After years of tech companies and police fumbling and clashing over end-to-end encryption, Meta this week brandished a new tool in its arsenal that may help the social media giant resist government pressure to change course or weaken its plan to implement end-to-end encryption across its private communication services.
On Monday, Meta published a report about the human rights impacts of end-to-end encryption produced by Business for Social Responsibility, a nonprofit focused on corporate impacts. Meta, which commissioned the independent BSR report, also published its response. In a study that took more than two years to complete, BSR found that end-to-end encryption is overwhelmingly positive and crucial for protecting human rights, but it also delved into the criminal activity and violent extremism that can find safe haven on end-to-end encrypted platforms. Crucially, the report also offers recommendations for how to potentially mitigate these negative impacts.
Since 2019, Meta has said that it will eventually bring end-to-end encryption to all of its messaging platforms. The security measure, designed to box services out of accessing their users’ communications, has already long been deployed on the Meta-owned platform WhatsApp, but the initiative would bring the protection to Facebook Messenger and Instagram Direct Messenger as well. Meta has said that its delay in fully deploying end-to-end encryption on these other services largely has to do with technical challenges and interoperability issues, but the company has also faced criticism about the plan from the United States government and other countries around the world over concerns that adding the feature would make it more difficult for the company and law enforcement to counter a range of threats, like child abuse and distribution of child sexual abuse material, coordinated disinformation campaigns, viral hate speech, terrorism, and violent extremism. The US government, and the FBI specifically, has long argued that comprehensive encryption that protects user data equally protects suspects from criminal investigations, thus endangering the public and national security.
“I am glad to see BSR’s report affirm the crucial role that encryption plays in protecting human rights,” says Riana Pfefferkorn, a research scholar at the Stanford Internet Observatory who was not involved in the study. “While it’s true that undesirable conduct occurs in encrypted contexts, most people aren’t criminals, whereas everyone needs privacy and security. Weakening encryption is not the answer.”
The question for Meta and privacy advocates around the world has been how to develop mechanisms for stopping digital abuse before it starts, flagging potentially suspicious behavior without gaining access to users’ actual communications, and creating mechanisms that allow users to effectively report potentially abusive behavior. Even very recent efforts to strike a balance have been met with intense criticism by privacy and encryption advocates.
For example, Apple announced plans in August to debut a feature that would scan user’s data locally on their devices for child sexual abuse material. That way, the reasoning went, Apple wouldn’t need to access the data directly or compile it in the cloud to check for abusive material. Researchers raised a host of concerns, though, about the potential for such a mechanism to be manipulated and abused and the risk that it wouldn’t even accomplish its goal if the system produced a slew of false positives and false negatives. Within a month, Apple backed down, saying it needed time to reassess the scheme.