Meta won’t roll out end-to-end encryption for its apps until 2023 — but is that so bad?
The company wants to “get it right”
Where are we at now?
So for completely private messaging, WhatsApp is your best bet of the three.The other apps require you to specifically enable end-to-end encryption, so they’re not quite as well-suited for that purpose.
Why is the E2EE rollout going to take longer?
Davis’ primary argument for this new timeline of rollout is to allow Meta to work with law enforcement and safety experts, so that the company can tackle the problem of abusive content. As the company won’t be able to monitor any content behind the encryption wall,it wants to provide users with reporting tools and restrictive controls to minimize the spread and damage of offensive content.
David Thiel, an ex-Meta employee and present CTO of the Stanford Internet Observatory,provided a bit more contexton Twitter around the company’s planto roll out encryption across all its messaging services. He noted that the firm wanted to accelerate this rollout as it helped with pre-empting anti-trust action and it was good marketing — but there was no clear roadmap.
One of the biggest challenges was to tackle Child Sexual Abuse Material (CSAM). Thiel said that when Facebook announced its plans for encryption, its systems for encrypted platforms were less than 10% effective in catching CSAM. That’s a huge hindrance.
There’s also an argument about how WhatsApp operates differently from Messenger and Instagram. On the former, you’re mostly chatting with folks in your phonebook, and you can’t really search for people. On the other hand, Messenger and Instagram are about building social contacts and connecting with more folks. So there’s a larger chance of abuse behind encryption walls.
Solving these problems is a tough task.A surveyconducted by Standford Internet Observatory’s Riana Pfefferkorn, Thiel’s colleague, suggested that slapping onthe E2EE layerwon’t have a significant effect in areas where abuse can be caught without scanning content. However, the same technique will have some impact on CSAM scanning efforts. You can learn more about the survey, and its takeaway inPfefferkorn’s thread.
So it’s important for Meta to build a solution that’s private, but helps prevent the spread of CSAM — even if it takes more time to implement.
The argument against Meta’s delay
Folks who support encryption across apps think that delaying the rollout will be more harmful to users, especially children. Evan Greer, director of the digital advocacy groupFight for the Future, noted that Facebook might just be concerned about bad PR and pressure from governments.
Authoritiesacrossthe globehave pressurized Meta (especially WhatsApp) to enable traceability of messages — a practice that could put encryption and privacy at risk.
Alec Muffet, a former security researcher at Facebook, argued that encryption has the upside of making conversations of billions of people private.
Matthew Green, a professor of cryptography at Johns Hopkins University, argued that companies likeApple have proposed anti-CSAM measuresin their private photo backup service. So there’s scope for Facebook to deploy a solution that’s private and safe.
What are other apps doing?
In terms of Facebook’s competition and its security,Signal is one the most private messaging apps— but it doesn’t have hundreds of millions of users. All of its chats and calls are secured behind encryption.
Telegram, with more than 500 million monthly active users, has end-to-end encryption enabled only for one-to-one chats in secret mode. Its channels’ content is public so it can catch illegal activities.
Viber, which hasmore than 250 million usersacross the globe, follows a hybrid model of keeping one-to-one and private group chats under encryption while keeping public groups open.
Meta has to find a solution that lets ittackle issues arising from problematic content in large groups, while also offering privacy.
Inthe Facebook papers, a set of documents was revealed by ex-employee Frances Haugen, one of the documents indicated that the company was considering making groups with less than a certain number of members private. We’ve asked the company if it plans to keep any limit on enabling encryption for public groups, and we’ll update the story if we hear back.
The company has hada bad repwith its privacy-related practicesin the past. While encrypting its messaging services is a good practice, it has to make sure that these apps don’t become hubs for illegal content.
Story byIvan Mehta
Ivan covers Big Tech, India, policy, AI, security, platforms, and apps for TNW. That’s one heck of a mixed bag. He likes to say “Bleh.“Ivan covers Big Tech, India, policy, AI, security, platforms, and apps for TNW. That’s one heck of a mixed bag. He likes to say “Bleh.”
Get the TNW newsletter
Get the most important tech news in your inbox each week.
