Facebook soll seine Ende-zu-Ende-Verschlüsselung stoppen

Alexandru Balan, Chief Security Researcher bei Bitdefender

Kommentar von Alexandru Balan, Chief Security Researcher bei Bitdefender, zur Initiative der USA, Großbritannien und Australien, um Facebooks End-to-End-Verschlüsselung zu stoppen:

„Der ein oder andere mag sich noch an den Clipper-Chip erinnern, einen Chipsatz, der von der NSA als Verschlüsselungskomponente entwickelt wurde und der „Sprach- und Datennachrichten“ mit einer integrierten Hintertür sicherte. Das war damals eine schlechte Idee und es wird immer eine schlechte Idee sein, Löcher in Sicherheitssysteme zu bohren. Tatsächlich geht die Debatte weit über den Schutz der Privatsphäre hinaus. Es geht vielmehr um die Schwächung der Sicherheitssysteme, die es Cyberkriminellen einfacher macht, sich Zugang zu verschaffen.“

Nebenbei ist das Vorhaben die e2e-Verschlüsselung zu verbieten, wohl an sich eher sinnlos. Zwar versuchen Regierungen, Technologien geheim zuhalten, die Datenverkehr der Endnutzer entschlüsseln können. Die jüngere Geschichte hat uns jedoch gelehrt, dass es meist nicht lange dauert, bis Hacker die „geheimen“ Technologien auch für ihre Zwecke nutzen. Eine Hintertür würde über kurz oder lang also auch von Hackern genutzt werden.

Zweitens ist es so gut wie unmöglich Technologien zu verhindern. Das schaffen weder Nordkorea, China noch die US-Regierung. Es war schon damals nicht möglich, RSA-Verschlüsselung zu verbieten und Krypto-Forscher ins Gefängnis zu stecken. Und es wird auch heute nicht möglich sein die Vielzahl von Möglichkeiten zu unterbinden, anonym Informationen und Technologien zu verbreiten.

Alles in allem würde die Initiative die Sicherheit der ganzen Welt schwächen, während Kriminelle, die man zu erwischen versucht, jede Menge Optionen haben sich zu verstecken. Sie wechseln einfach auf andere, verschlüsselte Plattformen, bauen sich ihre eigenen Plattformen oder verschlüsseln ihre Kommunikation in 2048-PGP oder kodieren sie mit Steganographie in Fotos auf Online-Plattformen.“


Der komplette offene Brief an Facebook kann hier nachgelesen werden:

We are writing to request that Facebook does not proceed with its plan to implement end-to-end encryption across its messaging services without ensuring that there is no reduction to user safety and without including a means for lawful access to the content of communications to protect our citizens.
We must find a way to balance the need to secure data with public safety and the need for law enforcement to access the information they need to safeguard the public, investigate crimes, and prevent future criminal activity. (…) such as child sexual exploitation and abuse, terrorism, and foreign adversaries’ attempts to undermine democratic values and institutions, preventing the prosecution of offenders and safeguarding of victims.
Our understanding is that much of this activity, which is critical to protecting children and fighting terrorism, will no longer be possible if Facebook implements its proposals as planned.
NCMEC estimates that 70% of Facebook’s reporting – 12 million reports globally – would be lost.
We therefore call on Facebook and other companies to take the following steps:
· Embed the safety of the public in system designs, thereby enabling you to continue to act against illegal content effectively with no reduction to safety, and facilitating the prosecution of offenders and safeguarding of victims;
· Enable law enforcement to obtain lawful access to content in a readable and usable format;
· Engage in consultation with governments to facilitate this in a way that is substantive and genuinely influences your design decisions; and
· Not implement the proposed changes until you can ensure that the systems you would apply to maintain the safety of your users are fully tested and operational. (…)

Die Antwort auf den offenen Brief von Facebook-CEO Mark Zuckerberg:
“When we were deciding to go to end-to-end encryption across the different apps … one of the things that just weighed the most heavily on me is ‘How do we make sure we do a good job on this?’” he said. “What we’ve basically figured out is that often, it’s not looking at the content that’s most important, it’s looking at the patterns of activity, and you can do that even in encrypted systems.”

“We believe people have the right to have a private conversation online, wherever they are in the world,” the Facebook spokesperson said. “Ahead of our plans to bring more security and privacy to our messaging apps, we are consulting closely with child safety experts, governments and technology companies and devoting new teams and sophisticated technology so we can use all the information available to us to help keep people safe.”

Weitere Kommentare:

Edward Snowden (@Snowden) October 3, 2019: The government is demanding backdoor access to the private communications of 1.5 billion people using #WhatsApp. If @Facebook agrees, it may be the largest overnight violation of privacy in history. https://t.co/qkxO1pJuUh

“When a door opens for the United States, Australia, or Britain, it also opens for North Korea, Iran, and hackers that want to steal our information,” said Neema Singh Guliani, the senior legislative counsel for the ACLU. “Companies should resist these repeated attempts to weaken encryption that reliably protects consumers’ sensitive data from identity thieves, credit card fraud, and human rights abusers.”

“The UK, United States, and Australian authorities are once again falling into a false dichotomy between security and encryption,” said Guillermo Beltra, the policy director of the digital rights organization Access Now. “The reality is that encryption is an essential technology that strengthens the security of the internet’s infrastructure and enables users to enjoy their civil and political rights and express themselves freely.”

U.S. Attorney General William Barr revived the issue in July, calling tech companies‘ embrace of end-to-end encryption „dangerous“ and „unacceptable.“

Civil liberties groups also resoundingly oppose such measures. „It’s a staggering request. Despite claiming to ’support strong encryption‘ these law enforcement officials are asking for the ability to access the text of all communications,“ said Andrew Crocker, a senior staff attorney at the Electronic Frontier Foundation. ‚It would fundamentally compromise the security and privacy of encrypted communications on Facebook.“

U.S. And UK Sign Landmark Cross-Border Data Access Agreement to Combat Criminals and Terrorists Online: