Facebook’s Encryption Fight Will Be Harder Than San Bernardino

 Facebook is caught in a secret legal fight with the FBI. The fight, which centers on an alleged MS-13 gang member in Fresno, California, has been kept out of public court records, but Reuters broke the story on Friday, citing sources familiar with the situation. According to Reuters, prosecutors are looking to listen in on all Messenger voice calls from the target, similar to a conventional phone wiretap. Facebook says it’s impossible to comply because of the service’s end-to-end encryption, and the company is risking contempt charges to prove it.

If this seems similar to the San Bernardino case, it should. In that case, the FBI tried to compel Apple to unlock an iPhone linked to a horrific workplace shooting, only to vacate the case when a third-party fix became available. It was a clear win for Apple and encryption more broadly. But there are crucial differences in this new case, and most of them are unfavorable to Facebook. While San Bernardino used a novel legal argument against a hardened device, Facebook’s case uses a well-tested legal procedure against a protocol that wasn’t built with this attack in mind. Not all encryption is the same, and every indication is that Facebook’s Messenger encryption simply wasn’t designed to maintain privacy in the face of a court-compelled wiretap. As a result, Facebook is facing a much tougher legal fight with a much less predictable result.

In broad strokes, comparisons to San Bernardino would seem like good news for Facebook, but Apple had a number of important advantages that Facebook won’t have. Most importantly, Apple simply didn’t have the information the FBI was looking for. The company had handed over the contents of the killer’s iCloud account, but it had no way to access his phone’s hard drive. Even with the physical phone in custody, the data was encrypted, and Apple didn’t know the password to decrypt it. Faced with that basic fact, the FBI demanded that Apple code together a poisoned version of iOS, a project that would have had significant security implications for everyone using Apple products. Even worse, the legal authority came from the rarely invoked All Writs Act, which has little precedent for a compelled software case. What seemed like a simple request — to unlock the phone — was far more complex than it looked.