Facebook talks up end-to-end encryption, but still won’t use it on Messenger
News broke out a few days ago that the WhatsApp co-founder that’s still working for Facebook will leave the company soon over various differences with Facebook’s vision for WhatsApp that include monetization and encryption. Jan Koum, reports said, has had it with fighting Mark Zuckerberg and Co. about user data sharing and encryption. Facebook was apparently looking to weaken WhatsApp encryption.
With that in mind, it’s certainly strange to see Facebook make the case for the need of strong encryption in one of its Hard Questions blog episodes.
The Why Does Facebook Enable End-to-End Encryption? title is slightly misleading, as it seems to indicate that all of Facebook’s services are end-to-end encrypted. Facebook Messenger, its other popular chat service, isn’t end-to-end encrypted by default.
The post, penned by Gail Kent, Facebook’s global public policy lead on security, makes it clear that it’s mostly about WhatsApp.
Kent, however, seems to have a dual stance on the need for encryption. Sure, it’s good for protecting data, but it’s also bad for criminal cases involving encrypted devices or services. And this comes from the previous experience with the British National Crime Agency where Kent worked for two decades before joining Facebook:
We used encryption on a daily basis. It made it possible to communicate securely within our own organization as well as other agencies and sources in the field. But it could also create challenges in obtaining evidence. So I have experienced the trade-offs of encryption first hand. Yet I feel strongly that society is better off with it.
But Kent tells us that Facebook is in favor of strong encryption:
[Now] that I’m at Facebook, which owns WhatsApp, I hear from government officials who question why we continue to enable end-to-end encryption when we know it’s being used by bad people to do bad things. That’s a fair question. But there would be a clear trade-off without it: it would remove an important layer of security for the hundreds of millions of law-abiding people that rely on end-to-end encryption. In addition, changing our encryption practices would not stop bad actors from using end-to-end encryption since other, less responsible services are available.
The point Kent seems to make is that Facebook will not be weakening encryption for WhatsApp, as the previous reports claimed. However, there’s no mention of Jan Koum in this Hard Questions piece.
We can only hope that going forward Facebook will not weaken encryption for WhatsApp. What’s puzzling about the post is that Facebook fails to explain why Facebook Messenger isn’t end-to-end encrypted. If encrypting communication for WhatsApp is so critical, why does Facebook have a different standard for Messenger, where the user has to start a secret conversation to get the same perks?