the American Civil Liberties Union argued that the public’s right to know the state of the law on encryption outweighed any reason the U.S. Justice Department might have for protecting a criminal probe or law-enforcement method.

The Washington Post newspaper also filed a legal brief to unseal the records.

However, U.S. District Judge Lawrence O’Neill in Fresno ruled that the documents described sensitive law enforcement techniques and releasing a redacted version would be impossible.

The petitioners aren't just fighting the DOJ and its likely overstated fears about exposing internet wiretap orders and their innards. They're also fighting against the social media giant which feels unsealing the documents would allow its competitors to walk away with handfuls of trade secrets. From the order [PDF]:

Facebook’s assertion that its internal processes that were the subject of the Government’s motion constituted trademark and protected material and information, and that public disclosure would provide such protected information to competitors, thereby jeopardizing substantial business quality, productivity, and profit, was legitimate, true, and reasonable…

Facebook is receptive of releasing redacted documents, though. The government doesn't want anything released. And the court -- citing the apparently ongoing investigation -- agrees that even a redacted release would harm the government's interest in preserving its investigative trade secrets.

That may be the temporary answer but it can't be the final, permanent answer. The investigation can't last forever and attempts to break encryption on communication tools millions of Americans use shouldn't be kept secret by the nation's courts, who have some obligation to keep the public informed of government means and methods that affect their everyday life.

Filed Under: backdoors, doj, encryption, facebook messenger, secrecy
Companies: facebook


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 26 Feb 2019 @ 7:02am

    Re: end2end2end2end encryption and broken nomenclature.

    This is a legitimate court case

    Debatable.

    the odd lack of skepticism in these sort of articles is troubling. The idea that FB genuinely wants to protect privacy

    I think perhaps you misunderstand some of the points being made here.

    The article is not extolling Facebook as some paragon of user privacy protection, TD has written MANY articles at how incredibly BAD Facebook is at protecting and handling user privacy.

    This article is not about how good or bad Facebook is at privacy, this article is about the government not wanting ANYONE to have ANY privacy if they decide they want to look at your stuff. It's about the government trying to backdoor every communication system that even remotely tries to encrypt data to give users the real or perceived presumption of privacy. The fact that this is Facebook in this case is irrelevant. It could be Lavasoft, Google, Microsoft, Apple, etc..., it wouldn't change the thrust of the article, which is the government wants backdoors to all encrypted communications AND doesn't want the public to know that's what they are trying to do.

    In that sense, Facebook is playing the role of protecting user privacy and trying to prevent a bad precedent for government overreach. Whether their technical systems are actually any good at protecting user privacy is completely irrelevant because this is all about government wanting something they shouldn't have and a company saying "No, you're wrong and we're going to fight you on this".

    DOJ is incapable of hacking one of the most widely used communications tools- it feels like someone is trying to sell me a bridge

    If done right, they should be incapable of hacking it. Proper end-to-end encryption is nigh uncrackable. But, again, that's not the point here. Hacking Facebook's systems would be illegal and if discovered and brought to light, would continue to swing public opinion and law precedent against government access. So they are trying to play nice and secure the precedent to FORCE companies to hand over private user data, without having to resort to hacking or cracking it.

    Apple, Microsoft, and Google have all tortured the definition of "end to end encryption" to the point of near meaninglessness. Spoiler: If there are remote recovery options for the data, it's not really 'end to end'

    Not technically true. No, those companies haven't really done a great job of implementing end to end encryption, but to my knowledge, none of them have actually claimed that their systems are end-to-end encrypted. So I wouldn't say they've tortured the definition, they just haven't done but at least have been honest that they haven't done it.

    Also, you can have remote recovery options for data and still be end-to-end encrypted. You can export or upload the encrypted data after it's reached it's destination. It's still encrypted and if anyone gets a hold of it without the decryption keys, it will still be garbage to them. Encrypted backups are totally a thing and pretty common.

    Does FB's messenger thing have recovery options? ...I bet it does...

    No idea, I rarely use it myself but since the data is all stored in the cloud, I'm going to guess yes?


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.