Facebook last week said it would begin testing long anticipated end-to-end encryption capabilities in its Messenger app, enabling users to have secret conversations.
The new level of security means that a message will be visible only to the sender and the recipient — Facebook won’t even be able to read it.
Users can set a timer to limit the amount of time that a message remains visible during the conversation. Facebook has employed Open Whisper Systems’ Signal Protocol technology to provide the encryption.
One major caveat is that an end-to-end encrypted conversation can not be viewed on multiple mobile systems at the same time — however, the encryption is an optional feature.
Many users want to be able to switch devices during a conversation — for example, move from a mobile phone to a tablet or desktop computer. With the current technology, secret conversations can be read only on one device.
In addition, sending rich content like GIFs or video and making payments will not be possible using the encryption.
Some of the security protocols related to the end-to-end encryption have raised questions among Messenger users.
All secret messages are encrypted in local storage with two keys and the remote key can be revoked, said Alex Stamos, chief security officer at Facebook, in one of a series of tweets responding to concerns.
Further, it’s likely that an update to end-to-end encryption will allow it to support multidevice use, he said, which is how millions of Facebook Messenger users currently operate.
Hundreds of millions of Messenger users talk Web-to-Web, Stamos noted, but there is currently no secure way to store code or verify keys without using mobile technology.
The provision of end-to-end encryption serves two important uses for Facebook amid a robust debate about consumer privacy and security protocols around the world, commented Tim Mulligan, senior analyst at Midea Research.
“First, it will help Facebook appear to be on the side of the digital consumer; and secondly, it allows the company to inhabit the same ethical high ground that has hithero been the preserve of Apple regarding the privacy of its users,” he told TechNewsWorld.
Dual System Disappointment
Facebook’s dual approach, which allows both encrypted and unencrypted messages over the same system, is a “fundamentally unsafe design choice,” said Nate Cardozo, senior staff attorney at the Electronic Frontier Foundation.
“It’s just plain too easy to send an unencrypted message when the tool has two options,” he told TechNewsWorld.
That said, it would have been problematic for Facebook to make all messages encrypted, Cardozo conceded. It not only would have risked losing millions of customers who want the Web-to-Web option for Messenger, but also would have required a massive amount of engineering work.
Encryption Debate Echoes
The development comes at a critical time in the technology industry. Apple recently spent months fighting a Department of Justice demand that it help create a backdoor to access data on an iPhone it wanted to search for evidence in its investigation of the San Bernardino terrorist attack last year.
Apple fiercely resisted the demand, arguing it would undermine the security of the iPhone, invade customers’ privacy, and destroy consumer confidence in the product.
The case wound its way through federal court for months and put much of Silicon Valley at odds with law enforcement and national security experts who wanted the tech industry to help crack down on ISIS-related activity on social media, as well as provide greater cooperation in efforts to resolve terrorism cases.
The DoJ later found an outside firm to help it break into the iPhone used by the shooters, and Apple was left in the dark on the methods used to access the data.