Security

ACLU: Here's how FBI tried to force Facebook to wiretap its chat app. Judge: Oh no you don't

Federal court shoots down attempt to reveal Feds' decryption demands

By Kieren McCarthy in San Francisco

28 SHARE

A US federal judge has refused to unseal court paperwork that would show how the FBI tried to force Facebook to snoop on calls made through its instant-messaging app.

Judge Lawrence O’Neill this week rejected [PDF] a petition from the American Civil Liberties Union (ACLU) to make the documents public because, he argued, "the materials at issue in this case concern techniques that, if disclosed publicly, would compromise law enforcement efforts in many, if not all, future wiretap investigations."

The judge also refused to release partially redacted versions – a move favored by Facebook if details of its systems were removed – because "sensitive investigatory information is so thoroughly intertwined with the legal and factual arguments in the record such that redaction would leave little and/or misleading substantive information."

In August 2018, it was revealed that the Department of Justice (DoJ) had tried to force Facebook to give it access to voice-call conversations made via its Messenger app. When Facebook refused, the DoJ tried to hold the social media giant in contempt of court.

We note that while Facebook Messenger offers so-called Secret Conversations, which are chat sessions strongly end-to-end encrypted using the Signal protocol, voice calls are not, to our knowledge, end-to-end encrypted, meaning Facebook can in theory snoop on them. We assume the calls are encrypted in transit, to prevent man-in-the-middle spies from listening in, however, by not being truly end-to-end, they can be potentially intercepted by the social network.

In any case, it appears Facebook refuses to build for Uncle Sam the capability to eavesdrop on Messenger voice calls.

Soon after this legal tussle emerged, the ACLU sued the DoJ in an effort to get the relevant documents made public. Those files almost certainly include the legal arguments put forward by the US government to compel a private third-party to intercept and, if need be, decrypt private chatter.

As such, the ACLU argued, there is a clear public interest in what the US government's arguments. "Whether and how the government can compel internet communications platforms to modify their technology to enable surveillance against their users is a topic of vigorous public debate," the civil rights advocacy group argued in its filing [PDF].

It argued that the First Amendment and "common law rights of access" to court docs provided the necessary legal authority.

Overwhelming

Judge O’Neill disagreed, however, deciding instead that "the compelling interest of the DOJ to preserve the secrecy of law enforcement techniques in Title III wiretap cases overwhelms that qualified right."

This is far from the first time that law enforcement has tried to force tech companies to hand over and, if necessary, unscramble encrypted data. Most significantly, the FBI and Apple ended up a heated dispute over access to the iPhone of a man who had shoot and killed numerous people in San Bernardino, California.

The FBI told Apple to give it access to his phone's encrypted file system, and Apple argued that to do that it would have to create software that would break its own encryption system: something it said was beyond the authority of the Feds.

In the end, just days before a judge was due to rule on the issue, the g-men backed down and claimed they had found their own technical workaround and so the issue was moot. It found nothing on the phone, but that was almost irrelevant since the entire issues was seen as the FBI trying to create a legal precedent.

They're back! 'Feds only' encryption backdoors prepped in US by Dems

READ MORE

It's not clear why the FBI felt that Facebook would be an easier target or whether it had put forward different legal arguments in an effort to get that same legal precedent – and that's why the ACLU and others want to know what is in the documents filed against Facebook.

What we do know is that the request covered encrypted voice calls between suspected MS-13 gang members in Fresno, California, at least according to the ACLU.

While the judge's decision may be understandable – an effort to protect investigative techniques that are used elsewhere – it has unfortunately given the FBI a clear method by which they can keep making legal arguments for access to encrypted material without being subject to public scrutiny. All the Feds have to do is include information about their techniques and specific targets alongside its legal arguments for access, and then, wham: down come the shutters.

That in itself is a dark tunnel down which the US government can create secret surveillance laws: a rerun of the system that enabled the NSA/FBI and others to engage in the kind of mass surveillance that was exposed by Edward Snowden, and which was subsequently found to be illegal once exposed to the full spotlight of the law. ®

Sign up to our NewsletterGet IT in your inbox daily

28 Comments

More from The Register

F-B-Yikes! FBI bod allegedly hid spy camera under desk to snap coworker's upskirt pics

Of all the places to allegedly try this, the J Edgar Hoover HQ ain't one. In fact, no, no building is good. None of them

FBI and immigration officials trawling US driving licence databases for suspects

Maybe time to put 4th amendment-bothering facial recog on ICE?

Hackers bragged that pretty vanilla breach included FBI watchlist? Well, colour us shocked

It didn't, by the way – it's a bunch of ad industry folk

Ignore that FBI. We're the real FBI, says the FBI that's totally the FBI

Don't open that malware mail from the Feds that's not from the Feds, Feds warn

FBI, NSA to hackers: Let us be blunt. Weed need your help. We'll hire you even if you've smoked a little pot in the past

Black Hat Now that's what we call a joint task force: Uncle Sam chills out, relaxes recruitment rules on drugs

Auditors slam FBI for shoddy testing of facial-recog tech. But no big deal. It only has 641m images on its systems

No one has complained so far, fed honcho protests

Backdoors won't weaken your encryption, wails FBI boss. And he's right. They won't – they'll fscking torpedo it

Give it a Wray, give it a Wray, give it a Wray now: Big Chris steps in to defend blowing a hole in personal crypto

Ohio state's top legal eagle just made it harder for the FBI, ICE, cops to snoop around its DMV DB for people's faces

Reminder: They're not allowed to do that without permission

FBI boss: Never mind Russia and social media, China ransacks US biz for blueprints, secrets at 'surprisingly' huge scale

RSA 'Espionage and criminal investigations ... almost all of which lead back to Beijing'

Silence of the WANs: FBI DDoS-for-hire greaseball takedowns slash web flood attacks 'by 11%'

Fed bust of massive attack network caused traffic loads to plummet in Q4