Meta delays product-wide end-to-end encryption rollout until 2023

The company wants to 'take its time' to implement the technology in a way that both protects privacy and prevents exposure to online harms

Meta has announced plans to delay the global rollout of end-to-end encryption (E2EE) across its messaging applications to 2023.

The company previously said it would have E2EE across all its products by 2022 at the earliest.

Meta said it would be taking additional time to ensure the implementation across Facebook Messenger and Instagram is done correctly, protecting privacy while also mitigating the risk of online harms.

WhatsApp is currently the only app in Meta's product portfolio that enables E2EE by default, although it has previously been criticised for allowing moderators to access the contents of any messages flagged by users as potentially abusive.

“We’re taking our time to get this right and we don’t plan to finish the global rollout of end-to-end encryption by default across all our messaging services until sometime in 2023,” said Antigone Davis, head of safety at Meta, the Sunday Telegraph.

“As a company that connects billions of people around the world and has built industry-leading technology, we’re determined to protect people’s private communications and keep people safe online,” she added.

E2EE has created an ongoing debate around the divide between privacy and personal safety. Meta said it's taking time to implement E2EE in a way that upholds both, but how that happens is unclear.

If E2EE is deployed in its proper form, with unique on-device encryption, it should be impossible to facilitate any third-party oversight of what is communicated through the technology without breaking its fundamental principles.

Related Resource

Multi-factor authentication deployment guide

A complete guide to selecting and deploying your MFA authentication guide

The whitepaper title on a strip of swirling blue and purple diagonal across the pageFree download

"Encryption is an absolute. You either have it or you don’t. There is no 'getting it right'," said Andy Yen, founder and CEO at Proton. "The best way to protect privacy and user data is to not have the data in the first place. 

"Of course we need to ensure tech is not misused, but there are many ways to combat criminal behaviour," he added. "Back doors and similar methods of undermining privacy are an ineffective way of preventing crime. If Meta cared as much about user privacy as it claims, it would have implemented end to end encryption a long time ago."

From a cyber security perspective, Jim Killock, executive director at Open Rights Group, said there is a clear argument that E2EE offers protections for the everyday consumer and calls for its removal would be welcomed by cyber criminals all over.

"There are many ways of tackling crime. Storing all communications in the clear is just one; the focus on E2EE is narrow and misleading," he told IT Pro. "What is certain is that E2EE provides security from cybercriminals and hacking.

"Government campaigning against security technologies is a gift to cybercriminals," he added.

However, repeated calls for a proposed 'backdoor' in E2EE-enabled messaging services have been made by governments across the world.

The main opposing arguments are those related to the protection of children online and safeguarding national security from terror events, for example.

Home Secretary Priti Patel labelled Facebook's encryption plans "simply not acceptable" earlier this year at an event run by the National Society for the Prevention of Cruelty to Children (NSPCC). Patel said tech companies have a duty to protect children from online harms.

"Facebook is right not to proceed with end-to-end encryption until it has a proper plan to prevent child abuse going undetected on its platforms," said Andy Burrows, head of child safety online policy at the NSPCC, to the Guardian.

"But they should only go ahead with these measures when they can demonstrate they have the technology in place that will ensure children will be at no greater risk of abuse," he added.

Coinciding with Meta's new 2023 encryption deadline is the enactment of the UK's Online Safety Bill, which will force online platforms to implement protections for users, including children, from harm and address abusive content.

The domestic legislation may stifle Meta's ability to enable E2EE across its products, but to what extent the Online Safety Bill will impede consumer privacy through encrypted messaging remains to be seen.

Featured Resources

Seven steps to connect and empower your frontline workers

How business leaders can improve communication with a secure platform

Free download

Create what’s next

The future of collaboration and productivity

Free Download

Leveraging the cloud without relinquishing control

Your data. Their cloud.

Free download

Re-architecting for nonstop innovation

Unlocking productivity, scalability, and lower costs for cloud natives

Free Download

Recommended

Podcast transcript: Can the US take on big tech?
Policy & legislation

Podcast transcript: Can the US take on big tech?

19 Nov 2021
The IT Pro Podcast: Can the US take on big tech?
Policy & legislation

The IT Pro Podcast: Can the US take on big tech?

19 Nov 2021
Microsoft and Meta announce integration deal between Teams and Workplace
collaboration

Microsoft and Meta announce integration deal between Teams and Workplace

11 Nov 2021
IT Pro News In Review: Microsoft pitches 'metaverse', Graff's celebrity data leak, Meta facial recognition
biometrics

IT Pro News In Review: Microsoft pitches 'metaverse', Graff's celebrity data leak, Meta facial recognition

5 Nov 2021

Most Popular

How to speed up Microsoft's Windows 11
Microsoft Windows

How to speed up Microsoft's Windows 11

9 Nov 2021
Nike to take customers into the metaverse with 'NIKELAND'
virtualisation

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

12 Nov 2021