According to Antigone Davis, Meta’s Global Head of Safety, the company, formerly known as Facebook, who wrote an op-ed in the British newspaper, will be rolling out end-to-end encryption across all of its services by “sometime in 2023”. Delaying the rollout. Wire this weekend.
While Facebook-owned WhatsApp has E2EE everywhere since 2016, most of the tech giant’s services do not ensure that only the user holds the key to decrypt the messaging data. Meaning those services can be summoned or hit with a warrant for providing messaging data to public officials.
But back in 2019 – in the wake of global attention to the Cambridge Analytica data abuse scandal – founder Mark Zuckerberg announced The company will work towards universally implementing end-to-end encryption across all of its services as part of the claimed ‘pivot of privacy’.
Zuckerberg did not give a specific timeline for completing the rollout, but earlier this year, Facebook suggested It will complete the rollout during 2022.
Now the tech giant is saying it won’t do so until “sometime” next year. Which clearly sounds like it could be kicked in the street.
Davis said the delays are a result of the social media giant wanting to take the time to make sure it can deploy the technology securely — being able to pass information to law enforcement to aid child safety. In the sense of being able to maintain the potential of. the inspection.
“As we do this, there is an ongoing debate about how tech companies can continue to combat abuse and support the important work of law enforcement if we cannot access your messages. Ours We believe that people should not choose between privacy and security, which is why we are building strong safeguards into our plans and working with privacy and security experts, civil society and governments to ensure Doing that we get this right,” she writes, adding that it adds “proactive detection technology to ID suspicious patterns of activity, along with advanced controls for users and the ability for users to report problems.” ” will use.
Western governments, including the UK, have been lashing out at Facebook for delaying or abandoning its plan to composite services into the strongest level of encryption – ever since it announced its plan to ‘e2ee all things’ in two years. Public declaration of intention. Earlier.
The UK has been a particularly vocal critic of Facebook on this front, with Home Secretary Priti Patel very publicly (and repeatedly) alert facebook That its plans to expand to e2ee would hinder efforts to tackle online child abuse – casting the tech giant as an irresponsible villain in the fight against the production and distribution of child sexual abuse material (CSAM).
So it seems no coincidence that Meta’s op-ed in the British government’s favorite newspaper.
“As we roll out end-to-end encryption, we will use a combination of non-encrypted data in our apps, account information and reports to protect users in a privacy-protected manner while aiding in public security efforts.” Will use,” Davis also writes in the Telegraph, “this kind of work already enables us to make important reports from WhatsApp to child protection authorities.”
He suggested that Meta/Facebook review a number of historical cases – and concluded that it “will still be able to provide important information to authorities even if those services are encrypted end-to-end” – adding: “While no system is perfect, it shows that we are able to deter criminals and serve law enforcement.” Can continue to support. ,
How can Facebook actually pass data on to users, even if all the coms on its services are end-to-end encrypted?
Users are not privy to the exact details of how Facebook/Meta connects to points of their activity in their social empire – but while Facebook’s e2EE application on WhatsApp includes messaging/comms content, for example, it Doesn’t extend to metadata (which can provide a lot of intel on its own).
The tech giant regularly links accounts and account activity across its social media empire — passing data such as a WhatsApp user’s mobile phone number to its eponymous service, following a controversial privacy U-turn back in 2016. It connects users to (public) social media. Activity on Facebook (if they have or have an account there) with a more constrained form of socialization that typifies activity on WhatsApp (ie one-to-one com, or group chats in a private e2ee channel).
Thus Facebook can take advantage of its vast scale (and historical profiles of users) to flesh out a WhatsApp user’s social graph and interests – based on things like who they are talking to; to whom are they connected; Despite WhatsApp messaging/com content being end-to-end encrypted, they have liked and done all of its services (most of which are not e2ee yet).
(Or as Davis’ op-ed says: “As we roll out end-to-end encryption, we will use a combination of non-encrypted data in our apps, account information, and users’ reports to help them To be kept safe in privacy – a protected way while aiding in public safety efforts. This kind of work already enables us to make important reports from WhatsApp to child protection authorities.”)
Earlier this fall, Facebook was fined a major fine related to WhatsApp transparency obligations in the European Union – the DPA found it had failed to properly inform users of what it was doing with their data, including Including how it passes information between WhatsApp and . Facebook.
Returning specifically to e2ee, last month Facebook whistleblower Frances Haugen raised concerns over the tech giant’s application of the technology – arguing that since it’s a proprietary (i.e. rather than open source) implementation, Facebook trusts users. /Meta’s security claims should be taken as an independent third. The parties are unable to verify that the code does what it claims.
She also suggested that there is no way for outsiders to know how Facebook interprets e2ee – which is why it is concerned about its plans to expand the use of e2ee – “because we don’t know that’s what they’re going to do”, as he put it.
“We don’t know what this means, we don’t know if people’s privacy is really protected,” Hogen told MPs in the UK Parliament, further warning: “It’s nuanced and it’s a different context. The open source end-to-end encryption product I love to use, there is no directory where you can find 14 year olds, no directory where you can find the Uighur community in Bangkok. but it is trivially easy To reach out to the vulnerable population and there are national state actors who are doing this. ,
Haugen was careful to speak in support of e2ee – saying that she is a proponent of open source implementations of security technology, i.e. where outside experts can robustly question the code and claims.
But in the case of Facebook, where its e2ee implementation isn’t open to anyone to verify, it suggested regulatory oversight is needed to avoid the tech giant’s misleading claims about how much privacy (and hence from potentially harmful surveillance). security, such as an authoritarian state) the users actually have.
Davies’ op-ed – titled “We will protect privacy and prevent harm” – appears to be intended to placate UK policymakers that they can ‘have their cake and eat’; It ended with the promise that META “will continue to engage with outside experts and develop effective solutions to combat abuse”.
“We are taking our time to get this right and do not plan to end the global rollout of end-to-end encryption by default across all of our messaging services until sometime in 2023,” Davis says. Davis says, ending with another detail- Lite Soundbite that it is “determined to protect people’s private communications and keep people safe online”.
While the UK government would certainly be pleased with the line-toting quality of Facebook’s latest public missives on a very thorny topic, Its announcement that it is delaying e2ee to “get it right” – following continued pressure from ministers like Patel – is expected to raise concerns about what “right” means in such a privacy-sensitive context. Chances are.
Surely the broader community of digital rights advocates and security experts will be watching closely what Meta does here.
The UK government recently split nearly half a million taxpayers’ money over five projects to develop scanning/filtering technologies that could be implemented on e2ee services – the creation of child sexual abuse material (CSAM). After ministers said they wanted to encourage innovation around “technical security” through the development of “alternative solutions” (i.e. one that would not require a platform) to detect, report or block No e2ee but instead to embed some sort of scanning/filtering technology in the encrypted system for CSAM detection/combat).
Britain’s preferred approach therefore appears to be to use political concern for child safety – which it is also legislating in the Online Safety Bill – to push platforms to implement spyware that transmits encrypted content to users’ devices. Allows scanning, regardless of what e2ee claims.
Whether such baked-in scanner systems are essentially the backdoor equivalent in protecting strong encryption (despite ministers’ claims otherwise) will certainly be a matter of close scrutiny and debate in the coming months/years.
It’s instructive here to look at Apple’s recent proposal to add a CSAM detection system to its mobile OS – where the technology was slated to scan content on a user’s device before uploading it to its iCloud storage service.
Apple initially took a bullish stance on the proactive move – claiming it has “developed technology that can balance strong child protection and user privacy”.
However, after a storm of concern from privacy and security experts – as well as after warnings that such a system, once installed, would suffer ‘feature creep’ (whether scanned for copyrighted material by commercial interests). To do so; or to target political dissidents from hostile states living under authoritarian regimes) — less than a month after Apple said it would delay implementing the system.
It’s unclear when/whether Apple might revive the scanner on the device.
While the iPhone maker has built a reputation (and very lucrative business) as a privacy-focused company, Facebook’s advertising empire is the opposite beast: synonymous with surveillance for profit. So expect the social media behemoth — whose founder (and all-too-powerful) has systematically presided over a string of scandals involving privacy-hostile decisions — to face continued political pressure to bake spyware into its products. To hold the line. For Facebook to deny its own DNA.
Its recent corporate rebranding for Meta looks much more superficial than that.