Facebook Tests Default End-to-End Encryption For Messenger

Meta Platforms has revealed it is testing a measure that is sure to be deeply unpopular with law enforcement and government officials around the world.

Facebook announced on Thursday it is testing secure storage on Messenger – a new feature that allows users to back up their end-to-end encrypted chats. It is also testing the turning on end-to-end encryption by default in Messenger.

It comes after Facebook this week found itself involved in a case about an alleged illegal abortion carried out at home, after it provided police with a teenager’s private chats.

Encrypted backups

The police in Nebraska then used those chats to seize her phone and computer.

A 17-year-old girl and her mother have been charged with a series of felonies and misdemeanors over the matter.

That case highlights concerns from abortion rights activists and privacy experts in the US, that people’s digital communications, location data, period app tracking information, or other private data will be used against them to criminalise abortion.

Meta confirmed that it had not been informed about the abortion aspect of the case, and it compiled with a lawful court order.

But days after that, Facebook on Thursday announced it was testing encrypted backups, and encrypted chats by default.

At the moment Messenger chats can be encrypted, but only if the user taps the Edit button in the top right of the Messenger Home tab. Pressing the Secret toggle in the top right will enable encrypted chats.

Facebook said the reason for testing the secure storage feature, is so users can back up end-to-end encrypted Messenger conversations in case they want to restore their message history on a new device.

Facebook will not have access to these messages, and users can create a PIN, generated code or use a third-party cloud service to restore their messages.

Default encrypted chats

And Facebook also said it was “starting a test of automatic end-to-end encrypted chat threads on Messenger.”

“People want to trust that their online conversations with friends and family are private and secure,” wrote Sara Su, product management director at Messenger Trust.

“We’re working hard to protect your personal messages and calls with end-to-end encryption by default on Messenger and Instagram,” wrote Su. “Today, we’re announcing our plans to test a new secure storage feature for backups of your end-to-end encrypted chats on Messenger, and more updates and tests to deliver the best experience on Messenger and Instagram.”

Facebook’s Su wrote that end-to-end encrypted Messenger conversations are currently stored on a user’s device.

“With that in mind, we’re testing secure storage to back up those messages in case you lose your phone or want to restore your message history on a new, supported device,” wrote Su. “As with end-to-end encrypted chats, secure storage means that we won’t have access to your messages, unless you choose to report them to us.”

It seems that Facebook intend for secure storage to be the default way to protect the history of a person’s end-to-end encrypted conversations on Messenger.

“There will be two end-to-end encrypted options for accessing your backups: either create a PIN or generate a code, both of which you’ll need to save,” wrote Su. “You can also choose to restore your Messenger conversations via third-party cloud services. For example, for iOS devices you can use iCloud to store a secret key that allows access to your backups. While this method of protecting your key is secure, it is not protected by Messenger’s end-to-end encryption.”

Su noted that this feature isn’t yet available on www.messenger.com, Messenger for desktop or chats that aren’t end-to-end encrypted.

Upcoming tests

Sue also noted that over the next few weeks, Facebook will begin rolling out more tests and updates on our end-to-end encrypted chats. This includes:

• Expanding features and surfaces: Deleted messages will sync across other devices belonging to a user. Facebook will also begin testing the ability to unsend messages, reply to Facebook Stories and offer other ways to access end-to-end encrypted messages and calls. It plans for example to bring end-to-end encrypted calls to the Calls Tab on Messenger. End-to-end encrypted chats are also going hands-free with Ray-Ban Stories (its wearable glasses product).
• Code Verify: This is a new security feature, which is an open-source web browser extension that’s available on Chrome, FireFox and Microsoft Edge and automatically verifies the authenticity of the code when using http://www.messenger.com. This will let the user confirm the effectiveness of Facebook’s end-to-end encryption security by showing that the user’s web code hasn’t been tampered with or altered.
• Testing end-to-end encryption of chats: Facebook will begin testing default end-to-end encrypted chats between some people. If a person is in the test group, some of their most frequent chats may be automatically end-to-end encrypted, which means they won’t have to opt in to the feature. People will still have access to their message history, but any new messages or calls with that person will be end-to-end encrypted. People can still report messages to Facebook if they think they violate its policies, and the platform will then review the messages.
• Removal of vanish mode on Messenger: There are currently two features on Messenger in which viewed messages in an end-to-end encrypted chat automatically disappear: vanish mode and disappearing messages. Facebook is removing vanish mode, but disappearing messages will still be available in the settings of a person’s end-to-end encrypted chats. This mode allows everyone’s messages to disappear at a selected time after they’ve been seen. Vanish mode chats on Instagram aren’t end-to-end encrypted and will still be available.
• Testing expanded chat features on Instagram: Last year, Facebook started a limited test of opt-in end-to-end encrypted messages and calls on Instagram, and in February it broadened the test to include adults in Ukraine and Russia. Soon, it will expand the test even further to include people in more countries and add more features like group chats. The initial test was only available to adults, but this expanded test will be available to everyone. If a user is in the test group, they will see a prompt asking if they want to start an end-to-end encrypted chat, and a reminder of how to report messages.

Encryption battle

WhatsApp messages for years have enjoyed end-to-encryption, but Facebook has faced resistance expanding this to its other products.

In 2018 the US government for example pressured Facebook to break the encryption in its Messenger app, so law enforcement could listen to a suspect’s voice conversations in a criminal probe.

Facebook however has defended default use of end-to-end encryption for people’s messages.

Indeed, in October 2019 CEO Mark Zuckerberg defended his decision to encrypt the company’s messaging services, after an open letter protesting the move was signed by the UK Home Secretary Priti Patel, US Attorney General Bill Barr, acting US Homeland Security Secretary Kevin McAleenan, and Australian Minister for Home Affairs Peter Dutton.

It should be remembered that Facebook has been mulling full-scale deployment of end-to-end encryption for Messenger since 2016, but critics have said the security measure would make it much more difficult for law enforcement to catch child predators.

Meta had been due to rollout Messenger end-to-end encryption in 2022, but in its update this week, has confirmed it is making progress toward the global rollout of default end-to-end encryption for personal messages and calls in 2023.

This will not be popular for law enforcement and intelligence agencies around the world, who have long railed against tech companies permitting the encryption of potentially valuable data belonging to criminals and/or terrorists.