Facebook and Messenger to Automatically Encrypt Messages

All Facebook and Messenger conversations will be automatically encrypted, Meta’s parent company has announced.

Messages and calls protected by end-to-end encryption (E2EE) can only be read by the sender and recipient.

For years, it has been possible to opt into encrypted messages, but now it will become the default setting.

Critics, including the UK government and police, claim that the switch to default encryption will make it more challenging to detect child sexual abuse on Messenger.

Home Secretary James Cleverly said he was “extremely disappointed” by Meta’s decision after collaborating to address other online dangers.

“We will continue to work closely with them (Meta) to safeguard children online, but we must be honest that in our view, this is a significant backward step,” he said.

James Babbage, Director General for Threats at the National Crime Agency, also expressed strong criticism.

“It’s highly disappointing that Meta is choosing to implement end-to-end encryption on Facebook Messenger.

“Today, our role in protecting children from sexual abuse has become more difficult,” he said.

Privacy and Security Switching to encryption means no one, including Meta, can see what’s sent or said, “unless you choose to report a message to us,” wrote Loredana Crisan, head of Messenger, in a post announcing the change.

The company has collaborated with external experts, academics, advocates, and governments to identify risks to “ensure that privacy and security go hand-in-hand,” she wrote.

It’s anticipated that messages on Instagram, also owned by Meta, may be encrypted by default in the new year.

Meta says people will know when their chats are upgraded and encrypted because they’ll be asked to set up a recovery method to restore their messages if they lose, change, or add a device.

Apps like iMessage, Signal, and WhatsApp all protect message privacy with E2EE, but this technology has become a political battleground.

The apps and their supporters argue that the technology safeguards privacy and security, including that of children.

However, law enforcement, major children’s charities, and governments have opposed the expansion of E2EE.

New powers in the recently enacted Online Safety Act could enable Ofcom to compel tech companies to scan for child abuse material in encrypted messages. Signal and WhatsApp have stated they’ll refuse to comply with such requests.

Despite these powers, there’s continued pressure on Meta to restrain the expansion of E2EE.

In September, then-Home Secretary Suella Braverman alleged that Facebook Messenger and Instagram direct messages were the platforms of choice for online pedophiles, telling the BBC that “we are arresting about 800 offenders a month in this country; we are safeguarding about 1,200 children a month from this heinous crime.”

Malicious Patterns However, Meta argued that it had spent years developing robust security measures to prevent, detect, and combat abuse while maintaining online security.

“When E2EE becomes default, we’ll also use various tools, including artificial intelligence, within the bounds of applicable law, to proactively detect accounts engaged in harmful behavioral patterns rather than scanning private messages,” the company wrote.

Professor Martin Albrecht, Chair of Cryptography at King’s College London, welcomed the addition as what he termed a standard security feature.

“It secures not only government and business communications but also private conversations between parents and their children, parents discussing their children, or groups of friends of all ages,” he said.

Privacy International, a campaign group, supported the tech firm’s decision. Encryption, they told the BBC, is “a critical defense, shielding journalists, human rights defenders, lawyers, artists, and marginalized groups from potential abuse by data-hungry companies and governments.”

However, Susie Hargreaves, CEO of the Internet Watch Foundation, working to identify and remove online child sexual abuse material, said she was outraged that Meta had chosen to “prioritize the privacy of pedophiles over the safety of our children.”

She accused the platform, which, she noted, had a strong record of detecting substantial amounts of child abuse material before it appeared on its services, of “effectively rolling out the welcome mat for pedophiles.”

Now it’s up to Ofcom “to show its teeth,” Ms. Hargreaves said.

Read Receipts The company also announced on Wednesday that it would introduce several new features, including the ability to edit messages up to 15 minutes after they’ve been sent.

They’ll also give users the ability to control whether people who send messages receive “read receipts,” informing them that a message has been read.

The changes will take several months to be fully implemented, the company said.