Court Says DOJ's Attempt To Force Facebook To Break Encryption Can Remain Under Seal

from the thanks-for-sticking-up-for-the-millions-of-little-guys dept

Late last summer, the DOJ attempted to get a court to force Facebook to break encryption on its Messenger service so investigators could tap into phone calls being made by criminal suspects. Facebook responded that doing so would fundamentally alter the way Messenger works. The request was a non-starter according to Facebook. According to the DOJ, it was nothing more than asking a few smart people to do a few smart things, so the burden Facebook complaints about "burdensome requests" was overstated.

A couple of months later, the DOJ had again failed to obtain favorable anti-encryption precedent. The underlying documents remain under seal, but sources "close to the case" had indicated the court had sided with Facebook.

The secret litigation over software alterations that would affect millions of Facebook users continues. Messenger's encryption is no longer at stake -- at least not for the time being -- but the government still wants the public to stay out of its private discussions with our federal court system.

Petitions have been filed by a number of rights groups and journalists to have these documents unsealed. According to the latest Reuters report on this legal battle, the federal court in California is siding with the government on this issue.

Groups including the American Civil Liberties Union argued that the public’s right to know the state of the law on encryption outweighed any reason the U.S. Justice Department might have for protecting a criminal probe or law-enforcement method.

The Washington Post newspaper also filed a legal brief to unseal the records.

However, U.S. District Judge Lawrence O’Neill in Fresno ruled that the documents described sensitive law enforcement techniques and releasing a redacted version would be impossible.

The petitioners aren't just fighting the DOJ and its likely overstated fears about exposing internet wiretap orders and their innards. They're also fighting against the social media giant which feels unsealing the documents would allow its competitors to walk away with handfuls of trade secrets. From the order [PDF]:

Facebook’s assertion that its internal processes that were the subject of the Government’s motion constituted trademark and protected material and information, and that public disclosure would provide such protected information to competitors, thereby jeopardizing substantial business quality, productivity, and profit, was legitimate, true, and reasonable…

Facebook is receptive of releasing redacted documents, though. The government doesn't want anything released. And the court -- citing the apparently ongoing investigation -- agrees that even a redacted release would harm the government's interest in preserving its investigative trade secrets.

That may be the temporary answer but it can't be the final, permanent answer. The investigation can't last forever and attempts to break encryption on communication tools millions of Americans use shouldn't be kept secret by the nation's courts, who have some obligation to keep the public informed of government means and methods that affect their everyday life.

Filed Under: backdoors, doj, encryption, facebook messenger, secrecy
Companies: facebook


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Matthew Cline (profile), 25 Feb 2019 @ 3:31am

    The investigation can't last forever

    However, the "investigative techniques" the DoJ is seeking to protect can last longer than any particular investigation, so we probably won't find out about them until either they become obsolete or someone leaks them.

    According to the DOJ, it was nothing more than asking a few smart people to do a few smart things, so the burden Facebook complaints about "burdensome requests" was overstated.

    How exactly does one go about arguing against an order to "nerd harder" when the order itself is secret? In normal circumstances you could call in expert witnesses to explain, but when the order is secret is it possible to bring swear a witness to secrecy so they can be let in on it? Or do you have to hope that one of the hypotheticals experts have publicly argued against happens to be exactly what the DoJ is secretly asking for?

    reply to this | link to this | view in chronology ]

    • icon
      Mason Wheeler (profile), 25 Feb 2019 @ 7:45am

      Re:

      Your question assumes that arguing against it is a desired outcome. :P

      reply to this | link to this | view in chronology ]

    • icon
      James Burkhardt (profile), 25 Feb 2019 @ 9:17am

      Re:

      So, it does not appear that Facebook is unaware of the contents of the order, only that the documents and transcripts involved in this litigation are to remain under seal from the public. Nothing suggests Facebook was unaware of what actions the court was asking of it.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Feb 2019 @ 3:55am

    Why should a court case that potentially impacts everybody in the world be kept secret? It is as if the government knows that people will not agree with what they are trying to do.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Feb 2019 @ 4:17am

      Re:

      The court could just encrypt the documents and then release them.

      reply to this | link to this | view in chronology ]

    • identicon
      spodula, 25 Feb 2019 @ 5:06am

      Re:

      Because when everyone knows ewxactly what they are trying to do, everyone and their dog puts in an Amicus brief telling the court exactly why its a stupid idea.

      Its pretty much the only way certain varieties of police can hide dodgy requests things these days as even rubber-stamping judges seem to be getting thinner on the ground.

      reply to this | link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 25 Feb 2019 @ 12:44pm

      A lack of transparency indicates misconduct.

      Why should a court case that potentially impacts everybody in the world be kept secret? It is as if the government knows that people will not agree with what they are trying to do.

      It's because our government officials know the people will not agree with what they are trying to do.

      The public has been regarded by the DoJ as the enemy since 2001-09-11, if not before that.

      If we can't make massive reform of law enforcement and DoJ common practices, it will eventually become a self-fulfilling prophecy.

      reply to this | link to this | view in chronology ]

  • icon
    Flakbait (profile), 25 Feb 2019 @ 5:38am

    Mid-Term Exam

    1) Compare and contrast the following:

    Statement A: "However, U.S. District Judge Lawrence O’Neill in Fresno ruled that the documents described sensitive law enforcement techniques and releasing a redacted version would be impossible."

    Statement B: "Facebook responded that doing so would fundamentally alter the way Messenger works"

    Begin...

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Feb 2019 @ 6:05am

      Re: Mid-Term Exam

      Statement A, the government should be able to keep its activites private.

      Statement B: So should the citizens.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Feb 2019 @ 5:55am

    If they have done nothing wrong then they have nothing to hide....right?

    reply to this | link to this | view in chronology ]

    • icon
      Anonymous Anonymous Coward (profile), 25 Feb 2019 @ 6:35am

      Re:

      That is the same argument that Racine Wisconsin Sheriff’s Dept. Lt. Cary Madrigal used when describing how their new Cellebrite tool could help innocent people prove their innocence.. It seems that both U.S. District Judge Lawrence O’Neill in Fresno California, and Lt. Cary Madrigal have forgotten that people are innocent until proven guilty, and that even law enforcement agencies work for the people, not the government.

      I also wonder at Facebook's contention that some 'valuable trade secrets' exist in their implementation of the Messenger app. Other than the actual encryption algorithm, just how many ways are there to implement encrypted messaging, and how could any of them be actual secrets?

      reply to this | link to this | view in chronology ]

      • icon
        Matthew Cline (profile), 25 Feb 2019 @ 7:32am

        Re: Re:

        Other than the actual encryption algorithm, just how many ways are there to implement encrypted messaging, and how could any of them be actual secrets?

        The details of a protocol for passing and verifying messages with end-to-end encryption can be done in lots of different ways, though at a broad level there aren't that many ways to do it properly. It might be possible for someone to come up with some clever new twist to it, but if it really was a new twist that no one else had thought of then it'd be a prime candidate for a patent, rather than using a trade secret. Possibilities for claiming a trade secret:

        1. The executive in charge of the situation just reflexively claims trade secrets for everything.
        2. The executive in charge believes in security through obscurity, despite everything the engineers say.
        3. They've realized that there's some weakness in the security of the protocol, a weakness which shows up in the court filings. If they change the protocol to fix it this would somehow reveal the weakness of the original protocol, and rather than get the certain hit to their reputation for revealing that they'd rather do nothing and hope that no security researcher ever notices.
        4. Something in the court filings reveals that they've implemented their protocol in a way that lets them harvest more metadata than people might expect, and they don't want to reveal this.

        And about the encryption algorithm used: they'd use an existing algorithm which has been vetted by security experts, as you'd have to be a complete noob in security to roll your own encryption algorithm. (Of course, maybe they were a complete noob and that's what they want to hide)

        reply to this | link to this | view in chronology ]

        • icon
          JoeCool (profile), 25 Feb 2019 @ 8:15am

          Re: Re: Re:

          though at a broad level there aren't that many ways to do it properly.

          This is the crux of the matter and why it must be kept secret. Certain things can only be done PROPERLY in a few ways, and all those ways have been patented to the moon and back. They wish to avoid drawing the patent vultures down on them if the method they use becomes known and is covered by someone's worthless patent. While it's kept secret, they can claim it's proprietary and doesn't violate anyone's precious IP. While they could probably fight it successfully, it's years in court and millions of dollars they'd rather not spend.

          reply to this | link to this | view in chronology ]

          • icon
            Mason Wheeler (profile), 25 Feb 2019 @ 8:57am

            Re: Re: Re: Re:

            Except that software patents aren't considered valid anymore.

            reply to this | link to this | view in chronology ]

            • icon
              Thad (profile), 25 Feb 2019 @ 9:09am

              Re: Re: Re: Re: Re:

              That's not really true.

              While the Alice decision greatly restricted software patents, it didn't invalidate them entirely. Alice rejected the idea of trivial "do it on a computer" patents, not software patents in general.

              Indeed, two years after Alice, the Supreme Court issued a narrow ruling in Samsung v Apple that the $400M award of damages was invalid -- but that was on the basis that the award was determined using the wrong standard, not on the basis that Apple's design patents were invalid. The case was sent back to the lower courts to establish damages under the correct standard (and of course Apple and Samsung eventually settled).

              If Alice had established that software patents are invalid, then SCOTUS wouldn't have sent Samsung v Apple back to a lower court to reassess damages; it would have ruled that Apple's design patents were invalid and Samsung didn't owe any damages at all.

              reply to this | link to this | view in chronology ]

            • icon
              JoeCool (profile), 25 Feb 2019 @ 4:10pm

              Re: Re: Re: Re: Re:

              All issued software patents are still valid until ruled invalid, either by a court, or by the USPTO in a re-examination. So the vultures still sue over worthless patents, and badger smaller companies into paying for invalid patents. We see plenty of this in articles here all the time. We're seeing more people fighting and winning, yes, but they still have to FIGHT, which is still expensive. And that is my point - Facebook would rather save the money a fight would cost, even though they'd probably win it. It's cheaper to keep it all secret and avoid the court battle altogether.

              reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 25 Feb 2019 @ 7:42am

    'Public interest', what's that?

    Fair enough, I mean it's not like an attempt at undermining security of something that millions of people use is something that the public would very much have interest and stake in.

    No no, clearly 'National Security: Be Afraid' as always trumps all, and if people with badges say that it would be bad for them if something were made public then the judge has no choice but to accept it as factual.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Feb 2019 @ 8:46am

    Any technique can be used by good actors and bad actors. If it needs to be kept secret then it is fixable. Facebook has a security hole, the government has found it, and they are using their powers to keep Facebook from fixing it.

    Now put on your tin foil hat and imagine that someone who knows what the hole is decides to share this information with a foreign government...

    reply to this | link to this | view in chronology ]

    • icon
      Mason Wheeler (profile), 25 Feb 2019 @ 8:58am

      Re:

      Facebook has a security hole, the government has found it, and they are using their powers to keep Facebook from fixing it.

      That's not what the article said. It said that the government wants to require Facebook to create a security hole that does not currently exist.

      reply to this | link to this | view in chronology ]

  • icon
    Boba Fat (profile), 25 Feb 2019 @ 1:04pm

    Can't it?

    The investigation can't last forever and attempts to break encryption on communication tools millions of Americans use shouldn't be kept secret by the nation's courts, who have some obligation to keep the public informed of government means and methods that affect their everyday life.

    Bet you a dollar?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Feb 2019 @ 7:24pm

    end2end2end2end encryption and broken nomenclature.

    This is a legitimate court case, which will affect precedent case law, and therefore something certainly worth reporting on; but the odd lack of skepticism in these sort of articles is troubling.

    The idea that FB genuinely wants to protect privacy, and the DOJ is incapable of hacking one of the most widely used communications tools- it feels like someone is trying to sell me a bridge; and doing a poor job of it at that. Both those things are exactly what those groups would want me to believe.

    Apple, Microsoft, and Google have all tortured the definition of "end to end encryption" to the point of near meaninglessness. Spoiler: If there are remote recovery options for the data, it's not really 'end to end' unless you legitimately consider those corporations (and any group who gains access to their infrastructure) to be one of those ends...

    I don't care enough to check- but maybe someone else who knows could chime in- Does FB's messenger thing have recovery options? ...I bet it does...

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 26 Feb 2019 @ 7:02am

      Re: end2end2end2end encryption and broken nomenclature.

      This is a legitimate court case

      Debatable.

      the odd lack of skepticism in these sort of articles is troubling. The idea that FB genuinely wants to protect privacy

      I think perhaps you misunderstand some of the points being made here.

      The article is not extolling Facebook as some paragon of user privacy protection, TD has written MANY articles at how incredibly BAD Facebook is at protecting and handling user privacy.

      This article is not about how good or bad Facebook is at privacy, this article is about the government not wanting ANYONE to have ANY privacy if they decide they want to look at your stuff. It's about the government trying to backdoor every communication system that even remotely tries to encrypt data to give users the real or perceived presumption of privacy. The fact that this is Facebook in this case is irrelevant. It could be Lavasoft, Google, Microsoft, Apple, etc..., it wouldn't change the thrust of the article, which is the government wants backdoors to all encrypted communications AND doesn't want the public to know that's what they are trying to do.

      In that sense, Facebook is playing the role of protecting user privacy and trying to prevent a bad precedent for government overreach. Whether their technical systems are actually any good at protecting user privacy is completely irrelevant because this is all about government wanting something they shouldn't have and a company saying "No, you're wrong and we're going to fight you on this".

      DOJ is incapable of hacking one of the most widely used communications tools- it feels like someone is trying to sell me a bridge

      If done right, they should be incapable of hacking it. Proper end-to-end encryption is nigh uncrackable. But, again, that's not the point here. Hacking Facebook's systems would be illegal and if discovered and brought to light, would continue to swing public opinion and law precedent against government access. So they are trying to play nice and secure the precedent to FORCE companies to hand over private user data, without having to resort to hacking or cracking it.

      Apple, Microsoft, and Google have all tortured the definition of "end to end encryption" to the point of near meaninglessness. Spoiler: If there are remote recovery options for the data, it's not really 'end to end'

      Not technically true. No, those companies haven't really done a great job of implementing end to end encryption, but to my knowledge, none of them have actually claimed that their systems are end-to-end encrypted. So I wouldn't say they've tortured the definition, they just haven't done but at least have been honest that they haven't done it.

      Also, you can have remote recovery options for data and still be end-to-end encrypted. You can export or upload the encrypted data after it's reached it's destination. It's still encrypted and if anyone gets a hold of it without the decryption keys, it will still be garbage to them. Encrypted backups are totally a thing and pretty common.

      Does FB's messenger thing have recovery options? ...I bet it does...

      No idea, I rarely use it myself but since the data is all stored in the cloud, I'm going to guess yes?

      reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.