Meta is ever so slowly expanding its trial of end-to-end encryption in a bid to protect users from snoops and law enforcement.
End-to-end encryption, often abbreviated as E2EE, uses strong cryptography to encrypt messages with a key that is unique to each user. Because the key is in the sole possession of each user, E2EE prevents everyone else—including the app maker, ISP or carrier, and three-letter agencies—from reading a message. Meta first rolled out E2EE in 2016 in its WhatsApp and Messenger apps, with the former providing it by default and the latter offering it as an opt-in feature. The company said it expects to make E2EE the default setting in Messenger by sometime next year. The Instagram messenger, meanwhile, doesn’t offer E2EE at all.
Starting this week, the social media behemoth will begin testing a secure online storage feature for Messenger communication. For now, it’s available only to select users who connect using either an iOS or Android device. Users who are selected will have the option of turning it on.
“Secure storage will be the default way to protect the history of your end-to-end encrypted conversations on Messenger, and you’ll have multiple options for restoring your messages if you choose to do so,” Meta said in a post on Thursday. “There will be two end-to-end encrypted options for accessing your backups: either create a PIN or generate a code, both of which you’ll need to save.”
Messenger users can also store their E2EE-protected messages on third-party services. iOS users, for instance, can use iCloud to store a secret key that gives access to backups.
Meta will begin testing a second E2EE feature in the coming weeks: default E2EE-protected chats between select users. Those in the test group will have their most frequent chats automatically encrypted with E2EE. Users of the test feature will still have access to their message history, but any new messages or calls with people will use E2EE.
The incremental expansion comes after police in Nebraska issued a subpoena to Meta for use in the prosecution of a 17-year-old who received an abortion. Meta said the subpoena did not mention abortion and that the company was legally compelled to comply. Critics, however, faulted Meta for storing messages in cleartext. Had the company offered E2EE, it would have been impossible for police to read the seized messages.
please stop saying “this desperate person in a frightening situation shouldn’t have been using Facebook” and start saying “every tech company has a moral responsibility to implement end-to-end encryption by default on all messaging services, immediately.”
— Evan Greer (@evan_greer) August 10, 2022
In an email, a Meta spokesman said the expansion wasn’t in response to the Nebraska case.
“We’re starting public tests today and in the coming weeks and wanted to make sure we explained what those are,” he said. “We’ve had this in the works for a while and have been regularly sharing updates on our progress toward default end-to-end encryption for personal messages and chats (Jan 2022 and Aug 2021).”
It’s great that Meta is following through, however incrementally, with the testing of E2EE. A much more secure messaging platform is Signal, which stores practically no unencrypted data belonging to its users. Those who insist on using Meta messaging products should choose either WhatsApp or Messenger, with E2EE turned on in the settings.