Forbes Raises Questions about Facebook Encryption
March 25, 2019
I am never sure if a story in Forbes (the capitalist tool) is real journalism or marketing. I was interested in a write up called “Could Facebook Start Mining Decrypted WhatsApp Messages For Ads And Counter-Terrorism?” The main point is that Facebook encryption could permit Facebook to read customers’ messages. The purpose of such access would be to sell ads and provide information to “governments or harvesters.” The write up states:
The problem is that end-to-end encryption only protects a message during transit. The sender’s device typically retains an unencrypted copy of the message, while the recipient’s device necessarily must decrypt the message to display to the user. If either of those two devices have been compromised by spyware, the messages between them can be observed in real-time regardless of how strong the underlying encryption is.
No problem with this description. Intentionally or unintentionally, the statement makes clear why compromising user devices is an important tool in some government’s investigative and intelligence toolbox. Why decrypt of the bad actor’s mobile device or computer just emails the information to a third party?
I noted this statement as well:
The messaging app itself has access to the clear text message on both the sender and recipient’s devices.
If I understand the assertion, Facebook can read the messages sent by its encrypted service.
The write up asserts:
As its encrypted applications are increasingly used by terrorists and criminals and to share hate speech and horrific content, the company will come under further pressure to peel back the protections of encryption.
Even if Facebook wants to leave encrypted information in unencrypted form, outside pressures may force Facebook to just decrypt and process the information.
The conclusion of the write up is interesting:
Putting this all together, it is a near certainty that Facebook did not propose its grand vision of platform-wide end-to-end encryption without a clear plan in place to ensure it would be able to continue to monetize its users just as effectively as in its pre-encryption era. The most likely scenario is a combination of behavioral affinity inference through unencrypted metadata and on-device content mining. In the end, as end-to-end encryption meets the ad-supported commercial reality of Facebook, it is likely that we will see a dawn of a new era of on-device encrypted message mining in which Facebook is able to mine us more than ever under the guise of keeping us safe.
Speculation? Part of the capitalist toolkit it seems. Is there a solution? The write up just invokes Orwell. Fear, uncertainty, doubt. Whatever sells. But news?
Stephen E Arnold, March 25, 2019