Please stop texting. But these apps need to change as well.
Anadolu Agency (via Getty Images)
Last week, the FBI warned iPhone and Android users to stop sending text messages and use encrypted messaging platforms instead. The news made global headlines, with cyber experts urging smartphone users to switch to fully secure platforms (WhatsApp, Signal, Facebook Messenger). But the FBI also issued a serious security warning to U.S. citizens using encrypted platforms, saying those apps should be changed.
China denies any involvement in the ongoing cyberattacks on U.S. communications networks, calling them “an excuse to smear China,” but government agencies say Salt Typhoon, which has ties to China’s Ministry of State Security,・It has been revealed that hackers have infiltrated multiple networks and are transmitting both metadata. Actual content is at risk.
Content encryption was certainly the answer, and the FBI’s advice to the public seemed clear. “Use your phone to automatically receive timely operating system updates, responsibly managed encryption, and phishing-resistant MFA for your email, social media, and collaboration tool accounts. Please.”
What was missing from nearly every report covering the Salt Typhoon was the FBI’s accurate warning. “Responsibly managed” encryption is a game-changer. The messaging platforms that cyber experts and media have encouraged SMS/RCS users to switch to are not “responsibly managed” by this definition.
Expanding on last week’s warning, the FBI said, “Law enforcement agencies support strong, responsibly managed encryption. This encryption should be designed to protect people’s privacy. , and should be controlled so that U.S. technology companies can provide readable content in response to legal court orders.”
There are only three providers of end-to-end encrypted messaging that matter. Apple, Google, and Meta, but Signal offers a smaller platform preferred by security professionals. The FBI says these “U.S. tech companies” should change their platforms and policies to “provide readable content in response to lawful court orders.”
This does not mean giving the FBI or other agencies direct access to the content, but rather that Meta, Apple, and Google must have the means and keys to provide the content if justified by a court. means that it must be done. At the moment, that is not possible, and police chiefs and other agencies have described the situation as “dark” and want to see change.
The onus is on public opinion and users to force this change. FBI Director Christopher Wray said, “The public should not have to choose between secure data and secure communities. We should be able to have both, and we can have both.” Collecting evidence is becoming increasingly difficult as much of it now resides in the digital realm. Terrorists, hackers, child predators, and others rely on end-to-end encryption to communicate. and hide their illegal activities from us.”
This is a dilemma. Apple, Google, and Meta all boast that they don’t have access to user content. For example, Apple guarantees that “end-to-end encrypted data can only be decrypted on a trusted device that is signed in to your Apple account.” No one else, not even Apple, can access your end-to-end encrypted data, and it remains safe even in the event of a data breach in the cloud. ”
“Unfortunately, this means that even though we have a robust legal process – a warrant issued by a judge based on probable cause – the FBI and our partners are unable to collect digital evidence,” Wray said. “It’s often not available, which means it’s not fair.” For us, stopping the bad guys is even more difficult… In reality, we have a completely unfettered space that is completely beyond legal access. It’s where child predators, terrorists, and spies can hide their communications and operate. We have to find a way to deal with that problem. ”
The dilemma is that if Google, Meta, or even Apple have the keys, as they have in the past, the end-to-end encryption enclave disappears. How would users feel if Google could access currently encrypted content if necessary? This has as much to do with distrust in big technology as it does with trust in law enforcement and other issues. And while, as always, the debate is one-sided in the United States and Europe, the same technological There will be backdoors. .
The FBI is essentially warning users not to send messages on Google or Apple’s own platforms. Full encryption does not work cross-platform. This leaves Meta as the world’s leading provider of cross-platform encrypted messaging, with user bases for WhatsApp and Facebook Messenger each in the billions.
In response to last week’s FBI warning and push for “responsibly managed” encryption, Mehta told me: This latest attack makes that point very clear, and we will continue to provide this technology to those who rely on WhatsApp. ” Signal has not yet provided a response. But what is clear is that there is still no appetite across big tech companies to make such changes. And they have proven they are willing to fight to protect encryption, even if it means leaving the country or region.
But the US is different. The United States is home to this technology. This argument will only change if public attitudes change. Politics is fraught with risks unless there is a change in public sentiment, but there are no signs of that happening yet. Users want security and privacy. End-to-end encryption has become a key element for iPhone and Android, and as we saw with recent updates to Facebook Messenger, it’s expanding rather than retreating.
U.S. Deputy Attorney General Rod Rosenstein first promoted “responsible encryption” in 2017 during the first President Trump’s era. “Encryption is a fundamental element of data security and authentication,” he said. “It’s essential to the growth and prosperity of our digital economy, and we in law enforcement have no intention of undermining that.”
However, Rosenstein said, “The emergence of ‘warrantless’ encryption is a serious problem…The law recognizes that law enforcement’s legitimate needs may outweigh personal privacy concerns.” he warned. Our society has never had a system where no evidence of criminal activity is detected…but that is the world that technology companies are creating. ”
In response, the EFF said Rosenstein’s “call for ‘responsible encryption’ is egregious and should make him feel bad…The Department of Justice says it wants to have an ‘adult conversation’ about encryption.” said. That’s not true. The Department of Justice needs to understand that secure end-to-end encryption is a responsible security measure that protects people. ”
The argument against “responsible encryption” is very simple. Content is either safe or not. “A backdoor to anyone is a backdoor to everyone.” If someone else has the keys to your content, your content is exposed and at risk, regardless of the policies protecting its use. exposed. That’s why the security community feels so strongly about this issue, and it’s considered a black-and-white dichotomy.
Seven years later, the debate remains the same. And in places like the United States and Europe, 2025 looks like the year it will reignite.
