(U.S. Attorney General William) Barr and other law enforcement officials in the United States, Britain and Australia are asking the technology company to scrap its much-touted plan to make all of its messaging services end-to-end encrypted by default, BuzzFeed reported last week. The move is likely the first salvo in a broader fight against programs that put users’ communications out of government’s reach – a trend that Barr this summer called “unacceptable” and “exceptionally dangerous.”
But leaving consumers’ information unprotected is dangerous, too. The officials say in their letter that they support a “means for lawful access,” otherwise known as a “backdoor” for authorities to enter when they come knocking with a warrant. The problem is, a door for U.S. authorities could be a door for everyone else. And everyone else wants in.
Services such as WhatsApp operate with a universal code, which means the moment the United States is offered a security workaround, the leaders of countries far less free will start asking for similar treatment. Egypt, the New York Times recently reported, has been conducting sophisticated cyberattacks on its opposition politicians and civil society. Devices can be altered for individual markets, but that doesn’t mean building intentional vulnerabilities is wise. Last week, Microsoft revealed that the Iranian government had attempted to breach email accounts belonging to a U.S. presidential campaign. Create a “golden key” for the good guys here, and hackers might find ways to unlock whatever they wish.
Barr’s concerns are legitimate. Criminals take advantage of these systems to conduct their business in the dark, and some of that business, such as child exploitation imagery, is repugnant. There is a trade-off between security and safety. But the trade-off need not be absolute. Solutions might vary depending on the abuse being targeted, and each possibility comes with narrower trade-offs of its own. Forwarding limits could stop disinformation from going viral; filtering tools could conceivably allow users to reject flagged material from being sent to them or prevent some material from being sent altogether. Some believe the way forward for criminal investigations is to permit court-compelled device unlocking for suspects in custody; others believe lawful hacking is the answer. But preventing end-to-end encryption entirely would be a mistake.