Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Encryption Facebook

Is Facebook Already Working On An Encryption Backdoor? (forbes.com) 79

Horst Seehofer, Germany's federal interior minister, wants to require encryption companies to provide the government with plain text transcripts. One security expert says Facebook is already working on a way to make it happen.

An anonymous reader quotes his remarks in Forbes: The reality is that at its annual conference earlier this month, Facebook previewed all of the necessary infrastructure to make Germany's vision a reality and even alluded to the very issue of how Facebook's own business needs present it with the need to be able to covertly access content directly from users' devices that have been protected through end-to-end encryption...

While it was little noticed at the time, Facebook's presentation on its work towards moving AI-powered content moderation from its data centers directly onto users' phones presents a perfect blueprint for Seehofer's vision. Touting the importance of edge content moderation, Facebook specifically cited the need to be able to scan the unencrypted contents of users' messages in an end-to-end encrypted environment to prevent them from being able to share content that deviated from Facebook's acceptable speech guidelines. This would actually allow a government like Germany to proactively prevent unauthorized speech before it is ever uttered, by using court orders to force Facebook to expand its censorship list for German users of its platform.

Even more worryingly, Facebook's presentation alluded to the company's need to covertly harvest unencrypted illicit messages from users' devices without their knowledge and before the content has been encrypted or after it has been decrypted, using the client application itself to access the encrypted-in-transit content. While it stopped short of saying it was actively building such a backdoor, the company noted that when edge content moderation flagged a post in an end-to-end encrypted conversation as a violation, the company needed to be able to access the unencrypted contents to further train its algorithms, which would likely require transmitting an unencrypted copy from the user's device directly to Facebook without their approval.

Could this be the solution Germany has been searching for?

The article warns that by "sparking the idea of being able to silently harvest those decrypted conversations on the client side, Facebook is inadvertently telegraphing to anti-encryption governments that there are ways to bypass encryption while also bypassing the encryption debate."
This discussion has been archived. No new comments can be posted.

Is Facebook Already Working On An Encryption Backdoor?

Comments Filter:
  • Comment removed (Score:5, Interesting)

    by account_deleted ( 4530225 ) on Sunday June 02, 2019 @02:46AM (#58694180)
    Comment removed based on user account deletion
    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Facebook/Whatsapp own the endpoints. Just because they tell YOU they are not interconnected does not mean they are not.

    • Re: (Score:3, Interesting)

      by Anonymous Coward

      Whatsapp messages are only encrypted during transmission. Not in storage on your local device.

      Your wife has Facebook and whatsapp on her phone. The Facebook app probably reads the messages straight from the filesystem.

    • by Anonymous Coward

      No offense; enough sleep for everyone! But:

      It's closed-source.
      Need I say more?

      It was literally news here on Slashdot, not that long ago, how FB vacuums off ALL the data, to sell it to advertisers.

      Trusting closed source from FB is a *bit* insane, don't you thin ;)

      (Hell; trusting *open* source from FB is bad. Trusting an auditing company is not much better. Unless they are trusted close friends of you personally. ... Generally, my rule is: If I cannot punch them in the face if I wanted to, they are not to be

    • The messages are securely encrypted during transmission but they obviously get decrypted before your wife reads them. That would be the point that Facebook 'processes' them for keywords.

      PS: Why else would Facebook have spent so much money for a messaging app?

    • FB and WA *are* interconnected now. That's why the WA founders quit FB recently.
    • Comment removed based on user account deletion
  • creepy (Score:5, Insightful)

    by astrofurter ( 5464356 ) on Sunday June 02, 2019 @03:12AM (#58694238)

    "content moderation flagged a post in an end-to-end encrypted conversation as a violation"

    Now Faceboot is censoring people's private conversations?

    • by CaffeinatedBacon ( 5363221 ) on Sunday June 02, 2019 @03:22AM (#58694260)

      "content moderation flagged a post in an end-to-end encrypted conversation as a violation"

      Now Faceboot is censoring people's private conversations?

      China is going to just love that.
      Maybe they are working on gaining access to the Chinese market?

    • by Kjella ( 173770 )

      Now Faceboot is censoring people's private conversations?

      Yes. Same way none of your "private" files online are actually private, anything you upload to Dropbox, GDrive etc. is scanned for bad content, you don't have to actually share it with anyone.

  • by Tom ( 822 )

    Of course FB is ready to "abide by the laws"... uh... not? Not when it is to their advantage to ignore them.

    But in this case, it is to their advantage to break open the encryption. Encrypted chat is bad for FB. They don't make money from it. They can't scan it for keywords to improve their profile on you. So of course they will be happy to be "forced" by any government that is ready to play the part.

    • by swilver ( 617741 )

      Sure they can scan it (and summarize it in some fashion that cannot be linked to the original text, by using hashing or something).

      Remember, in a WhatsApp chat there's always at least two devices that have the unencrypted text, unless you honestly think that that App on your phone is only doing things that are in your best interest...

  • Everyone loves technology, right? There are smart houses that allow homeowners to turn off and on appliances without even being home. But, did you know that the computer chip that powers all that technology to turn on devices in your home may put you in greater risk of having your personal information stolen? What many homeowners do not know is that the firmware contained on a system on-chip that can be used by other embedded devices. However, did you know that this firmware also opens the door to poor encr
  • Let's not repeat the corporate BS, if it has a backdoor it's not end to end encryption.

    • Unless the decryption happens in your brain (cyber implants?), it's never end-to-end by your definition. The article here talks about FB app grabbing the content from your device before or after encryption (i.e. when you create the message or when you read it), so the device-to-device, which is what most people mean by "end-to-end", encryption is bypassed. Imagine someone installing a keylogger and screen grabber on your PC, it can bypass end-to-end encryption.

  • by WCMI92 ( 592436 ) on Sunday June 02, 2019 @09:58AM (#58695248) Homepage

    And you know that Zuckerberg, who's security is even worse than Microsoft, will be offering backdoors for sale.

  • Anyone who is using closed source encryption software of any kind is only fooling themselves. It is, in my opinion, worse than using no encryption at all. At least with no encryption you're not lulled in to a false sense of security.

  • Tell me how else I can talk to a friend about project management methodologies on Whatsapp, which I usually never ever talk about, especially on whatsapp, and 20 minutes later I am being hit with ads about Project Management Methodologies on facebook.

    I don't think they are receiving the contents of my messages in FB HQ, but I bet there is a little keyword scanning function in whatsapp with a 1 or 2mb database of interesting keywords that beams a tiny little message to HQ saying FB id number xx is interested

  • Come on people you already know Facebook is evil and cancerous to your life and not only doesn't care about your privacy but will lie about not invading it, isn't the mere hint of this the straw that breaks the camels' back? Delete your Facebook account right now, and never look back even once. You'll be glad you did in the long run. Go re-learn to be actually social with real people in real life instead of the fake empty experience of being on so-called 'social media', it'll be better for your overall mental and emotional health. You can't give your real friends a real hug over the internet! Go hug your friends regularly; you'll feel much better about your life with that actual interaction. Haven't you heard? Loneliness shortens your lifespan. The Internet can't make you feel less lonely. Go outside and be with actual people.
  • Touting the importance of edge content moderation, Facebook specifically cited the need to be able to scan the unencrypted contents of users' messages in an end-to-end encrypted environment to prevent them from being able to share content that deviated from Facebook's acceptable speech guidelines.

    This right here is just invasion of privacy. There is no instance where end-to-end comms should be EVEN MONITORED, much less moderated. This is the biggest 'no no' of private user-to-user chat systems. You leave it alone, period. It's up to the end users to manage their content.

    But oh yeah, I remembered this is Facebook. Please, carry on. Continue to make a complete mockery of netiquette and human decency.

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...