Users of Meta’s Facebook and Messenger apps will now automatically gain the protections of end-to-end encryption, a major boost to security and privacy, the company said Wednesday.
The long-anticipated rollout will keep user messages from prying eyes by scrambling their contents to everyone but the intended senders and recipients. But the move could trigger renewed opposition by government officials who have warned that making messages harder for third parties to read might facilitate criminal activity.
For years, Meta had been public about its plans to make encrypted messages the default mode for its messaging platforms. The company’s other messaging service, WhatsApp, defaulted to encrypted communications in 2016. That same year also saw Messenger enabling encrypted messaging on an opt-in basis.
Meta doubled down on security and privacy technologies in 2019 as CEO Mark Zuckerberg laid out a privacy-focused vision for Facebook, WhatsApp and Instagram in response to rising scrutiny of platform manipulation issues and the company’s data practices. And in 2021, Instagram began testing opt-in end-to-end encrypted messaging.
But it took a large-scale reworking of Messenger to support end-to-end encryption by default, Meta said Wednesday, explaining why the company took so long to follow through on extending default encryption to users of that platform.
“This is the biggest set of improvements to Messenger since it was first launched in 2011,” wrote Loredana Crisan, head of Messenger, in a blog post, saying the company has “worked tirelessly to rebuild Messenger features from the ground up.”
Under the new default settings, not even Meta will be able to see what users are sending to one another, Crisan said. The update not only brings Facebook and Messenger into line with WhatsApp but also with rival, non-Meta apps that offer similar levels of protection, including Signal and Apple’s iMessage.
While messages will be “protected from the moment they leave your device to the moment they reach the receiver’s device,” Crisan added, there is one way in which encrypted messages could potentially be read by others: If a participant in a conversation reports a message to Meta.
The expansion of end-to-end encryption could help protect political dissidents, human rights workers, journalists, minorities and others whom security experts say depend on encryption for their safety from authoritarian governments.
Law enforcement officials, however, have long complained that Meta’s shift toward more privacy-protecting technologies could make it harder to investigate crimes.
Meta clashed publicly with the Justice Department over encryption in 2019, when then-Attorney General William Barr called for the company to delay its companywide efforts to advance the technology.
“By enabling dangerous criminals to cloak their communications and activities behind an essentially impenetrable digital shield, the deployment of warrant-proof encryption is already imposing huge costs on society,” Barr argued in a speech at Fordham University’s International Conference on Cyber Security that July.
At the time, Meta responded that Barr’s call to clamp down on encryption would be a “gift to criminals, hackers and repressive regimes” who would exploit weak message security to prey on victims.
Officials in the United Kingdom have been similarly critical of Meta’s plan. On Thursday, as news of Meta’s encryption defaults spread, UK Home Secretary James Cleverly told Politico that the decision “would empower child sex abusers and hamper the ability of the police and National Crime Agency to bring offenders to justice.”
Law enforcement agencies have long called for tech companies to design ways that allow only authorized officials to access encrypted messaging. But technologists and security experts have said there is no technically feasible way to give “good guys” a tool that “bad guys” will not discover and use for themselves.
Explore our curated content, stay informed about groundbreaking innovations, and journey into the future of science and tech.
© ArinstarTechnology
Privacy Policy