A hot potato: End-to-end encryption (E2EE) provides a private communication system where only the sender and receiver can read the content of a message. In theory, no third party can decipher said content, which is why the FBI and other law enforcement agencies are trying to oppose the more widespread adoption of E2EE messaging channels.
Meta has started to roll out end-to-end encryption for all personal chats and calls on Messenger and Facebook. E2EE has been an option for Messenger chats since 2016, but it will now become a default feature for Facebook’s one billion global users. The transition will take some time, though.
According to Messenger vice president Loredana Crisan, Meta will use the Signal protocol together with its own Labyrinth protocol to encrypt chats and calls. E2EE will also come with some additional features, including the ability to edit messages, send higher-quality media, and set “disappearing” messages. Messages can be edited for up to 15 minutes after they are sent.
Despite using E2EE, Crisan said, users can still report abusive content in an edited message to Meta. The company will be able to see the previous versions of that message and even detect if someone took a screenshot of a disappearing message. Meta said that implementing the proper E2EE tech took the company years, as engineers needed their time to get the functionality right.
Meta ultimately designed a server-based E2EE solution, with encrypted messages stored on the company’s servers while encryption-decryption capabilities are still limited to users’ devices. The server-based solution was a “significant effort” for Messenger, and Meta had to redesign the entire system to preserve message confidentiality while providing the server-side processing required by the chat platform.
Crisan said that as Meta has so many users, the global E2EE roll-out will take “a number of months” to complete. When a chat is ready for E2EE, users will be prompted to set a recovery method (such as a PIN) so that they can restore their messages if they change, lose or add a device.
Meta said that the extra layer of security provided by E2EE will keep the content of conversations with friends and family members protected. From the moment a message leaves the sender’s device to the moment it reaches the receiver, nobody, not even Meta will be able to see its contents. This remains true unless someone chooses to report the message to the company.
Meta highlights how people yearn for truly private conversations, despite alarms from law enforcement parties about the potential abuse enabled by E2EE chats. A consortium of 15 agencies around the world recently urged the company to drop its plans, as encrypted messages could be exploited by terrorists, sex traffickers, child abusers and other miscreants to evade scrutiny and punishment.