The American Civil Liberties Union wants to know how and why, exactly, a joint federal-state task force tracking the MS-13 gang tried to order social giant Facebook to build a backdoor into its Messenger app for surveillance purposes, TechCrunch reported on Wednesday.
Earlier this year, news broke that the Department of Justice attempted to force Facebook to secretly recode parts of its Messenger app to give them the capability to listen in on Voice over Internet Protocol (VoIP) calls, even seeking a contempt of court order against the company when it refused to do so. Facebook said compliance was impossible due to end-to-end encryption, and a U.S. District Court judge in California ruled against the DOJ. Yet the legal reasoning behind both the DOJ’s attempt to secure a contempt of court order and its rejection have not been publicly released.
The ACLU wants to know more and has filed a motion to unseal records related to the case including sealed docket sheets, court orders on sealing requests, judicial rulings involved with those requests, and “any legal analysis presented in government submissions incorporated, adopted, or rejected implicitly or explicitly in such judicial rulings.”
Jennifer Granick, the ACLU’s surveillance and cybersecurity counsel, said the public “deserves to know why the government thought it could dismantle measures that protect their right to privacy online.”
“The outcome of this legal dispute between Facebook and the Justice Department has the potential to affect the private communications of millions of Americans who use communication services such as Messenger, WhatsApp, Skype, and Microsoft Outlook,” she said.
It’s not totally clear whether Facebook uses true end-to-end encryption in the calls; prior investigations from 2015 showed that Messenger session keys were shared in transit with the company using a standard protocol called SDES, making the keys potentially possible to intercept in transit. However, it’s also possible that Facebook has additional layers of security preventing that, or that it has shifted to a more secure implementation since. Beyond whether it is reasonable or technically feasible for the DOJ to demand Facebook compromise the security of one of its core products, the company has also argued that it is immune to laws requiring telecoms to allow investigators with a warrant access to VoIP lines since it is not closely integrated with regular phone networks.
Facebook’s victory here is important—authorities seeking this expansion of power chose a convenient villain, a street gang Donald Trump has denounced as “animals” undeserving of the full protections of the law. That’s not dissimilar to a prior battle between the FBI and Apple over encryption on an iPhone belonging to one of two terrorists involved in the 2015 San Bernardino mass shootings, which also ended in a defeat for authorities. (The FBI was later able to get access to the phone by paying $900,000 to a private company that bypassed its security.)
The ACLU wrote in a statement that a ruling in the DOJ’s favor could have potentially weakened security measures in place to protect Facebook’s billion-plus other users against hackers, as well as opened the door to similar demands on other services. But as TechCrunch noted, without public access to the ruling against the DOJ, other tech companies that will be inevitably asked to build backdoor surveillance tools into their products by authorities in the future may not be able to cite Facebook’s precedent.