To encrypt or not to encrypt?
That’s the hot-button topic pertaining to Facebook that is currently in the news.
Last week, U.S. Attorney General William Barr – joined by his Australian and British counterparts – sent a letter to Facebook CEO Mark Zuckerberg urging him to abandon plans to deploy strong encryption on all the Facebook-owned messaging services.
What does this mean?
UVA Today caught up with UVA media studies professor Siva Vaidhyanathan, author of the highly acclaimed book, “Antisocial Media: How Facebook Disconnects Us and Undermines Democracy,” to get to the bottom of the issue.
Q. For those who may not know, what, exactly, is encryption?
A. Encryption is just a fancy way of saying you are using code, like that simple code we learned as kids: Translating each letter to a number. If you know how the code works, you can decode it. If you don’t you can’t.
Computers can use mathematical algorithms to encode messages in complex, hard-to-crack, codes. The recipient of the message must have the “key” to decode the message and make it legible. Many major websites and internet services now use strong encryption to protect messages from snoopers. Without strong encryption we would not have good reasons to conduct financial transactions over our digital networks. So banks, credit card services, PayPal and Amazon all use strong encryption. Imagine how many things we could or would not do if we did not trust encryption.
Q. What are the dangers of strong encryption?
A. So while strong encryption makes banking and shopping more convenient, we must recognize that the same protections extend to those who wish to communicate about doing harm, yet keep their plans or content away from the prying eyes of law enforcement or intelligence. Unless you don’t take terrorism or child sexual abuse seriously, you can’t honestly assert that strong encryption is a universally good thing.
Just last week we saw a major investigative report from The New York Times that showed how common the distribution of video and images of children being sexually abused is. Those who hope to recruit new members to their networks of child abusers love the idea that strong encryption is becoming ubiquitous and easier to use. Terrorist networks and drug distributors are also thrilled.
Q. What are the dangers of weak encryption?
A. Every few years, as some new proposal to spread strong encryption to more commonly used services and devices comes out, law enforcement officials demand that technology companies supply officials with keys to the “back door” of secure services.
Attorney General William Barr did that just last week, in reaction to Facebook CEO Mark Zuckerberg’s plans to put strong encryption on Facebook Messenger and Instagram messaging services. That move would put the communication of more than 1.5 billion people under strong encryption.
That said, there are some lesser-known encrypted messaging services such as Telegram (popular in Iran) and Signal (used by technologists and journalists who work in dangerous places).
The greatest danger of weak or no encryption is in authoritarian states in which religious dissenters or political dissidents hope to communicate safely. If activists around the world could not use WhatsApp, an encrypted service owned by Facebook that serves about 1.6 billion people, many more would be tortured in prison camps than already are.
If law enforcement had the keys to back doors, it could abuse its powers.
Q. Why does Zuckerberg want strong encryption? Does he have any motivations that don’t meet the eye?
A. Zuckerberg has two motivations for encrypting all of his messaging services.
First, he might actually care about protecting dissidents and critics from abuse from authoritarian governments. Zuckerberg has long believed, against all evidence, that the more people use his services, the more the causes of democracy and civil liberties would be served. I wrote a whole book dismantling this myth. But I doubt Zuckerberg read it.
More likely, Zuckerberg looks out into the future and the world and sees only one serious rival to global domination. China-based WeChat works closely with the government of the People’s Republic of China, so it allows full state surveillance of users. WeChat offers many more built-in services than Facebook does. So for people who don’t know or care about keeping their business away from Chinese security services, WeChat is attractive – even necessary. What possible value could Facebook offer to distinguish it from WeChat? Well, if people do know and care about the dangers of state surveillance (especially a state that shows enthusiasm for putting Muslim and Christian activists into concentration camps), they might turn to Facebook over WeChat as WeChat moves beyond China to get more users.
Q. On the flip side, why does the U.S. government want to stop Zuckerberg from rolling out end-to-end encryption? Are there any underlying agendas there?
A. Barr is echoing the concerns of every U.S. attorney general and FBI director since the early 1990s, when the threat of encrypted communication first occurred to law enforcement. After all, the sort of wiretapping that brought down many organized crime syndicates in the 1990s could not happen if mobsters had used encrypted messaging.
Q. How do you see this playing out long-term?
A. We are in for a long rhetorical stalemate. The public arguments for and against strong encryption are no deeper than they were in the 1990s. But some things have changed.
Encryption used to be the sort of technology that only highly motivated experts could use. That meant that successful networks of criminals, terrorists, smugglers and child abusers were limited to those who knew enough to deploy the then-hard-to-use encryption services. So I fear that the jump from small, discrete communication networks to all regular Facebook Messenger users (again, more than 1.5 billion people) is likely to make recruitment easier.
We have already seen how the use of WhatsApp and its strong encryption have facilitated the spread of noxious, radical messages in India and Brazil, generating violence in India. We should be wary about this spread of easy-to-use strong encryption. Barr did not make this argument. But the rest of us should consider it.
There are no easy answers to this issue. There are no cost-free decisions. Someone will be hurt because of the spread of strong encryption to most Facebook users who don’t otherwise use it. Others will be protected like never before. Nothing will ever be the same. But it looks like there is no going back.