Meta, the parent company of Facebook and Messenger, has announced that all chats on these platforms will now be encrypted by default. This move makes end-to-end encryption (E2EE) the standard, ensuring that only the sender and recipient can access messages and calls.
While users have had the option to enable encrypted messages for years, Meta’s decision makes it the automatic setting. Critics, including the UK government and law enforcement agencies, argue that default encryption could hinder efforts to detect child sexual abuse on Messenger.
James Babbage, the director general for threats at the National Crime Agency, expressed disappointment, stating, “Today our role in protecting children from sexual abuse and exploitation just got harder.”
According to Loredana Crisan, head of Messenger, the switch to encryption implies that neither Meta nor any other entity can view the content of messages, except when users choose to report a message. She emphasized that Meta collaborated with external experts, academics, advocates, and governments to address potential risks and ensure a balance between privacy and safety.
Meta plans to extend default encryption to Instagram, another platform under its ownership, in the coming year. Users will be notified when their chats transition to encryption and prompted to establish a recovery method for message restoration in case of device changes.
Apps like iMessage, Signal, and WhatsApp already employ E2EE to safeguard message privacy. However, the adoption of this technology has become a contentious issue, with arguments on both sides. Privacy advocates and supporters of E2EE contend that it enhances overall privacy and security, especially for children. In contrast, law enforcement, certain children’s charities, and the Home Office oppose the expansion of E2EE.
The recently passed Online Safety Act grants Ofcom new powers to compel tech companies to scan for child abuse material in encrypted messages. Signal and WhatsApp have expressed their refusal to comply with such requests. Despite these powers, Meta faces ongoing pressure to reconsider the expansion of E2EE.
In September, then-Home Secretary Suella Braverman claimed that Facebook Messenger and Instagram direct messages were favored platforms for online paedophiles. Meta, in response, asserted that it had implemented robust safety measures over the years to prevent, detect, and combat abuse while maintaining online security.
When E2EE becomes the default, Meta plans to use various tools, including artificial intelligence (AI), to proactively detect accounts engaged in malicious behavior, without scanning private messages, in accordance with applicable laws.
Prof Martin Albrecht, chair of cryptography at King’s College London, welcomed the move as a standard safety feature that secures not only government and business communication but also private conversations among individuals.
Privacy International, a campaign group, supported Meta’s decision, emphasizing that encryption is a crucial defense against potential abuse by data-hungry companies and governments, protecting journalists, human rights defenders, lawyers, artists, and marginalized groups.
However, Susie Hargreaves, chief executive of the Internet Watch Foundation, criticized Meta for prioritizing the privacy of alleged wrongdoers over child safety. She accused the platform of effectively welcoming paedophiles and urged Ofcom to assert its authority.
In addition to the encryption update, Meta announced other features, including the ability to edit messages within 15 minutes of sending and giving users control over whether senders receive read receipts. These changes are expected to roll out gradually over the next few months.
