Did you know that messages sent via Facebook Messenger and Instagram DM are not end-to-end encrypted; well… at least not by default? End-to-end encryption (E2EE) has become the number one requirement for users looking to use any messaging service because of the recently growing privacy concerns. Users are increasingly leaning towards a world where online messaging is as tightly encrypted as internet transactions for online shopping sites and casino online CA platforms.
The option to send so-called ‘secret messages’ was only introduced as recently as August 2021 and is available for Facebook users that would like to keep their conversations private. This is a limited test currently running for adult users in specific countries. Interestingly, most of the other messaging apps already have a default E2EE, including Meta’s very own WhatsApp Messenger. This calls to question why the tech giant is holding off on making Messenger and Instagram DMs E2EE for all users. The company has recently announced plans to make the two highly popular messaging apps completely end-to-end encrypted, but the roll-out will not be implemented until sometime in 2023.
Personal Privacy vs. Public Safety
When a user’s messages aren’t end-to-end encrypted, not even the company running the messaging platform and other third parties like governments and cybercriminals can access the contents of the messages any time they see fit. This has proved to be a double-edged sword as critics have expressed concerns that locking out the respective companies from accessing privately shared information may provide a cover for pedophiles and terrorists.
E2EE is a concept that entices billions of online messaging app users. However, parties such as the National Society for the Prevention of Cruelty to Children (NSPCC), the US Department of Justice, and the FBI have not been too happy about it. These and many other organizations aren’t about to relent in their efforts to restrict or completely do away with it. The subject of contention is whether it’s more important to protect a user’s data, such as journalists or activists operating under totalitarian governments, or public safety with child exploitation. In 2018 alone, Facebook Messenger had to pay liabilities totalling up to $12 million for child sexual abuse material transmitted through the platform.
Why is There Delayed E2EE Roll-out for Messenger and Instagram?
One of the reasons Meta cited for the delay in making Messenger and Instagram DMs automatically E2EE is that they “want to get this right.” This comes as no surprise, given that the messages exchanged over an E2EE platform are only seen by the sender and recipient, which could deter efforts by law enforcement to protect national and public safety interests.
Another reason may be the UK’s upcoming Online Safety Bill, which will require online platforms to guarantee child online safety and address any abusive content. The Bill, which aims to make the UK the safest place in the world to be online while maintaining the freedom of expression, is also set to be effective in 2023.
Steps Towards the Actual E2EE Implementation
Meta has already started running pilot projects that should inform what happens when the time to go full E2EE comes. One such test is end-to-end encryption for group chats and calls in Messenger. The encryption will only apply to groups that already have existing chat threads or whose members are connected already.
Users can also set some delivery controls to prevent or block unwanted users or choose whether or not to accept chat requests from non-contacts. The opt-in E2EE option on Instagram also only allows encryption for already existing chats in the pilot phase. This is Meta’s way of preparing to strike a balance between safety and privacy when they’re ready to launch the E2EE feature in 2023.
Regarding the issue of child safeguarding, the Meta Head of Safety Antigone Davis reported in the Telegraph that they had implemented restrictions on accounts owned by under-18s. Children’s accounts have been defaulted to private on Instagram and ‘friends only’ on Facebook. The mechanism also restricts messages from adults that aren’t connected to the minor.
The ongoing debate between privacy campaigners and law enforcement implies that a compromise will have to be reached somewhere along the way. However, Meta’s announced delay has been met with some scepticism from users as there had been an earlier blog promising that default end-to-end encryption would be possible in 2022.
On the other hand, their supposed delay in getting to the party may be a calculated move to avoid any further scandalous litigation that may arise. We already know that Meta has the means and resources to automate E2EE on their now unified messaging platform sooner. Well, whichever way you look, this is a delicate subject that needs to be carefully approached with both personal privacy and public safety in mind.