Facebook Messenger: The battle over end-to-end encryption
- Published
The UK government and a coalition of charities are urging the British public to put pressure on Facebook not to introduce end-to-end encryption (E2EE) on its Messenger service.
If Facebook rolls out the ultra-secure messaging system, the campaign says, more children will be put at risk from online predators.
The public debate is likely to be fierce, as privacy campaigners and technology companies argue the system is needed to protect personal privacy and data security.
And the battle is being watched closely around the world, as many governments are also keen to halt the spread of end-to-end encryption in its current form.
For years, authorities in the UK, Australia, Canada, New Zealand, United States, India and Japan plus law enforcement agencies such as Interpol and the UK's National Crime Agency (NCA) have criticised the technology.
Meanwhile, billions of people have embraced end-to-end encryption by using services such as WhatsApp, iMessage and Signal.
On social media, the UK Home Office tweeted a video illustrating messages from a predator to a child, disappearing behind the encryption.
Allow Twitter content?
This article contains content provided by Twitter. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. You may want to read Twitter’s cookie policy, external and privacy policy, external before accepting. To view this content choose ‘accept and continue’.
Meanwhile, the Open Rights Group tweeted a video in opposition, claiming: "Criminals love [Home Secretary] Priti Patel's plan to break encryption."
Allow Twitter content?
This article contains content provided by Twitter. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. You may want to read Twitter’s cookie policy, external and privacy policy, external before accepting. To view this content choose ‘accept and continue’.
What is end-to-end encryption?
Encryption is the method of scrambling data to make it unreadable.
We use some form of encryption technology every day online without really noticing it.
That little padlock at the top of your internet browser, for example, shows the information you are sending to and receiving from the BBC website servers is encrypted. It means no-one intercepting the data can read it.
This is particularly important with sensitive online services such as internet banking or emails.
A secret code is agreed upon between a website or app and our devices.
Before we send any information to the web service over the internet, it is encrypted.
And once it reaches the company we are communicating with, it is decrypted into a readable form with the agreed-upon secret code.
This form of encryption has been welcomed by all, as it protects our data from hackers or criminals as it is travelling over the internet.
But the data is readable by the companies processing it, so security services or police can ask a company to hand over any messages or information stored.
This is an everyday part of evidence gathering for police around the world, helping them arrest and convict criminals.
What is end-to-end encryption?
End-to-end encryption goes a step further.
The code agreed upon by a sender and receiver is so secret not even the company handling our data knows it.
Only the end-user can decrypt the messages, images or phone calls.
Imagine you want to receive a letter in the post that only you can read.
You could send someone a box only you have the key for. They put their letter inside it and it locks when they close it. Then they send it to you to open with your unique key.
The digital version of the locked box is known as a "public key", while your unique key is your "private key".
The system is beloved by privacy-minded people as the data is safe from everyone. Even the messaging company is unable to decipher the data you send.
But authorities dislike it as they have no way of reading the messages, looking at the pictures or listening to the calls, even if they suspect criminal activity
Is end-to -end encryption dangerous?
The UK's campaign is focusing on the potential dangers to children.
A spokesman for the No Place to Hide campaign says rolling out end-to-end encryption would be "like turning the lights off on the ability to identify child sex abusers online".
Police would be unable to read any messages predators may send to children on Facebook Messenger, according to the campaigners.
"We're calling on social-media platforms to make a public commitment that they will only implement end-to-end encryption when they have the technology to ensure children's safety won't be put in jeopardy as a result," a representative said.
According to the US National Center for Missing and Exploited Children (NCMEC), 21.7 million reports were made in the US in 2020 about child sexual-abuse material being exchanged on social media.
The campaigners say 14 million of these reports could be lost every year if end-to-end encryption is rolled out more widely.
And they want to work with technology companies to find solutions that protect children and privacy.
What does Facebook say?
In November, parent company Meta delayed plans to roll out end-to-end encryption to Facebook Messenger and Instagram direct messages until 2023, after pressure from child-safety groups.
Meta's global head of safety, Antigone Davis, said at the time: "As a company that connects billions of people around the world and has built industry-leading technology, we're determined to protect people's private communications and keep people safe online."
The company has outlined measures it has put in place to protect children, including using machine learning to highlight unusual patterns of messaging behaviour and placing users aged under 18 into private or "friends only" accounts by default.
Is there a way to please both sides?
Ever since this debate began, around 2017, governments and charities have asked that some sort of technical workaround is created to allow security services to read end-to-end-encrypted messages.
But many cyber-security experts says it is impossible to create a security loophole, or "back door", without undermining the core principles of the technology.
Users would have to trust security services not to misuse a secret back-door key.
This is especially concerning in countries where end-to-end encryption is the only way for people to communicate safely or without censorship.
And if the UK government can convince Meta to invent some sort of new system, then it will no doubt spread to other end-to-end apps used by billions around the world.
- Published18 January 2022
- Published16 June 2021