Skip to main content
banner image
venafi logo

Elon Musk Wants End-to-End Encryption for Twitter Direct Messages: Too soon or Too Late?

Elon Musk Wants End-to-End Encryption for Twitter Direct Messages: Too soon or Too Late?

twitter-end-to-end-encryption
May 4, 2022 | Brooke Crothers

Elon Musk said Twitter Direct Messages (DM) should have end-to-end encryption (E2EE). This comes in the wake of Twitter agreeing to sell itself to the business magnate earlier this month.

Learn How to Protect Your Machine Identities Now!
">

Musk’s reasoning is ostensibly simple. Twitter DMs should have end to end encryption like Signal, so no one can spy on or hack your messages,” Musk said in a tweet.

Signal, an instant messaging service, has been gaining in popularity as people express more concern about privacy. Meta’s Facebook Messenger and Instagram chats (now merged) also offer E2EE as an option. Whatsapp, also part of Meta, supports E2EE by default.

E2EE encrypts data between a sender and receiver so that no third party can access it. While there are several techniques available to protect the content of online messaging, E2EE is considered the most secure.

But end-to-end encryption has become a hot-button topic since it goes to the heart of privacy vs public good concerns.

Privacy advocates support E2EE because, they argue, it ensures online users are free from the threat of unauthorized surveillance from service providers, government agencies, cybercriminals and any other threat actors. Law enforcement agencies, on the other hand, have come out against broad use of E2EE, claiming that it could serve to protect cybercriminals.

Complicating the push to E2EE is reintroduced legislation in the U.S. that targets the removal of liability protections for online platforms that have child sexual abuse content. This is rekindling debate around end-to-end encryption (E2EE) since the law could discourage its use due to liability issues.

The state of Twitter DM

Twitter DMs contain some of the most sensitive user data on the platform, according to the Electronic Frontier Foundation.

“Because they are not end-to-end encrypted, Twitter itself has access to them. That means Twitter can hand them over in response to law enforcement requests, they can be leaked, and internal access can be abused by malicious hackers and Twitter employees themselves (as has happened in the past),” the Electronic Frontier Foundation wrote last month.

(See Twitter’s Some Important Things to Know about Direct Messages.)

The EFF goes on to say that Twitter could make DMs safer for users with E2EE and advises that Twitter do so.

“Encrypting direct messages would go a long way toward improving safety and security for users, and has the benefit of minimizing the reasonable fear that whoever happens to work at, sit on the board of, or own shares in Twitter can spy on user messages,” the EFF said.

But going E2EE isn’t simple

For years, Twitter has thought about encrypting DMs but then backed off, as The Brookings Institution recently noted when writing about Musk’s impending acquisition of Twitter.

That’s because it’s not an easy undertaking. “Rolling out E2EE represents a major technical undertaking, poses difficult product tradeoffs, and raises thorny trust and safety issues,” Brookings said, adding that “Facebook parent Meta will spend four years making E2EE the default across its messaging services.”

But it’s worth the effort because E2EE gives “technical teeth” to users’ privacy expectations, according to Brookings.

“It protects the privacy of our conversations where the law falls short…[and] if a company can’t access your messages due to E2EE, its TOS [Terms of Service] won’t say that it may search your messages and disclose them to law enforcement,” Brookings said.

What E2EE can’t do

It’s important to remember that E2EE can’t provide a perfect private messaging platform. Anyone that has access to your account – be it a hacker that has compromised an endpoint or a family member – could still read all your messages.

Encryption is critical to privacy

Encryption—in general—is critical to protecting the privacy of both individuals and organizations. Any campaign that portrays encryption in a bad light endangers the privacy protections that we all rely on. So, while there may be merit in exposing encrypted communications to certain privileged organizations—such as law enforcement—we should be extremely careful how we portray the value of encryption to those who will benefit most from its protections.

Related Posts

 

 

Like this blog? We think you will love this.
image representing big data
Featured Blog

Le chiffrement homomorphe : Définition et utilisation

Qu'est-ce que le chiffrement homomorphe ? Le

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies
eBook

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Brooke Crothers
Brooke Crothers
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more