Encryption continues to be a hotbed of debate, with the public and private sectors at odds. Meta, formerly Facebook, reinforced its 2019 commitment to bring end-to-end encryption to all its users when it published a report on encryption protecting basic human rights. While this is recent news, it is just the latest episode in the long-standing encryption saga between Meta and the federal government, and in the wider encryption debate at large. Let’s look at the history of this debate and what it means for encryption going forward.
The fight for encryption can be summarized by the arguments of two sides: government and business. Both agree that encryption is useful - the question at hand is, what is the cost of using encryption?
Meta took a stance on encryption when it released “A Privacy Focused Vision for Social Networking” three years ago. Since that time, it has made significant pushes towards fully encrypting all its platforms, on the basis that “implementing end-to-end encryption for all private communications is the right thing to do.”
The Zuckerberg-written manifesto states, “in a world of increasing cyber security threats and heavy-handed government intervention in many countries, people want us to take the extra step to secure their most private data. That seems right to me, as long as we take the time to build the appropriate safety systems that stop bad actors as much as we possibly can within the limits of an encrypted service.”
To this end, they are doubling down on encryption as a fundamental way of protecting consumer privacy rights, and arguably free speech rights at large, while still trying to honor “a responsibility to work with law enforcement and to help prevent [truly terrible things like child exploitation] wherever we can,” as Zuckerberg states.
This working with law enforcement is where government comes in. However, the opinions within the US Congress are often as mixed as the public vs. private debate itself, with key players fighting on both sides. Senators once backing encryption leaning legislation like the Consumer Privacy Protection Act and COPRA spun around to endorse the EARN IT Act, a government attempt to orchestrate backdoors.
Arguably, allowing backdoors into encrypted data begs the question: “is it encrypted after all?” Australia adopted backdoor laws in 2018, with mixed results. In some cases, government has even tried to take advantage of encrypted platforms, Meta and otherwise, such as when the UK sanctioned WhatsApp as an official communication tool in 2020 to deal with the Covid-19 crisis, and the US had to turn to cryptographically protected video calls so that Congress could remain active during the same time. In the UK, lawmakers struggled between implementing backdoors and using technologies without them to secure their own private communications.
It’s a difficult struggle, with points for both sides. Ultimately, the question of whether public privacy is sacrificed for public safety - or if the two are one and the same - is one that is still being answered. However, Meta’s actions this month have sent an unmistakable reply.
With the decision to fully encrypt Facebook Messenger and Instagram Direct Messenger, the company moves decidedly to break the standing encryption deadlock. To support that decision, Meta commissioned a report by the nonprofit Business for Social Responsibility, following up with their own response. The report weighed the pros and cons of encrypting public messaging platforms and stated that while it does give criminals an undetected space, the fundamental right to privacy outweighed the costs and that Facebook would continue rolling out end-to-end encryption (E2EE) across all platforms.
Meta outlined three fundamental conclusions regarding encryption.
That approach includes implementing 34 out of the 45 suggested recommendations put forth in the BSR report. Four will be partly implemented, six are being investigated and one (relating to homomorphic encryption) will be ignored (due to the technology still be largely developmental). The Meta implemented changes include:
While criminals can always increase their subtlety to evade detection, the recommendations implemented above attempt to address law enforcement’s concerns about hiding bad actors in end-to-end encrypted spaces, while supporting the public’s desire for fully encrypted communication platforms. It is a delicate balance. As Meta attempts to walk the line between public safety and individual privacy, they have definitively come down on the side of defending the privacy that protects basic human rights; or, of defining privacy as a basic human right.