Encryption spat sees backdoor back-and-forth between tech firms, Congress

• Lindsey Graham threatens to impose lawful access to encrypted messages
• Apple, Facebook argue it would help criminals and compromise user safety
• Neither side appears willing to compromise, so expect further lobbying

There is a thin line between hypocrisy and stupidity, as the US Congress ably demonstrated this week when it locked horns with Facebook and Apple over encryption.

A group of lawmakers on the Senate Judiciary Committee Hearing on Encryption argued passionately that end-to-end encryption used by messaging services like WhatsApp and iMessage is brilliant if you're a goodie, but it also helps baddies. Ergo, law enforcement must be given some kind of backdoor access so they can get a warrant and gather evidence.

The Committee is chaired by Lindsey Graham, Republican Senator for South Carolina. The same Lindsey Graham who has spent a fair amount of time this year warning everyone that the Chinese government could easily force Huawei to provide backdoor access to its networks.

"I'm not about to create a safe haven for criminals where they can plan their misdeeds and have information stored in a fashion [so] that law enforcement can never be allowed to access it. That is a bridge too far for me," he said during this week's hearing, adding that the authorities – equipped with the appropriate warrant – must be able to access encrypted messages. "How we do this, I don't know. I hope the tech community working with law enforcement can find a way to do it."

Doing his best scary headmaster impression, he warned: "If y'all don't; we will."

Watch the video here. He really did say "y'all."

Graham would probably argue there's a difference between using backdoor access to prevent crime and using it for espionage. But it's two sides of the same coin, and Graham's track record suggests he's not that bothered about spying on innocent civilians in the name of national security. He has previously branded NSA whistleblower Edward Snowden a traitor, and called on Russia to return him to the US so he could face prosecution. Last month he called for the identity of the whistleblower that kick-started the impeachment inquiry into Trump to be made public.

On this evidence, if you were to ask Facebook and Apple why they rolled out end-to-end encryption in the first place, they could just point at people like Lindsey Graham.

Instead though, they highlighted that any backdoor access into their messaging services intended to help law enforcement could also help criminals.

"We do not know of a way to deploy encryption that provides access only for the good guys without making it easier for the bad guys to break in," testified Erik Neuenschwander, director of user privacy at Apple.

"Every day, over a trillion transactions – from financial transactions to the exchange of healthcare records – occur safely over the Internet because of encrypted communications. Utilising 5G networks, connected devices will play an even larger role in the operation and maintenance of our critical infrastructure, running our electric grids, transportation networks, and healthcare and financial systems," he continued. "Encryption is needed to protect from malicious actors whose attacks are growing exponentially in scope, frequency, and sophistication."

Jay Sullivan, Facebook's product management director for privacy and integrity in Facebook Messenger, went a little further, putting on record that encryption also protects dissidents from authoritarian regimes. He also warned that if US-based platforms like WhatsApp and iMessage can't guarantee their services are secure, then users will flock to one that is.

"If the United States rolls back its support for privacy and encryption, foreign application providers – including those who may be outside the reach of our legal system and not nearly as committed to or capable of preventing, detecting, and responding to bad behaviour – will fill the vacuum and provide the private and secure communications that people expect and demand," he said.

While Facebook's Sullivan prepared for his showdown on Capitol Hill, his company replied to an open letter sent by lawmakers in the US, UK and Australia calling for Facebook to halt plans to implement end-to-end encryption across its messaging services unless it can provide access to law enforcement.

US Attorney General William Barr, acting Secretary of Homeland Security Kevin McAleenan, UK Home Secretary Priti Patel, and Australian Minister for Home Affairs Peter Dutton took the same line as the Senate Judiciary Committee, arguing that encryption makes it harder to prevent and investigate crime, particularly child abuse.

"Companies should not deliberately design their systems to preclude any form of access to content, even for preventing or investigating the most serious crimes. This puts our citizens and societies at risk by severely eroding a company's ability to detect and respond to illegal content and activity, such as child sexual exploitation and abuse, terrorism, and foreign adversaries' attempts to undermine democratic values and institutions, preventing the prosecution of offenders and safeguarding of victims," they wrote.

They called on Facebook and other companies to ensure they can still detect and act on illegal content sent over their encrypted services, and enable law enforcement to obtain lawful access to content.

"The 'backdoor' access you are demanding for law enforcement would be a gift to criminals, hackers and repressive regimes, creating a way for them to enter our systems and leaving every person on our platforms more vulnerable to real-life harm," replied Will Cathcart, head of WhatsApp, and Stan Chudnovsky, head of Messenger, in a letter of their own. "It is simply impossible to create such a backdoor for one purpose and not expect others to try and open it."

Neither side appears willing to compromise, so it wouldn't be a surprise if the US government tries to mandate lawful access to encrypted messages via Congress. If that is the case, expect the lobbying on both sides to intensify.