It’s a move that has caused governments to freak out, but Facebook is admitting that it’ll take years before end-to-end encryption by default is happening.
It’s been a long-running saga that, as we figured would happen, is continuing on into this decade as well. Facebook announced that it would implement end-to-end encryption to better secure communications from prying third party eyes. The moves caused governments such as the UK and the US to lose their collective minds. Governments have gotten to the extreme of saying that encryption means the terrorists and child abusers of the world wins. Obviously, that is nowhere near the truth about encryption, but it hasn’t stopped them from trying to push the narrative.
Of course, one question some might have is how much of a reality is Facebook end-to-end encryption anyway? While individuals can use the encryption in certain modes, end-to-end encryption by default could be a long way off. This is because end-to-end encryption is going to require overcoming plenty of technical hurdles across their platforms. From Wired (Warning: ad-block blockers):
In March of last year, Mark Zuckerberg made a dramatic pledge: Facebook would apply end-to-end encryption to user communications across all of its platforms by default. The move would grant strong new protections to well over a billion users. It’s also not happening anytime soon.
What Zuckerberg didn’t spell out at the time is just how difficult that transition would be to pull off, and not just in terms of political hurdles from encryption-averse law enforcement or a shift in Facebook’s business model. Encrypting Facebook Messenger alone represents a Herculean technical challenge. According to one of the Facebook engineers leading the effort, a version of Messenger that’s fully end-to-end encrypted by default remains years away.
“I’ll be honest right now and say we’re still in a place of having more questions than answers,” said Jon Millican, Facebook’s software engineer for Messenger privacy, in a talk today at the Real World Crypto conference in New York. “While we have made progress in the planning, it turns out that adding end-to-end encryption to an existing system is incredibly challenging and involves fundamentally rethinking almost everything.”
Millican’s presentation at the conference, in fact, wasn’t about how Facebook plans to pull off the transition to default encryption for Messenger, which currently offers the feature only through its Secret Conversations mode. Instead, it seemed aimed at explaining the many hurdles to making that transition, and asking the cryptography community for ideas about how to solve them.
So, if you are hoping that absolutely everything will be encrypted by default any time soon, you’ll be sorely disappointed. The back end infrastructure is seemingly going to have to be rebuilt from the ground up just to make this a reality.
If anything, this puts into perspective how small of a proposal governments and spy networks are freaking out over. Of course, it’s also quite easy to lose focus over the fact that the war on encryption isn’t exclusively a Facebook vs government thing. Last year, big US ISPs decided to push the US government to attack Mozilla’s DoH encryption. The move likely fuelled by ISP lobbying after a leaked slide show pointed to that. The ISPs motivation, for some, is that they want to pump targeted advertising to their subscribers. DoH encryption could theoretically thwart that effort.
At any rate, if US lawmakers push through legislation as threatened in their Senate hearings, end-to-end encryption could be outlawed before most users even have a chance to use it.
Drew Wilson on Twitter: @icecube85 and Facebook.