Facebook Messenger: The battle over end-to-end encryption

  • Published
Facebook Messenger on a phoneImage source, Getty Images

The UK government and a coalition of charities are urging the British public to put pressure on Facebook not to introduce end-to-end encryption (E2EE) on its Messenger service.

If Facebook rolls out the ultra-secure messaging system, the campaign says, more children will be put at risk from online predators.

The public debate is likely to be fierce, as privacy campaigners and technology companies argue the system is needed to protect personal privacy and data security.

And the battle is being watched closely around the world, as many governments are also keen to halt the spread of end-to-end encryption in its current form.

For years, authorities in the UK, Australia, Canada, New Zealand, United States, India and Japan plus law enforcement agencies such as Interpol and the UK's National Crime Agency (NCA) have criticised the technology.

Meanwhile, billions of people have embraced end-to-end encryption by using services such as WhatsApp, iMessage and Signal.

On social media, the UK Home Office tweeted a video illustrating messages from a predator to a child, disappearing behind the encryption.

This Twitter post cannot be displayed in your browser. Please enable Javascript or try a different browser.View original content on Twitter
The BBC is not responsible for the content of external sites.
Skip twitter post by Home Office

Allow Twitter content?

This article contains content provided by Twitter. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. You may want to read Twitter’s cookie policy, external and privacy policy, external before accepting. To view this content choose ‘accept and continue’.

The BBC is not responsible for the content of external sites.
End of twitter post by Home Office

Meanwhile, the Open Rights Group tweeted a video in opposition, claiming: "Criminals love [Home Secretary] Priti Patel's plan to break encryption."

This Twitter post cannot be displayed in your browser. Please enable Javascript or try a different browser.View original content on Twitter
The BBC is not responsible for the content of external sites.
Skip twitter post by Open Rights Group

Allow Twitter content?

This article contains content provided by Twitter. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. You may want to read Twitter’s cookie policy, external and privacy policy, external before accepting. To view this content choose ‘accept and continue’.

The BBC is not responsible for the content of external sites.
End of twitter post by Open Rights Group

What is end-to-end encryption?

Encryption is the method of scrambling data to make it unreadable.

We use some form of encryption technology every day online without really noticing it.

That little padlock at the top of your internet browser, for example, shows the information you are sending to and receiving from the BBC website servers is encrypted. It means no-one intercepting the data can read it.

This is particularly important with sensitive online services such as internet banking or emails.

A secret code is agreed upon between a website or app and our devices.

Before we send any information to the web service over the internet, it is encrypted.

Image source, Reuters
Image caption,
WhatsApp is the most popular end-to-end encrypted app, with about two billion users

And once it reaches the company we are communicating with, it is decrypted into a readable form with the agreed-upon secret code.

This form of encryption has been welcomed by all, as it protects our data from hackers or criminals as it is travelling over the internet.

But the data is readable by the companies processing it, so security services or police can ask a company to hand over any messages or information stored.

This is an everyday part of evidence gathering for police around the world, helping them arrest and convict criminals.

End-to-end encryption goes a step further.

The code agreed upon by a sender and receiver is so secret not even the company handling our data knows it.

Only the end-user can decrypt the messages, images or phone calls.

Imagine you want to receive a letter in the post that only you can read.

You could send someone a box only you have the key for. They put their letter inside it and it locks when they close it. Then they send it to you to open with your unique key.

The digital version of the locked box is known as a "public key", while your unique key is your "private key".

The system is beloved by privacy-minded people as the data is safe from everyone. Even the messaging company is unable to decipher the data you send.

But authorities dislike it as they have no way of reading the messages, looking at the pictures or listening to the calls, even if they suspect criminal activity

The UK's campaign is focusing on the potential dangers to children.

A spokesman for the No Place to Hide campaign says rolling out end-to-end encryption would be "like turning the lights off on the ability to identify child sex abusers online".

Image source, Getty Images
Image caption,
End-to-end-encrypted app Signal has approximately 50 million monthly active users

Police would be unable to read any messages predators may send to children on Facebook Messenger, according to the campaigners.

"We're calling on social-media platforms to make a public commitment that they will only implement end-to-end encryption when they have the technology to ensure children's safety won't be put in jeopardy as a result," a representative said.

According to the US National Center for Missing and Exploited Children (NCMEC), 21.7 million reports were made in the US in 2020 about child sexual-abuse material being exchanged on social media.

The campaigners say 14 million of these reports could be lost every year if end-to-end encryption is rolled out more widely.

And they want to work with technology companies to find solutions that protect children and privacy.

In November, parent company Meta delayed plans to roll out end-to-end encryption to Facebook Messenger and Instagram direct messages until 2023, after pressure from child-safety groups.

Meta's global head of safety, Antigone Davis, said at the time: "As a company that connects billions of people around the world and has built industry-leading technology, we're determined to protect people's private communications and keep people safe online."

The company has outlined measures it has put in place to protect children, including using machine learning to highlight unusual patterns of messaging behaviour and placing users aged under 18 into private or "friends only" accounts by default.

Ever since this debate began, around 2017, governments and charities have asked that some sort of technical workaround is created to allow security services to read end-to-end-encrypted messages.

But many cyber-security experts says it is impossible to create a security loophole, or "back door", without undermining the core principles of the technology.

Users would have to trust security services not to misuse a secret back-door key.

This is especially concerning in countries where end-to-end encryption is the only way for people to communicate safely or without censorship.

And if the UK government can convince Meta to invent some sort of new system, then it will no doubt spread to other end-to-end apps used by billions around the world.