Facebook Testing End-to-End Encryption After Handing Info Over to Authorities Related to an Abortion

A stark story has surfaced about how Facebook handed information on an abortion to authorities. Shortly after, they say they are testing new encryption.

There is a lot of criticism that is rightfully directed at Facebook. Lately, however, Facebook has made some moves that may not be great, but you can’t really blame them for the move, either. One such move is Facebook, along with Instagram, censoring posts about abortion medication. The move sucks, without a question. The problem is that Facebook is subject to American law. Thanks to the overturning of Roe v Wade, the problem truly lies in the system that forced those platforms hand on that.

Recently, however, there was another story that has raised a number of eyebrows. A woman is facing charges related to an illegal abortion under Nebraska law. Until the Roe V Wade decision, that law wasn’t enforced. However, thanks to the overturning, it is enforced. Law enforcement wanted to get their hands on evidence, so they obtained a warrant, demanding Facebook turn over all messages pertaining to this individual. Facebook complied likely because a court order is a court order. Defying a court order is a pretty tall order for anyone who doesn’t have a relationship with Donald Trump (even then, that’s catching up to them). Here’s an excerpt from NPR:

A 41-year-old woman is facing felony charges in Nebraska for allegedly helping her teenage daughter illegally abort a pregnancy, and the case highlights how law enforcement can make use of online communications in the post-Roe v. Wade era.

Police in Norfolk, Neb., had been investigating the woman, Jessica Burgess, and her daughter, Celeste Burgess, for allegedly mishandling the fetal remains of what they’d told police was Celeste’s stillbirth in late April. They faced charges of concealing a death and disposing of human remains illegally.

But in mid-June, police also sent a warrant to Facebook requesting the Burgess’ private messages. Authorities say those conversations showed the pregnancy had been aborted, not miscarried as the two had said.

The messages appear to show Jessica Burgess coaching her daughter, who was 17 at the time, how to take the abortion pills.

As so many others have pointed out, the case offers a glimpse into how police could theoretically enforce abortion ban laws. A lot of people use basic communications over the internet and potentially leave a lot of “incriminating” evidence behind in the process. Because abortion bans haven’t been enforced yet, there’s going to be a large section of the population who think that a private message is going to remain private no matter the encryption capabilities. This shows that this is not the case. In fact, it proves that the Electronic Frontier Foundation was right to release a video back in May showcasing different security tips to help keep women safe.

Of course, Facebook has had another project more or less rolling along in the background: end-to-end encryption. For those with a really good memory, yes, this is definitely not the first time we discussed this effort. Back in 2019, when the US was in it’s latest attempt to ban effective encryption, Facebook was facing hearings about their implementation of end-to-end encryption. At the time, lawmakers were freaking out that if Facebook encrypts its messages, then it would impede law enforcement from catching “the bad guys”. There were a number of aspects to that debate such as how the proposed solutions were technologically unfeasible. What’s more is that people do need ways of transmitting encrypted information – including from the prying eyes of the government.

Indeed, such a large part of the debate always focuses on going after the most egregious offenders. When these security debates crop up, so many focus on terrorists or CSAM content. What often gets lost in these debates is what happens when a government takes over and decides to pursue people for more ideological reasons. Whether it is governments targeting environmentalists or reporters who provided unfavourable coverage, there are those that the government could be motivated to target who really don’t break the law, but could become political targets.

That’s the problem with trying to outlaw effective encryption. Think about the worst possible government you can imagine running things and having that kind of power. Do you trust that government with the power to break any kind of encryption it sees fit? The answer should be, “absolutely not”. By allowing the government that kind of unchecked power, you enable all kinds of governments to have access to that same power. You might be completely supportive of the government that pushed for these kinds of changes to the law. You might 100% believe and trust that the government won’t abuse that power. The question is, what about the governments after? By breaking encryption today, future governments might not have to go through that process. They just grab that power and run with it – good or bad.

That is a big part why so many people who are part of the security community, or otherwise supportive of it, push so hard back against governments trying to outlaw effective encryption and security. The risk that such power can be abused whether directly by the government or indirectly through third parties, is far too great. Probably the most terrifying aspect of this debate is the fact that a first world country has already abused such power. In 2019, having banned effective encryption, the Australian government targeted journalists and raided a news organizations offices. That move was condemned by Reporters Without Borders.

Had those efforts in the US succeeded, Facebook wouldn’t have had any other way to respond to the situation. Fortunately, those laws didn’t pass and Facebook apparently kept moving along with their quest to implement end-to-end encryption. Impressively, it seems that Facebook is now in a public testing phase of the technology. From The Guardian:

Facebook announced on Thursday it will begin testing end-to-end encryption as the default option for some users of its Messenger app on Android and iOS.

The development comes as the company is facing backlash for handing over messages to a Nebraska police department that aided the department in filing charges against a teen and her mother for allegedly conducting an illegal abortion.

Facebook messenger users currently have to opt in to make their messages end-to-end encrypted (E2E), a mechanism that theoretically allows only the sender and recipient of a message to access its content.

But had all Facebook messages been encrypted by default back in June when Nebraska police issued a search warrant for Facebook user data of the mother investigated in the case, Facebook would not have messages to hand over to police in the first place.

Facebook spokesperson Alex Dziedzan said on Thursday that E2E encryption is a complex feature to implement and that the test is limited to a couple of hundred users for now so that the company can ensure the system is working properly.

Dziedzan also said the move was “not a response to any law enforcement requests”.

Indeed, it is easy to think that this happened in response to that law enforcement story, however, Facebook has been developing this for years. In face, back in January of 2020, we reported on Facebook admitting that its end-to-end encryption is years away. So, when Facebook says that it wasn’t in response to this latest story, it’s actually quite believable.

It’s also probably coincidental timing that the trials are currently under way to see how well this works. After all, it is unlikely that the original infrastructure of the messaging app was built with encryption in mind, so trying to re-code parts of it to support it was going to take time. There would need to be a strategy of deploying this technology and careful consideration to make sure that there isn’t some glaring flaw in the security in the process.

While it may be too late for this recent case, the idea that this technology could be useful in protecting others in the future is promising. It would be comforting to know that when police send a search warrant demanding that all messages of an individual user who might be suspected of being involved in an abortion, and Facebook responds with “nothing to hand over”. That would seriously be a huge step forward in Facebook getting some badly needed credibility on the security front. It doesn’t, by any means, solve all of the problems the company is facing, but it is, in our view, helpful.

Obviously, we’ll have to wait and see if what Facebook implements is sufficient. The proof will be in the pudding on that front. Still, at least Facebook is trying to do something right by attempting to implement this encryption in the first place. That should be a welcome development for many, even with the baggage the company still carries.

Drew Wilson on Twitter: @icecube85 and Facebook.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: