![]() "We don't currently have plans to notify users individually," a Facebook spokesman told NPR.Īccording to the spokesman, the company does not have complete confidence in knowing which users would need to be notified. The social media company said it found and fixed the issue in August 2019 and its confident the same route can no longer be used to scrape that data. Second, companies should be as transparent as possible about the security of their messaging platforms and must be honest about whether or not they can comply with government snooping.National Security After A Major Hack, U.S. However, a few things are obvious - first, the stronger the method of implementing encryption, the less reasonable the law enforcement demands for access, and therefore the less convincing the government’s argument will be to a court. Much of this is speculative because we can’t look at Facebook’s code and we haven’t seen what the government is ordering. And it would be alarming for the government to order a company to surreptitiously undermine the security promised by end-to-end encryption. ![]() Any company must be able to continuously upgrade the security of its products. If Facebook hasn’t previously upgraded its security to the current industry standard, the company could do so immediately, unless it is being ordered either not to upgrade its security or to purposely downgrade its security to comply with a court order. First of all, its users expect and deserve privacy. For example, the government could order Facebook to surreptitiously revert back to the old standard - that could allow Facebook to intercept calls - without informing the user.įacebook is correct to push back. However, the weaker standards of encryption used by Facebook in its VOIP Messenger app quite possibly still exist and contribute to the possibility that Facebook could, hypothetically, backdoor its Messenger voice calls. If so, the voice calls should be secure beyond Facebook’s ability to decrypt them. ![]() These were initially added for “secret conversations,” but with this new functionality, we assume that Facebook would have increased security for all its communications over Messenger. Since its initial deployment, Facebook has implemented new protocols used by other messaging applications like Signal. This breaks the usual robustness of WebRTC’s end-to-end encryption, and allows for the possibility of government wiretapping requests to have Facebook save those keys which would later be used to decrypt the associated media stream (which would previously have been pulled from the wire as an encrypted stream by a government agency). In Messenger, SDES passes the keys via Facebook’s servers, and those keys appear in clear “plaintext” on those servers. However, Facebook, due to its focus on user experience over robust security, initially decided to implement SDES (Session DEScription protocol security descriptions for media streams), an obsolete and weak encryption key exchange mechanism, for voice calls over Messenger because that mechanism provides shorter call set-up delays. This primary content connection is end-to-end encrypted, which under “normal” circumstances would immediately take the application beyond the reach of laws like CALEA. WebRTC, including Facebook’s implementation in Facebook Messenger, does some call set-up via servers at the provider (i.e., Facebook servers), but the primary “connection” of the “call” is done peer-to-peer between the two users the call is between. This HTML5 functionality is natively baked into major web browsers and other applications. WebRTC utilizes new functionality in HTML5 (HyperText Mark-up Language version 5) to obtain access to the users’ cameras and microphones, and conduct the real-time voice communications. The legal process is closely linked to the technical methods Facebook is using to implement the security on Messenger.įacebook’s Messenger, including the voice (VoIP – Voice over Internet Protocol) functionality, utilizes an open protocol called WebRTC (Web Real Time Communications). Two existing laws - the Wiretap Act and Communications Assistance for Law Enforcement Act (CALEA) - do require some level of assistance, though neither has yet been used to undermine security as is being argued here, nor is it clear that they could. ![]() does not have a law that would clearly require Facebook to remove or weaken security protections in order to grant law enforcement wiretap access. law enforcement has issued to Facebook are being kept under seal by the court, so the legal arguments are not public. In this blog post we’ll explain what may be happening and how it could impact encrypted communications going forward. According to the article, Facebook is pushing back. government is ordering Facebook to help wiretap Messenger voice calls. Late last week, Reuters published a bombshell article indicating that the U.S.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |