Inside Facebook's encryption conundrum

The company is moving quickly to make Messenger more secure — but selling it to average users could prove to be a challenge

Inside Facebook's encryption conundrum
Facebook logo on a padlock, as interpreted by OpenAI's DALL-E

After a high-profile incident in which subpoenaed Facebook messages led to felony charges for a 17-year-old girl and her mother in a Nebraska abortion case, Meta said Thursday that it would expand testing of end-to-end encryption in Messenger ahead of a planned global rollout.

This week, the company will automatically begin to add end-to-end encryption in Messenger chats for more people. In the coming weeks, it will also increase the number of people who can begin using end-to-end encryption on direct messages in Instagram.

Meanwhile, the company has begun to test a feature called “secure storage” that will allow users to restore their chat history when they install Messenger on a new device. Backups can be locked by a PIN, and the feature is designed to prevent the company or anyone else from being able to read their contents.

The global rollout is expected to be completed next year.

Meta told Wired that it had long planned to make these announcements, and that the fact that they came so soon after the abortion case came to light was a coincidence. I’m less interested in the timing, though, than the practical challenges of making encrypted messaging the default for hundreds of millions of people. In recent conversations with Meta employees, I’ve come to understand more about what’s taking so long — and how consumer apathy toward encryption has created challenges for the company as it works to create a secure messaging app that its user base will actually use.

It has now been three years since Mark Zuckerberg announced, amid an ongoing shift away from public feeds toward private chats, that going forward the company’s products would embrace encryption and privacy. At the time, WhatsApp was already encrypted end to end; the next step was to bring the same level of protection to Messenger and Instagram. Doing so required that the apps be rebuilt almost from scratch — and teams have encountered a number of roadblocks along the way.

The first is that end-to-end encryption can be a pain to use. This is often the tradeoff we make in exchange for more security, of course. But average people may be less inclined to use a messaging app that requires them to set a PIN to restore old messages, or displays information about the security of their messages that they find confusing or off-putting.

The second, related challenge is that most people don’t know what end-to-end encryption is. Or, if they’re heard of it, they might not be able to distinguish it from other, less secure forms of encryption. Gmail, among many other platforms, encrypts messages only when a message is in transit between Google’s servers and your device. This is known as transport layer security, and it offers most users good protection, but Google — or law enforcement — can still read the contents of your messages.

Meta’s user research has shown that people grow concerned when you tell them you’re adding end-to-end encryption, one employee told me, because it scares them that the company might have been reading their messages before now. Users also sometimes assume new features are added for Meta’s benefit, rather than their own — that’s one reason the company labeled stored-message feature “secure storage,” rather than “automatic backups,” so as to emphasize security in the branding.

When they company surveyed users earlier this year, only a minority identified as being significantly concerned about their privacy, I’m told.

On Tuesday, I wrote here that companies like Meta should consider going beyond end-to-end encryption to make messages disappear by default. One employee told me this week that the company has considered doing so, but usage of the feature in Messenger to date — where it is available as an option — has been so low that making it a default has generated little enthusiasm internally.

On the contrary, I’m told, access to old messages is a high priority for many Messenger users. Messing with that too much could send users scrambling for communications apps like the ones they’re used to — the kind that keep your chat history stored on a server, where law enforcement may be able to request and read it.

A third challenge is that end-to-end encryption can be difficult to maintain even within Facebook, I’m told. Messenger is integrated into the product in ways that can break encryption — Watch Together, for example, lets people message each other while watching live video. But that inserts a third person into the chat, making encryption much more difficult.

There’s more. Encryption won’t work unless everyone is using an up-to-date version of Messenger; lots of people don’t update their apps. It’s also tough to pack encryption into a sister app like Messenger Lite, which is designed to have a small file size so it can be used by users with older phones or limited data access. End-to-end encryption technology takes up a lot of megabytes.

I bring all this up not to excuse Meta for failing to roll out end-to-end encryption up to now. The company has been working on the project steadily for three years, and while I wish it were moving faster, I’m sympathetic to some of the concerns that employees raised with me over the past few days.

At the same time, I think Meta’s challenges in bringing encryption to the masses in its messaging app raise real questions about the appetite for security in these products. Activists and journalists take it for granted that they should be using encrypted messaging apps already, ideally one with no server-side storage of messages, such as Signal.

But Meta’s research shows that average people still haven’t gotten — well, the message. And it’s an open question how the events of 2022, as well as whatever we’re in for in the next few years, may change that.

(Employees told me that Meta’s push to add encryption picked up after the invasion of Ukraine earlier this year, when stories about Russian military personnel searching captives’ phones drew attention to the dangers of permanently stored, easily accessible messages.)

For all the attention the Nebraska case got, it had almost nothing to do with the overturning of Roe vs. Wade: Nebraska already banned abortion after 20 weeks, and the medical abortion at the heart of this case — which took place at 28 weeks — would have been illegal under state law even had Roe been upheld.

Yes, Meta turned over the suspects’ messages upon being subpoenaed, but there’s nothing surprising about that, either: the company got 214,777 requests in the second half of last year, about 364,642 different accounts; it produced at least some data 72.8 percent of the time. Facebook cooperating with law enforcement is the rule, not the exception.

In another way, though, this has everything to do with Roe. Untold numbers of women will now be seeking abortion care out of state, possibly violating state law to do so, and they’ll need to communicate about it with their partners, family, and friends. The coming months and years will bring many more stories like the Kansas case, drawing fresh attention each time to how useful tech platforms are to law enforcement in gathering evidence.

It’s possible the general apathy toward encryption of most Facebook users will survive the coming storm of privacy invasions. But it strikes me as much more likely that the culture will shift to demand that companies collect and store less data, and do a better job educating people about how to use their products safely.

If there’s a silver lining in any of this, it’s that the rise in criminal prosecutions for abortion could create a massive new constituency organized to defend encryption. From India to the European Union to the United States, lawmakers and regulators have been working to undermine secure messages for many years now. To date, it has been preserved thanks in part to a loose coalition of activists, academics, civil society groups, tech platforms, and journalists: in short, some of the people who rely upon it most.

But with Roe overturned, the number of people for whom encrypted messaging is now a necessity has grown markedly. A cultural shift toward encryption could help preserve and expand access to secure messaging, both in the United States and around the world.

That shift will take time. But there’s much that tech platforms can do now, and here’s hoping they will.



Those good tweets

Talk to me

Send me tips, comments, questions, and encrypted messages: