End-to-end encryption refers to the practice of coding messages so that only the sender and recipient can see their contents without the messaging platform having any access to them. While a large subset of users may not actively consider the level and type of encryption their messages have, it is becoming increasingly important that they do — or, some experts say, that tech companies make a choice for them.
“The end of Roe throws into sharp relief the paramount importance of turning on [end-to-end encryption] by default instead of making users navigate security and privacy settings for themselves,” said Rianna Pfefferkorn, a research scholar at the Stanford Internet Observatory whose work focuses on encryption.
Facebook’s long road to accomplishing that, however, highlights the broader challenges facing the industry and the tradeoffs between privacy and convenience that companies and users increasingly have to make.
Facebook’s evolving approach to encryption
Meta’s mobile messaging platform WhatsApp already offers default end-to-end encryption, as well as encrypted backups of users’ messages. In recent years, Meta has worked to expand and improve its encryption options for its other services.
Facebook, along with other tech companies, has long had to contend with pressure from government officials around the world over making messages accessible to law enforcement agencies in order to prevent bad actors from using their platforms for illegal activities.
In her piece, Davis noted the “ongoing debate about how tech companies can continue to combat abuse and support the vital work of law enforcement if we can’t access your messages.” She said the company was “engaging with privacy and safety experts, civil society and governments to make sure we get this right.”
As part of its updates, Meta appeared to offer an example of how it’s trying to walk the line between bolstering privacy and combating abuse. The company said it would only be able to see encrypted messages in live conversations if users report them, for example, over harassment concerns.
Meta also reiterated it plans to extend the default option to all its messaging services “sometime in 2023.”
Despite the delay, Meta’s encryption goals appear closer to being realized than many of its messaging peers.
“Facebook recognizes how important encryption is for protecting our personal privacy,” Pfefferkorn said. “To that end, it has been working for years on making Messenger more like WhatsApp.”
What you need to know to protect your messages
Beyond Meta’s suite of apps, it can be hard to keep straight the level of encryption provided by popular messaging services.
Twitter does not encrypt direct messages on its platform, something the platform’s possible future owner Elon Musk has said he wants to change. Other messaging apps such as Signal do offer end-to-end encryption by default, while Telegram allows users to opt in. SMS text messages aren’t encrypted at all.
“If you use iMessage, turn off iCloud backups [and] turn off iCloud backups of your WhatsApp,” said Laura Edelson, a postdoctoral researcher with the Cybersecurity for Democracy initiative at New York University’s Tandon School of Engineering. “The first thing to do if you are an iPhone user is going to your iPhone settings and see what’s being backed up.”
In general, she said, the ideal would be using a messaging platform that is end-to-end encrypted by default. But if you do use a platform such as Facebook Messenger that isn’t, Edelson recommends going into your settings and enabling it. She also suggests nudging the people you text to use more secure platforms such as Signal.
But as more Americans weigh encryption options in the wake of the Roe ruling, it’s important to be mindful of potential drawbacks, too. For example, losing your phone or forgetting your password could mean those messages are lost forever.
While WhatsApp currently offers encrypted backups, most other messaging apps do not, and backing up your messages could make them potentially vulnerable in a way that defeats the purpose of encrypting them in the first place.
“We have trained users that they can access their messages anywhere, from any computer, just by logging in, and that if they need to there is some third party who can recover them,” Edelson said. “But what inherently comes with that if there is some third party who can recover your messages for you, they can recover your messages for anyone else.”
Still, for those concerned about the shifting legal landscape, the tradeoffs may be worth it.
“No one needs absolute privacy until the moment they need absolute privacy,” she said, “and then they really need it.”
