This week Facebook announced that it has begun testing end-to-end encryption by default among some users of its Messenger app. The company plans to roll out messaging and calling globally next year. With end-to-end encryption, Facebook and its parent company Meta can’t see its users’ private conversations — only senders and receivers can. This is an important security feature that protects users from cybercriminals and hackers, as well as law enforcement, who may require social media platforms to provide a private chat history as part of an investigation. Facebook’s announcement comes amid backlash from privacy advocates after the company turned over private messages between a mother and daughter to a Nebraska police department in an abortion-related case. Facebook said its security update was unrelated to the Nebraska case. So far, WhatsApp is the only Meta-owned service that uses end-to-end encryption by default. Last year, Meta began testing end-to-end encryption of Instagram messages and calls. In February, it expanded the test to include adults in Ukraine and Russia. Meta said it wants to expand this test to include people from more countries and different age groups. Facebook already offers users end-to-end encryption for so-called “secret chats,” which must be enabled. It’s unclear what percentage of Facebook’s 3 billion users actually encrypt their conversations. Making end-to-end encryption the default option would be an important step, especially given fears after the Supreme Court’s Roe v. Wade decision was overturned that posts and private messages could be used to persecute women seeking reproductive health care. While digital privacy advocates support Meta’s security update, they said the move should have been made sooner, as the issue of end-to-end encryption has been debated for years. “The demand is simple: every messaging service should be end-to-end encrypted by default, as soon as possible. Anything less is dangerous,” said Evan Greer, director of digital rights nonprofit Fight for the Future.
Facebook security updates
In addition to default end-to-end encryption, Facebook is also testing a new secure storage feature to back up users’ messages in case they lose their mobile or computer and decide to restore their message history to another device. With end-to-end encryption, Facebook will not have access to these messages unless a user is reported for violating Facebook’s policies. To access these backups, users must either create a PIN or create a code known only to them. Another option is to use a cloud service like iCloud to store a secret key that allows users to access backups. That latter method is secure, but not protected by Messenger’s end-to-end encryption, Facebook said. In the coming weeks, the company will release more tests and updates of end-to-end encrypted chats. For example, deleted messages will be synced across devices and users will be able to send messages or replies to Facebook stories. Daryna Antoniuk is a freelance reporter for The Record based in Ukraine. He writes about cyber startups, cyber attacks in Eastern Europe and the state of the cyber war between Ukraine and Russia. He was previously a technology journalist for Forbes Ukraine. Her work has also been published in Sifted, The Kyiv Independent and The Kyiv Post.
