BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

Facebook Is Already Working Towards Germany's End-to-End Encryption Backdoor Vision

Following
This article is more than 4 years old.

Getty

Speigel Online reported last week on comments by Germany’s Interior Minister Horst Seehofer proposing greater governmental access to end-to-end encrypted communications, such as those by WhatsApp and Telegram. While his comments represent merely one lawmaker's thoughts and the encryption community has vehemently objected to encryption backdoors and client application access, the reality is that at its annual conference earlier this month, Facebook previewed all of the necessary infrastructure to make Germany’s vision a reality and even alluded to the very issue of how Facebook’s own business needs present it with the need to be able to covertly access content directly from users’ devices that have been protected through end-to-end encryption. Could Germany’s backdoor vision be closer that we might imagine?

I have long suggested that the encryption debate would not be ended by forced vulnerabilities in the underlying communications plumbing but rather by monitoring on the client side and that the catalyst would be not governmental demands but rather the needs of companies themselves to continue their targeted advertisements, harvest training data for deep learning and combat terroristic speech and other misuse of their platforms. Moreover, merely breaking encryption would not offer nearly as many opportunities for mass societal-scale surveillance as monitoring on the edge.

While it was little noticed at the time, Facebook’s presentation on its work towards moving AI-powered content moderation from its data centers directly onto users’ phones presents a perfect blueprint for Seehofer's vision.

Touting the importance of edge content moderation, Facebook specifically cited the need to be able to scan the unencrypted contents of users’ messages in an end-to-end encrypted environment to prevent them from being able to share content that deviated from Facebook’s acceptable speech guidelines.

This would actually allow a government like Germany to proactively prevent unauthorized speech before it is ever uttered, by using court orders to force Facebook to expand its censorship list for German users of its platform.

Even more worryingly, Facebook’s presentation alluded to the company’s need to covertly harvest unencrypted illicit messages from users’ devices without their knowledge and before the content has been encrypted or after it has been decrypted, using the client application itself to access the encrypted-in-transit content.

While it stopped short of saying it was actively building such a backdoor, the company noted that when edge content moderation flagged a post in an end-to-end encrypted conversation as a violation, the company needed to be able to access the unencrypted contents to further train its algorithms, which would likely require transmitting an unencrypted copy from the user’s device directly to Facebook without their approval.

Could this be the solution Germany has been searching for?

While Facebook’s presentation reflected preliminary research rather than a production finished product, all of the necessary pieces of Germany’s desired surveillance platform are there.

In fact, by enabling the proactive censorship of speech before it is ever uttered, Facebook’s platform would actually go beyond the country’s wildest dreams.

Putting this all together, Facebook’s push towards content moderation on the edge is likely to have significant unintended consequences. By raising the specter of on-device content scanning for disallowed speech inside of end-to-end encrypted conversations and in particular sparking the idea of being able to silently harvest those decrypted conversations on the client side, Facebook is inadvertently telegraphing to anti-encryption governments that there are ways to bypass encryption while also bypassing the encryption debate.

In the end, it is almost a certainty that the days of being able to securely converse through end-to-end encryption are coming to a close as companies move their censorship and data harvesting and analysis to the edge.