CEO DailyCFO DailyBroadsheetData SheetTerm Sheet

No, Encryption Is Not About to Be ‘Backdoored’—Data Sheet

October 1, 2019, 1:30 PM UTC

The U.S. and UK are reportedly poised next month to sign a data-sharing treaty that will require American social media firms, like Facebook, to share people’s private messages with British law enforcement.

If you read the reporting around this impending development over the weekend, you would be forgiven for thinking that companies were being asked to introduce so-called backdoors into their communications products, like WhatsApp and Facebook Messenger. The Times of London, breaking the news, wrote that companies “will be forced to disclose encrypted messages” and must “hand over information to the police, security services and prosecutors.” Bloomberg, citing an unnamed source, reported that companies “will be forced to share users’ encrypted messages with British police.”

The reports kicked off a firestorm. Many people—including me—worried that the supposed law will create security vulnerabilities in popular products to be abused by hackers and spies. Others praised the government for asserting its authority over big tech companies and—ostensibly, if not actually—prioritizing national security over privacy. (Whether you can have one without the other is another discussion.)

Cybersecurity experts objected. They warned that the stories were mangling truth and generating false impressions among readers. Alex Stamos, Facebook’s former chief security officer, labeled the Times’ piece as “poor reporting” and “incorrect.” TechDirt’s Tim Cushing called Bloomberg’s coverage “borderline atrocious.” And Thomas Rid, a professor at Johns Hopkins University, warned that both stories “didn’t pass the smell test.”

These experts took issue with the reports’ implication that tech companies would be required to give law enforcement access to encrypted messages; in other words, to decrypt them and reveal their contents. Neither original report adequately communicated how “end-to-end” encryption, a technology that limits who can see what, prevents even the companies themselves from reading people’s messages—let alone sharing them with others. Services that apply solid, end-to-end encryption have nothing but useless gobbledygook (and subscriber information and metadata, sure) to turn over to authorities.

Facebook, which has been vocal about its company-wide plan to extend end-to-end encryption from WhatsApp to all of its chat apps, including Facebook Messenger and Instagram, attempted to clear the air in a statement. “We oppose government attempts to build backdoors because they would undermine the privacy and security of our users everywhere,” the media giant said.

“Government policies like the Cloud Act”—a 2018 law designed to enable one-to-one data-sharing treaties between various countries, likely the foundation for the upcoming U.S.-UK deal—“allow for companies to provide available information when we receive valid legal requests and do not require companies to build back doors,” Facebook continued.

Encryption is a technology of nuances. It is an important tool for protecting human rights, yet it is not without its adverse effects (as a recent New York Times investigation on the proliferation of child abuse imagery makes painfully apparent). One thing is certain though: the technology is likely to continue to spread as companies such as Facebook seek to limit their own liabilities as moderators of free speech.

Who can be held accountable for what they can’t see?

Robert Hackett

On Twitter: @rhhackett

Email: robert.hackett@fortune.com

NEWSWORTHY

Take it out of petty cash: In the latest in a string of fines levied on crypto firms, the SEC dinged Block One $24 million for selling unlicensed securities. It's unlikely the firm is too concerned given it raised $4 billion in selling tokens for its as-yet-unbuilt EOS platform.

Cost of goods sold: Facebook says, despite earlier impressions to the contrary, it will pay only some of the 200 publishers whose headlines it intends to feature in its coming news section. One wag on Twitter likened Facebook to Lucy, the publishers to Charlie Brown and the revenue to the football—which of course gets yanked away.

First in, first out: A serial hacker appear to have made off with the personal data—including name, email and Facebook ID—of over 218 million Words With Friends players. Game maker Zynga disclosed a breach last week but did not provide specifics.

Present value: As more companies seek to collect scans of our faces, a coalition of music lovers is pushing back: musicians and their fans are compiling a "festival report card" to track whether events use facial recognition technology, and to protest them if they do.

Accounts receivable: The U.S. Treasury's latest sanctions on the Internet Research Agency, a.k.a. that giant Russian troll farm, target companies used by the IRA founder to control his planes and yacht.

Variable costs: Facebook plans to exempt satire and opinion pieces from its fact-checking process—a move critics say will open a colossal loophole for purveyors of false news to keep doing their thing.

The bottom line: Washington insiders believe Congress will not pass a data privacy law by the end of the year. This is a disappointment for Big Tech who had hoped such a law would pre-empt California's powerful new data-deletion law that will go into effect on January 1, 2020.

FOOD FOR THOUGHT

The neighborhood social network, Nextdoor, has become a forum to belittle and stigmatize the homeless, writes Rick Paulus at One Zero. In his essay, Paulus cites numerous examples of users on Nextdoor—a site that has in the past been criticized for permitting racist discourse—ranting about homeless encampments. The piece is hardly balanced (it fails to acknowledge legitimate health and crime concerns related to encampments) but does make thoughtful points about "digital red-lining." 

Other social networks often contain their fair share of anti-homeless sentiment too ... But Nextdoor stands out. For one, homeless individuals without mailing addresses cannot join Nextdoor, even if they’re permanent residents of the neighborhood. For another, the platform’s private setting means that posts simmer and boil over into a mob-with-pitchforks mentality. It has all created an environment where landlords, homeowners, and renters feel safe to vent their frustrations and unfounded suspicions — actions that can have direct consequences for the homeless.

On the Move

Apartment rental site Zumper hired Vishal Makhijani, former CEO of Udacity and COO of Zynga, as its President and COO... Fintech startup Revolut is hiring 3,500 new staff as it expands its digital banking app to 24 new markets in a global partnership with Visa... Along with hundreds of layoffs, life at the new Uber reportedly includes reduced perks and weak coffee... Google hired Mark Isakowtiz, the top aide to Republican Senator Rob Portman, to help it navigate escalating regulatory threats.

IN CASE YOU MISSED IT

Nintendo Switch Lite Added to 'Controller Drift' Class Action Lawsuit By Lisa Marie Segarra

Apple TV+ Is Partnering With A24 and Others to Open Movies in Theaters First By Isaac Feldberg

Verizon Acquires Jaunt XR’s Augmented Reality Technology By Arik Jenkins

YouTube TV Joins Amazon Fire Device Lineup By Chris Morris

Stripe-Backed Rapyd Raises $100 Million to Provide Global Payments By Jeff John Roberts

BEFORE YOU GO

Did you know Ms. Pac-Man originated with a group of MIT kids who created an unauthorized "enhancement kit" for the original game? Alas, the question of who holds the current rights to Ms. Pac-Man has degenerated into a messy legal scrum, meaning new editions of the product are unlikely to arrive anytime soon.

Hey Elon, for the love of... stop tweeting

This edition of Data Sheet was curated by Jeff John Roberts. Find past issues, and sign up for other Fortune newsletters.