It’s been two years since Mark Zuckerberg made a bold statement in 2019 about wanting to integrate all of Facebook, er, Meta’s messaging platforms — Messenger, Instagram, and WhatsApp — with end-to-end encryption protection.
But the journey has already taken a long time, and it might not be complete for another two years. Over the weekend, Antigone Davis, Meta‘s global director of safety, said the company is taking its time to “get this right and we don’t plan to finish the global rollout of end-to-end encryption by default across all our messaging services until sometime in 2023.”
This drew a lot ofcriticism from privacy activists as to why the company is delaying its plans towards private messaging. There are some arguments explaining Meta’s decision, but before that, let’s take a look at Meta’s progress in rolling out encryption across its messaging apps.
Where are we at now?
- WhatsApp:All conversations, including one-on-one chats, business and group chats, are end-to-end encrypted.
- Messenger:One-on-one chats are not encrypted by default. The Secret messages option lets you encrypt one-on-one messages; an option to make voice or video calls in Secret mode was added this year; group chats allow you to opt-in to encrypt the conversation.
- Instagram DM: Opt-in encrypted chats for one-on-one conversations.
So for completely private messaging, WhatsApp is your best bet of the three. The other apps require you to specifically enable end-to-end encryption, so they’re not quite as well-suited for that purpose.
Why is the E2EE rollout going to take longer?
Davis’ primary argument for this new timeline of rollout is to allow Meta to work with law enforcement and safety experts, so that the company can tackle the problem of abusive content. As the company won’t be able to monitor any content behind the encryption wall, it wants to provide users with reporting tools and restrictive controls to minimize the spread and damage of offensive content.
David Thiel, an ex-Meta employee and present CTO of the Stanford Internet Observatory, provided a bit more context on Twitter around the company’s plan to roll out encryption across all its messaging services. He noted that the firm wanted to accelerate this rollout as it helped with pre-empting anti-trust action and it was good marketing — but there was no clear roadmap.
One of the biggest challenges was to tackle Child Sexual Abuse Material (CSAM). Thiel said that when Facebook announced its plans for encryption, its systems for encrypted platforms were less than 10% effective in catching CSAM. That’s a huge hindrance.
There’s also an argument about how WhatsApp operates differently from Messenger and Instagram. On the former, you’re mostly chatting with folks in your phonebook, and you can’t really search for people. On the other hand, Messenger and Instagram are about building social contacts and connecting with more folks. So there’s a larger chance of abuse behind encryption walls.
Please stop with this. Child safety is not FUD, nor disingenuous. Here is what happened with Facebook's haphazard E2EE plan, from someone who was there and familiar with the underlying systems. 1/ https://t.co/EBuNIgbnNR
— David Thiel (@elegant_wallaby) November 22, 2021
Solving these problems is a tough task. A survey conducted by Standford Internet Observatory’s Riana Pfefferkorn, Thiel’s colleague, suggested that slapping on the E2EE layer won’t have a significant effect in areas where abuse can be caught without scanning content. However, the same technique will have some impact on CSAM scanning efforts. You can learn more about the survey, and its takeaway in Pfefferkorn’s thread.
So it’s important for Meta to build a solution that’s private, but helps prevent the spread of CSAM — even if it takes more time to implement.
The argument against Meta’s delay
Folks who support encryption across apps think that delaying the rollout will be more harmful to users, especially children. Evan Greer, director of the digital advocacy group Fight for the Future, noted that Facebook might just be concerned about bad PR and pressure from governments.
This is a good thread and I think people should read it & absorb the complexity and details.
But I think it's just wrong to say that Facebook is delaying this due to actual concern for safety when clearly their biggest reason is pressure from governments and concern about bad PR https://t.co/WiLDGaDNvJ
— Evan Greer (@evan_greer) November 22, 2021
Alec Muffet, a former security researcher at Facebook, argued that encryption has the upside of making conversations of billions of people private.
I'll ask the obvious but impolitic question:
> But that doesn't mean that real child safety concerns are imaginary or minimal. 14/
"But are they proportionate?" – you're talking about the risks but not the benefits of making the conversation of 2.7 billion people private.
— Alec Muffett (@AlecMuffett) November 22, 2021
Matthew Green, a professor of cryptography at Johns Hopkins University, argued that companies like Apple have proposed anti-CSAM measures in their private photo backup service. So there’s scope for Facebook to deploy a solution that’s private and safe.
My thought on David’s argument is that “encrypted social networks have a unique abuse problem, they need anti-abuse features that other data doesn’t” seems reasonable.
But here on Earth 1, companies are deploying those anti-abuse features into private photo backup services.
— Matthew Green (@matthew_d_green) November 22, 2021
What are other apps doing?
In terms of Facebook’s competition and its security, Signal is one the most private messaging apps — but it doesn’t have hundreds of millions of users. All of its chats and calls are secured behind encryption.
Telegram, with more than 500 million monthly active users, has end-to-end encryption enabled only for one-to-one chats in secret mode. Its channels’ content is public so it can catch illegal activities.
Viber, which has more than 250 million users across the globe, follows a hybrid model of keeping one-to-one and private group chats under encryption while keeping public groups open.
Meta has to find a solution that lets it tackle issues arising from problematic content in large groups, while also offering privacy.
In the Facebook papers, a set of documents was revealed by ex-employee Frances Haugen, one of the documents indicated that the company was considering making groups with less than a certain number of members private. We’ve asked the company if it plans to keep any limit on enabling encryption for public groups, and we’ll update the story if we hear back.
The company has had a bad repwith its privacy-related practices in the past. While encrypting its messaging services is a good practice, it has to make sure that these apps don’t become hubs for illegal content.