Late last week, Reuters published a bombshell article indicating that the U.S. government is ordering Facebook to help wiretap Messenger voice calls. According to the article, Facebook is pushing back. In this blog post we’ll explain what may be happening and how it could impact encrypted communications going forward.
The details of the order U.S. law enforcement has issued to Facebook are being kept under seal by the court, so the legal arguments are not public. The U.S. does not have a law that would clearly require Facebook to remove or weaken security protections in order to grant law enforcement wiretap access. Two existing laws — the Wiretap Act and Communications Assistance for Law Enforcement Act (CALEA) — do require some level of assistance, though neither has yet been used to undermine security as is being argued here, nor is it clear that they could. The legal process is closely linked to the technical methods Facebook is using to implement the security on Messenger.
Facebook’s Messenger, including the voice (VoIP – Voice over Internet Protocol) functionality, utilizes an open protocol called WebRTC (Web Real Time Communications). WebRTC utilizes new functionality in HTML5 (HyperText Mark-up Language version 5) to obtain access to the users’ cameras and microphones, and conduct the real-time voice communications. This HTML5 functionality is natively baked into major web browsers and other applications.
WebRTC, including Facebook’s implementation in Facebook Messenger, does some call set-up via servers at the provider (i.e., Facebook servers), but the primary “connection” of the “call” is done peer-to-peer between the two users the call is between. This primary content connection is end-to-end encrypted, which under “normal” circumstances would immediately take the application beyond the reach of laws like CALEA.
However, Facebook, due to its focus on user experience over robust security, initially decided to implement SDES (Session DEScription protocol security descriptions for media streams), an obsolete and weak encryption key exchange mechanism, for voice calls over Messenger because that mechanism provides shorter call set-up delays. In Messenger, SDES passes the keys via Facebook’s servers, and those keys appear in clear “plaintext” on those servers. This breaks the usual robustness of WebRTC’s end-to-end encryption, and allows for the possibility of government wiretapping requests to have Facebook save those keys which would later be used to decrypt the associated media stream (which would previously have been pulled from the wire as an encrypted stream by a government agency).
Since its initial deployment, Facebook has implemented new protocols used by other messaging applications like Signal. These were initially added for “secret conversations,” but with this new functionality, we assume that Facebook would have increased security for all its communications over Messenger. If so, the voice calls should be secure beyond Facebook’s ability to decrypt them.
However, the weaker standards of encryption used by Facebook in its VOIP Messenger app quite possibly still exist and contribute to the possibility that Facebook could, hypothetically, backdoor its Messenger voice calls. For example, the government could order Facebook to surreptitiously revert back to the old standard — that could allow Facebook to intercept calls — without informing the user.
Facebook is correct to push back. First of all, its users expect and deserve privacy. If Facebook hasn’t previously upgraded its security to the current industry standard, the company could do so immediately, unless it is being ordered either not to upgrade its security or to purposely downgrade its security to comply with a court order. Either scenario is troubling. Any company must be able to continuously upgrade the security of its products. And it would be alarming for the government to order a company to surreptitiously undermine the security promised by end-to-end encryption.
Much of this is speculative because we can’t look at Facebook’s code and we haven’t seen what the government is ordering. However, a few things are obvious — first, the stronger the method of implementing encryption, the less reasonable the law enforcement demands for access, and therefore the less convincing the government’s argument will be to a court. Second, companies should be as transparent as possible about the security of their messaging platforms and must be honest about whether or not they can comply with government snooping.