Meta, the parent company of Facebook, Instagram, and WhatsApp, disclosed that it doesn't intend to roll out default end-to-end encryption (E2EE) across all its messaging services until 2023, pushing its original plans by at least a year.
"We're taking our time to get this right and we don't plan to finish the global rollout of end-to-end encryption by default across all our messaging services until sometime in 2023," Meta's head of safety, Antigone Davis, said in a post published in The Telegraph over the weekend.
The new scheme, described as a "three-pronged approach," aims to employ a mix of non-encrypted data across its apps as well as account information and reports from users to improve safety and combat abuse, noting that the goal is to deter illegal behavior from happening in the first place, giving users more control, and actively encouraging users to flag harmful messages. Meta had previously outlined plans to be "fully end-to-end encrypted until sometime in 2022 at the earliest."
The Menlo Park-based tech company's products are used by 2.81 billion users on a daily basis as of September 2021.
The shift to encryption is a crucial element of Meta's proposals to build a unified privacy-focused communications platform it announced in March 2019, with CEO Mark Zuckerberg stating that the "future of communication will increasingly shift to private, encrypted services where people can be confident what they say to each other stays secure and their messages and content won't stick around forever."
To that end, the social media giant merged Messenger and Instagram chats last year to allow cross-app communications among its family of popular apps. It's worth noting that while WhatsApp is end-to-end encrypted by default, Facebook Messenger and Instagram are not. The company first launched E2EE in its Messenger app in 2016, though it's only available by switching to a "Secret Conversation" mode that's limited to mobile apps.
Meta has since extended E2EE for voice and video calls in Messenger earlier this August, along with launching a new opt-in setting as part of a limited test in certain countries that will turn on the feature for Instagram Direct Messages.
The development comes as questions are being raised about how platforms could enable E2EE while also supporting law enforcement investigations, raising concerns that wider encryption protections could acutely curtail efforts to tackle child sexual abuse and other problematic content.
"Sadly, at a time when we need to be taking more action... Facebook is still pursuing end-to-end encryption plans that place the good work and the progress that has already been made at jeopardy," U.K. General Secretary Priti Patel said in April. "We cannot allow a situation where law enforcement's ability to tackle abhorrent criminal acts and protect victims is severely hampered."
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!Join the Session
Complicating matters are new regulations in India that require messaging apps to trace the "first originator" of messages shared on WhatsApp, in a move that could break encryption safeguards, prompting the company to file a lawsuit on the grounds that such a provision invades users' privacy.
The Indian government, in an affidavit filed in response late last month, defended the law claiming platforms that "monetize users' information for business/commercial purposes are not legally entitled to claim that it protects privacy," and that such a rule is essential to counter fake news and offences concerning national security and public order.
"The Rule does not contemplate the platforms breaking the end-to-end encryption. The Rule only contemplates the platform to provide the details of the first originator by any means or mechanism available with the platform. If the platform does not have such means, the platform ought to develop such [a] mechanism considering the platform's widespread prevalence and the larger public duty," the affidavit said.