A Hennepin County sheriff investigator’s request to obtain a criminal suspect’s encrypted messages on Facebook has sent a chill through digital privacy circles — even if most experts doubt whether it can be done.
In a search warrant filed late last month, the investigator asked Facebook to disable the “Secret Conversation” feature on its popular Messenger app — which offers end-to-end encryption on some messages so they can be only read on the mobile devices that the users are communicating with. The messages, the warrant argues, could hold the key to finding the suspect, who is wanted for weapons and drug possession.
“Your affiant also knows that if ordered by the court, Facebook can and will disable this feature and unencrypt the communications to allow this data to be collected by law enforcement,” sheriff’s deputy Anthony Glanzer wrote in an affidavit for the warrant, unsealed last week.
The request comes amid a standoff between the government and tech giants over whether secure messaging services like WhatsApp, Signal and Telegram that are being used by tech-savvy criminals to cover their tracks should be open to law enforcement. Authorities say that strong encryption makes it harder to gain an edge in the fight against drug cartels, child pornography and terrorism.
While the warrant raised some alarms among civil libertarians and privacy advocates, most believed that even if Facebook could grant the request it likely wouldn’t, for a host of reasons — namely, that doing so would further damage its reputation for guarding the privacy of its members.
If Facebook abided the law enforcement request, it would involve the rewriting of software code to capture and decrypt messages, said Andrew Crocker, a senior staff attorney with the Electronic Frontier Foundation. This would turn into a costly and time-consuming undertaking — if such as thing is possible at all, he said.
Ordinary communications on Messenger are decrypted during transit, making them fair game for court-ordered interception. But, like other encryption services, “Secret Conversations,” which debuted in 2016, works by scrambling messages in such a way that they can only be deciphered by the sender and the intended recipient.
“Facebook, as far as I’m aware of, doesn’t keep the encrypted conversations, let alone have the keys to decrypt them, so I don’t think that it’s technically possible,” Crocker said.
But, Riana Pfefferkorn said that the warrant highlighted the lengths to which law enforcement officers are willing to go pursue a suspect, likening it to the well-publicized dispute between the FBI and Apple over the iPhone maker’s refusal to unlock the phone of one of the perpetrators of the San Bernardino, Calif. Mass shooting. In that case, Apple refused to budge, and federal investigators eventually announced that they’d found another way to get into the locked phone.
“We’ve seen repeated efforts by law enforcement to try to stretch the law and to convince judges to take an expansive view of what existing surveillance laws authorize,” said Pfefferkorn, associate director of surveillance and cybersecurity at Stanford University’s Center for Internet and Society. “When providers such as Facebook are the subjects of these efforts to push the envelope, it’s important that they push back and stand up for user privacy and security.”
Facebook spokesman Pete Haviland-Eduah said in a statement that the company does not comment on specific cases, but “as always, we remain ready to respond to law enforcement requests that comply with applicable law and our terms.”
Digital privacy has become a mainstream concern in recent years, particularly after the high-profile hacking attempts on foreign officials and celebrities, like Jeff Bezos, the founder of Amazon.
Last fall, U.S. Atty. Gen. William Barr and other U.S., U.K. and Australian officials asked Facebook to hold off on extending default end-to-end encryption to the rest of Messenger and to Instagram Direct, according to a BuzzFeed News report. For now, Facebook users must opt-in to the “Secret Conversation” service, but the feature is still not widely known.
In response to Barr’s request, the tech giant wrote that creating a backdoor for law enforcement would be a “gift to criminals, hackers and repressive regimes, creating a way for them to enter our systems and leaving every person on our platforms more vulnerable to real-life harm.”
Just last month, the European Union’s European Commission instructed all staff to switch to the Signal messaging app instead of using messaging apps such as Messenger, WhatsApp and Apple’s Messages due to increasing cybersecurity fears.
With police departments relying more and more on social media sites as intelligence-gathering tools, authorities argue that the spread of encryption hinders their investigations.
A Star Tribune analysis documented a 44% increase in search warrants filed in Hennepin County for Facebook, Instagram and Snapchat accounts over the past three years, with such requests growing from 145 in 2017 to 219 in 2019. In particular, Snapchat-related warrants saw the biggest jump in that span.
The target of the Hennepin County investigation is a suspected gang member, who first came to authorities’ attention earlier this year after a police informant said he was selling marijuana and ecstasy, while carrying around a handgun, according to court filings.
The trouble was that law enforcement couldn’t find him, so Glanzer asked the court for permission to mine the suspect’s Facebook page for clues to his whereabouts, gaining access to a trove of data kept by the site on each of its users, including subscriber details, locations, IP addresses and “records of any device facial recognition used to access” the account.
“Therefore, your affiant would like the courts to compel Facebook to Un-encrypt ANY/ALL ‘end-to-end communications’ to include ‘Secret Conversation’ feature on the TARGET FACEBOOK ACCOUNT for 30 days from the date this search warrant is signed,” it read.
Glanzer wrote that suspects will use Facebook’s “Secret Conversation” feature to mask “their conversations, IP access information, as well as any GPS related information from normal legal processes that don’t specifically request that Facebook disables this feature.” Similarly-worded search warrants have popped up going back at least to last summer.
Crocker, the attorney for Electronic Frontier, said that the digital rights nonprofit has for months fought to obtain records about a 2018 case, first reported on by Reuters, in which the Justice Department demanded that Facebook break its end-to-end encryption so that the government could spy on a suspect’s “ongoing voice conversations” in a criminal investigation related to the MS-13 gang. The matter has made its way before the 9th U.S. Circuit Court of Appeals, which is expected to rule on it later this year.
“Facebook complies with normal, uncontroversial law enforcement requests for user data a significant amount of the time, as their transparency reports show. That’s par for the course for big tech companies,” said Pfefferkorn, of Stanford. “But when an agency tries to push the limits of what the law requires Facebook to do, then that secret sealed case involving Messenger — about which we know very little — suggests that Facebook may be unwilling to go along with that, at least where fundamental questions of the security of its products are at stake.”
The warrant in the Hennepin County case, which requested that its existence not be disclosed for 90 days for security reasons, says that it’s not clear whether the suspect was actually using the feature. The results of the warrant show that Glanzer obtained “electronic data,” but don’t offer specifics. A spokesperson for the sheriff’s office declined to comment.
Hennepin County District Judge Kristin Siegesmund, who signed off on the warrant, declined to comment on the matter through a spokesman on Tuesday, citing state rules that bar judges from discussing their decisions. The Hennepin County Sheriff’s office also declined to comment, saying it would be inappropriate because the case was ongoing.
A search of the Ramsey and Hennepin County online jail rosters show that the suspect hadn’t been arrested as of Monday.