How to make sure your private messages stay private
Meta effectively delayed its timeline for implementing end-to-end encryption as a default feature across its social media platforms in the past year. The executive stated that the privacy-enhancing part is not expected to be in place until 2023.
The delay came into the spotlight again this week following news that Facebook messages that were sent via Messenger and subsequently retrieved by law enforcement agencies had been used to accuse one Nebraska teenage girl along with her mother of having an illegal abortion.
The trial began just before the Supreme Court overturned Roe v. Wade in June. Meta stated that the warrant it was served did not specifically mention abortion. For some privacy experts, the case highlighted the risks women now face when they share their personal information online and the need for tech companies such as Facebook to make encryption end-to-end in default.
End-to-end encryption is the process of coding messages to ensure that only the recipient and sender can view the contents, creating a secure environment for protected messages. This ensures that the messaging platform does not have access to the content. Although a significant portion of users might not think about the type and level of encryption their messages come with, it’s becoming essential that tech companies decide for their users.
“The end of Roe throws into sharp relief the paramount importance of turning on [end-to-end encryption] by default instead of making users navigate security and privacy settings for themselves,” said Rianna Pfefferkorn, who is a researcher at the Stanford Internet Observatory; his work concentrates on encryption.
The long journey of Facebook to achieve this reveals the company’s more significant challenges and the compromises between convenience and privacy that users and companies must make.
Facebook’s growing approach to encryption
Meta’s platform for messaging on mobile WhatsApp already comes with default end-to-end encryption, along with encrypted backups of users’ messages.
Recently, Meta has worked to extend and improve its encryption options for other offerings.
In April 2021, the executive director declared that Facebook would not be able to roll out end-to-end encryption as a default feature across all of its services “sometime in 2022 is the earliest deadline”. A few months after, a different Facebook director, Antigone Davis, published an op-ed in a British publication that revealed the option would not be accessible “until sometime in 2023.”
Facebook and other tech companies have faced demands from officials of governments around the globe to make their messages available to law enforcement authorities to deter criminals from using their platforms for illicit acts.
Davis noted the “ongoing debate about how tech companies can continue to combat abuse and support the vital work of law enforcement if we can’t access your messages.” The company said it had to engage with privacy and safety experts, civil society, and governments to ensure they do the right thing.
After the Nebraska announcement this week, Meta announced it would start testing end-to-end encryption as a default feature in Facebook Messenger and a “secure storage” option for encrypted messages on Facebook. A Meta spokesperson confirmed that the time of the updates did not have anything to do with it.
As part of its changes, Meta appeared to illustrate how it’s trying to maintain privacy while tackling the abuse. Meta said that it would only be able to see encrypted messages in live chats when users complain about them, for example, due to harassment issues.
Meta has also reiterated its plans to offer the default option to all its messaging services “sometime in 2023.”
Despite the delays, Meta’s encryption goals seem to be achieved closer than most of its peers in messaging. Facebook recognizes how important encryption is for protecting our personal privacy.
What must you know to safeguard your information?
Beyond Meta’s collection of apps, it isn’t easy to discern the degree of encryption offered by popular messaging platforms.
- Twitter does not protect direct messages sent through its platform.
The subsequent owner, Elon Musk, has stated that he would like to modify this feature. Other messaging applications like Signal provide encryption end-to-end by default, and Telegram lets users opt-in.
- Text messages sent via SMS aren’t protected in any way.
- Apple’s iMessage has an additional encryption profile that is more complex across different devices and services.
Although iMessage is encrypted from end-to-end in default, message backups sent to iCloud aren’t as secure, and the information needed to decrypt the messages is stored on iCloud. If law enforcement officials have access to the iCloud account, the authorities might possess both pieces to gain access to your messages, even from an encryption service.
“If you use iMessage, turn off iCloud backups and turn off iCloud backups of your WhatsApp,” said Laura Edelson, a postdoctoral researcher at the Cybersecurity for Democracy initiative at the New York University’s Tandon School of Engineering. “The first thing to do if you are an iPhone user is go to your iPhone settings and see what’s being backed up.”
As a general rule, she added that the best solution is using a secure messaging service from beginning to end by default. However, if you use platforms like Facebook Messenger, Edelson suggests going into your settings and checking all the turned-on features. Also, she encourages individuals to use more secure platforms like Signal.
Potential disadvantages
As more Americans consider encryption options following the Roe ruling, it’s vital to be aware of the potential disadvantages. For instance, losing your phone or password may mean that those messages will be lost forever.
Although WhatsApp provides encrypted backups, many other messaging applications do not backup the messages. They may be vulnerable in a manner that would initially defeat the point of encryption.
“We have trained users to access their messages anywhere, from any computer, just by logging in. If they need it, even some third party can recover them,” Edelson stated. “But what inherently comes with that – if there is some third party who can recover your messages for you, they can recover your messages for anyone else as well.”
However, compromises might be worth the cost for those who are concerned about changing the law.
“No one needs absolute privacy until the moment they need absolute privacy,” says Edelson.
Author bio:
Daniel breathes life into writing with the power of the word. He is our tireless blogger who spends most of his time crafting insightful articles for StudyCrumb’s blog. A genuine journalism guru, he’s hopped aboard our platform to help students create essays that will strike a chord with the readers.”