Facebook pushes back on reports the company will hand over encrypted messages to UK police

Current and former Facebook execs are disputing reports from Bloomberg and The Times that the company will be forced to hand over encrypted WhatsApp messages to UK police.

The reports, published over the weekend and citing confidential sources, reveal that a new UK-US treaty is due to be signed next month.

Per Bloomberg, the treaty would “compel social media firms to share information to support investigations into individuals suspected of serious criminal offenses including terrorism and pedophilia.”

The Times reported that police would specifically be able to gain access to “encrypted messages.”

The reports triggered widespread speculation online that the two governments had effectively pressured WhatsApp into inserting a “backdoor”, an intentional flaw that would allow outsiders to gain access to encrypted messages. Hacker News, an influential site that is widely read in Silicon Valley, posted a link to the story with the caption: “US and UK agree to force WhatsApp backdoor.”

A backdoor or break in end-to-end encryption would be explosive. WhatsApp and other social media apps employ the technology, promising that only people who send and receive messages can actually read their contents. It’s a major selling point to privacy-conscious users.

But the treaty won’t involve breaking end-to-end encryption or backdoors, according to WhatsApp chief Will Cathcart and Facebook’s former chief security officer Alex Stamos. Instead, it’s about speeding up a little-known legal process and giving UK police and courts faster access to much the same information from tech companies that US courts can access. That includes data such as phone numbers or timestamps, but doesn’t include the encrypted content of messages.

In the UK, several high-profile cases have brought politicians into conflict with social media companies. That’s because most of these firms are based in the US and obtaining private messages for UK investigations involves a lengthy legal process. The bureaucratic procedure is called a Mutual Legal Assistance Treaty (MLAT), which takes on average 10 months to pass.

Among these cases was the murder of 13-year old Lucy McHugh, which was hindered after the suspect Stephen Nicholson refused to hand over his Facebook password to police, who hoped messages between the two could prove vital evidence. After applying to the US courts prosecutors were able to obtain a log of Nicholson’s messages with McHugh, but not the contents of the messages themselves. Nicholson was convicted of murder and rape in July.

Read more: WhatsApp faces international pressure to hand over access to encrypted chats

In another instance, two Snapchat executives were grilled by UK lawmakers over the case of Breck Bednar, a 14-year old who was murdered in 2014. Lewis Daynes, then 18, was convicted of Bednar’s murder. This year Bednar’s sister received gloating Snapchat messages purporting to be from his killer. Snapchat was unable to immediately hand over data tied to the account sending the taunts. “We welcome any efforts that help to speed up the Mutual Legal Assistance Treaty (MLAT) process whilst allowing for appropriate judicial oversight and avoiding conflicts of law,” a Snapchat spokeswoman told Business Insider at the time.

According to Stamos, the new UK-US treaty would give UK investigators faster access to this kind of information.

“This agreement would allow UK courts to issue requests equivalent to US courts, but it DOES NOT grant them access to anything a US court can’t get already,” he wrote on Twitter. “Orders for wiretaps of products like WhatsApp can get some data, like IP addresses, phone numbers, contact lists and avatar photos. It cannot get encrypted messages and attachments.”

Will Cathcart, the head of WhatsApp, also appeared to dispute the reporting on Hacker News.

“We were surprised to read this story and are not aware of discussions that would force us to change our product,” he wrote.

Asked about backdoors, he added: “We are completely opposed to this. Backdoors are a horrible idea and any government who suggests them is proposing weakening the security and privacy of everyone.”

A UK Home Office spokeswoman told Business Insider: “The UK and US are committed to signing a world-leading Data Access Agreement that will speed up law enforcement’s ability to investigate and prosecute terrorists, child sexual abusers and other criminals.”

Reuters

Facebook declined to comment.

Although the new treaty does not appear to impact end-to-end encryption, British home secretary Priti Patel has previously exerted pressure on tech firms over encrypted messages.

“Tech firms should not develop their systems and services, including end-to-end encryption, in ways that empower criminals or put vulnerable people at risk,” Patel said in a statement following a meeting of the Five Eyes nations in July.