After almost five years of work, which has included various regulatory challenges, Meta has finally moved to the next stage of its roll-out of end-to-end (E2E) encryption as the default in Messenger.
The update, Meta says, has required a ground-up re-build of the app, with stronger privacy at the core, which will provide more assurance to users that their private chats will remain that way, no matter who might seek to infiltrate them, be it Meta or anybody else.
As explained by Meta:
“The extra layer of security provided by end-to-end encryption means that the content of your messages and calls with friends and family are protected from the moment they leave your device to the moment they reach the receiver’s device. This means that nobody, including Meta, can see what’s sent or said, unless you choose to report a message to us.”
The shift to full encryption by default moves Messenger more into line with WhatsApp, and was initially announced as part of Meta’s broader plan to integrate its various messaging tools, in order to simplify cross-app communication. That, conceptually, will eventually also see the development of a single, universal inbox that will include all of your Messenger, WhatsApp, and IG Direct chats, and will be accessible from each service.
That plan did seem to have hit a slight snag recently, with Meta announcing that it’s removing the option to conduct cross-app chats between Facebook and Instagram, though that update could also have been made in preparation for this change, with IG Direct chats still not encrypted by default.
Or it could be related to new E.U. regulations, and Meta’s effort to align Messenger and Instagram Direct with Facebook and IG, in order to avoid them being governed separately (I asked Meta for clarity on the reasoning, but got no response).
Either way, all of your Messenger chats will soon be encrypted, while Meta’s also adding some other new features to bring Messenger further into line with WhatsApp’s functions.
First off, you’ll soon be able to edit your messages for up to 15 minutes after you send them, the same as you can on WhatsApp.
Disappearing messages will also last for 24 hours, as they do on WhatsApp, while Meta’s also making it easier to see when disappearing messages are active in your chats.
Meta’s also added new read receipt controls, and improved visual display options, along with variable playback speeds for audio messages. Again, like WhatsApp.
But encryption is the big addition, and the one that Meta has been fighting to enact, despite various groups opposing the change, due to the risk that it could facilitate more criminal activity in Meta’s apps.
The U.K. Government has been one of the strongest opponents, with former U.K. Home Affairs Secretary Priti Patel repeatedly calling on Meta to reconsider its plans for expanded messaging encryption, due to the potential limitation that it may impose on police attempting to investigate and prevent child abuse. In September last year, Patel labeled the shift to full encryption as ‘catastrophic’.
Various other security officials have voiced similar concerns, and it remains a key issue within this shift.
The counter, then, is the potential for governments and/or corporate owners to snoop on people’s private messages if encryption isn’t enabled.
As Meta CEO Mark Zuckerberg outlined back in 2021:
“There is a growing awareness that the more entities that have access to your data, the more vulnerabilities there are for someone to misuse it or for a cyber attack to expose it. There is also a growing concern among some that technology may be centralizing power in the hands of governments and companies like ours. And some people worry that our services could access their messages and use them for advertising or in other ways they don’t expect.”
But it goes further than that, especially when considering people living under authoritarian regimes, or in war zones, where being able to share information anonymously could actually be critical to someone’s survival.
“In the last year, I’ve spoken with dissidents who’ve told me encryption is the reason they are free, or even alive. Governments often make unlawful demands for data, and while we push back and fight these requests in court, there’s always a risk we’ll lose a case – and if the information isn’t encrypted we’d either have to turn over the data or risk our employees being arrested if we failed to comply.”
WhatsApp chief Will Cathcart has also been a strong proponent for expanded messaging encryption, calling it “one of the most powerful technologies we have to keep everyone safe”.
So there is a clear case for encryption, though Meta also acknowledges the risk, in facilitating nefarious activity in its apps, which is already happening without encryption.
Earlier this week, The Wall Street Journal published a report that explained how two independent research groups, The Stanford Internet Observatory and The Canadian Centre for Child Protection, have both been tracking various instances of groups, some with millions of members, that have been distributing child sexual abuse material (CSAM) across both Facebook and Instagram.
And that’s only what they can track, with encrypted messaging groups on WhatsApp likely also facilitating the distribution of CSAM as well.
Indeed, throughout 2021, Meta detected and reported 22 million pieces of child abuse imagery to the National Centre for Missing and Exploited Children (NCMEC), while in 2020, NCMEC also reported that Facebook was responsible for 94% of the 69 million child sex abuse images reported by U.S. technology companies.
Meta is working to address this, and it’s constantly removing profiles, groups, and posts. But the sheer scale of Meta’s network makes this a never-ending task, and you can only imagine that hiding even more of that from any possible view will worsen the situation.
Which is why the shift towards greater encryption has faced such scrutiny, and part of the reason why it’s taken Meta five years to implement.
So is it a good move? I don’t know, no one does, but there are strong advocates on both sides, and clearly, Meta itself is more aligned with the view that the vast majority of users only intend to utilize stronger security for good, as opposed to criminal purpose.
But then again, more encryption also benefits Meta in many respects.
If you can’t detect such activity, you can’t hold Meta to account for facilitating it, so the more of it that gets hidden, the less Meta can possibly be held to account for the same.
Which is why I do have some trouble agreeing with Meta’s perspective, but again, there are various independent experts who also agree that encryption should be the default, and again, there are many other reasons why this is a positive move.
But there are risks, and significant ones at that.
Hopefully, the positives do end up outweighing such concerns.