‘Secret Conversations:’ End-to-End Encryption Comes to Facebook Messenger
Just a few years ago, end-to-end encryption was a nerdy niche: a tiny collection of obscure software let you encrypt communication so only your recipient could read it, but the vast majority left you no option to hide your words from hackers or eavesdroppers. This year, that balance shifted. And now, roughly 900 million more people are about to be invited into the crypto club.
On Friday, Facebook plans to roll out a beta version of a new feature it calls “secret conversations.” It’s encrypted messages, end-to-end, so that in theory no one—not a snoop on your local network, not an FBI agent with a warrant, not even Facebook itself—can intercept them. For now, the feature will be available only to a small percentage of users for testing; everyone with Facebook Messenger gets it later this summer or in early fall.
Though Facebook-owned WhatsApp rolled out full end-to-end encryption to its billion-plus users in April, this is the social media giant’s first step toward bringing a core part of its main product in line with the encryption trend. Apple has used a form of end-to-end encryption in iMessage for years; Viber added the protection to its 700 million users’ messages just weeks after WhatsApp, and Google announced in May that its new messaging app Allo would offer end-to-end encryption as an option.
“It’s table stakes in the industry now for messaging apps to offer this to people,” says Messenger product manager Tony Leach. “We wanted to make sure we’re doing what we can to make messaging private and secure.”
Facebook’s secret conversations will use a protocol called Signal, created by the non-profit Open Whisper Systems. It’s well-known and well-tested, already used in WhatsApp, Allo, and Signal’s standalone app. Open Whisper Systems’ founder, the hacker and cryptographer Moxie Marlinspike, calls Facebook’s implementation “reasonably done,” adding that other major services may soon roll out his group’s crypto standard. “We’re continuing to work with other people,” Marlinspike says cryptically. He won’t get more specific than to say that Open Whisper Systems seeks partnerships “where we can impact the largest number of users possible.”
The ‘Opt-In’ of It All
One key difference between Facebook’s approach and WhatsApp or Apple is the issue of opt-in encryption versus default. Facebook encrypts messages only when users choose to turn on secret conversations manually. The other two companies automatically encrypt every message, despite complaints from law enforcement agencies that the feature hampers surveillance capabilities.
Another difference: Facebook’s secret conversations will work only from a single device. (You have to pick which one.) End-to-end encryption requires that a unique secret key be stored on both the sender and recipient’s computer, and for now, Facebook doesn’t have a way to securely distribute that key among multiple phones, tablets and PCs. Secret conversations won’t support gifs, video, or payments yet, either. (The setting will, however, allow you to set a Snapchat-style self-destruct time limit for messages.)
But the sheer size of Facebook Messenger’s network means even a limited encryption offering could have a serious privacy impact. “This is just a huge number. It brings access to encrypted messaging to nearly a billion more people,” says Matt Green, a Johns Hopkins computer scientist who reviewed Facebook’s encryption as an outside consultant. (Facebook Messenger has 900 million active monthly users, but well over a billion installations, and Facebook spokespeople say those users don’t overlap much with its WhatsApp user base.) “If you make a list of all the messaging services that have end-to-end encryption and the ones that don’t,” Green says, “we’re starting to live in a world where the ones that don’t are mostly in China.”
Adding Facebook’s messaging network to that list will no doubt trouble law enforcement and national security hawks. Since its confrontation with Apple over the encrypted iPhone of San Bernardino killer Syed Farook, the FBI has ramped up its opposition to encryption that doesn’t allow cops to access communications with a warrant. Senators Richard Burr and Diane Feinstein in April released a bill to essentially outlaw encryption, and Senator Tom Cotton called WhatsApp’s addition of crypto an “open invitation to terrorists, drug dealers, and sexual predators to use WhatsApp’s services to endanger the American people.”
On the other hand—or maybe it’s the same hand—Facebook’s implementation of Signal as an opt-in feature will likely rankle many privacy advocates, too. When Google announced that Allo would have opt-in encryption in its “incognito” setting, the company got this response from Electronic Frontier Foundation attorney Nate Cardozo:
— Nate Cardozo (@ncardozo) May 18, 2016
And this from ACLU surveillance critic Christopher Soghoian:
Making encryption opt-in was a decision made by the business and legal teams. It enables Google to mine chats and not piss off governments.
— Christopher Soghoian (@csoghoian) May 18, 2016
It’s reasonable to expect Facebook to hear the same kind of objections. Leach says it was a technical limitation, and that making it the default “would have changed the user experience beyond what we wanted to do with Messenger. Advertising didn’t come into the discussion.”
And as for law enforcement? “This is not sucking up to governments,” Green says. “Just doing this will tick them off as much as doing this by default.” Even an opt-in encryption feature, after all, means the choice to foil surveillance of your Facebook messages will soon be one click away.
View this article: