The initial introduction of the encryption feature is meant as a test, a Facebook spokeswoman said. During the test phase, only certain users with the latest version of the Messenger app installed on Apple or Android devices will be able initiate conversations. Their correspondents will be able to reply.
“We’re rolling out this additional capability as an option for the most sensitive conversations you might need to have,” said David Marcus, Facebook’s vice president of messaging products, in a post on his personal Facebook page.
Encryption has long been used in software, and most messaging apps use some form of it today to forestall basic snooping, whether by criminals or law enforcement. But much encrypted data is still stored in a form where companies themselves can easily read it — and hand it over to government agents when ordered to do so.
More sophisticated encryption that is difficult to break, even by the company providing it, has been at the heart of an argument between technology companies and government officials, as law enforcement officials seek to examine digital evidence in a wide variety of cases, and politicians debate how to give them the tools to do so.
This feature won’t perfectly protect people against all possible attacks. Hackers — including state-backed ones — could infect a device with malicious software and take screenshots of sensitive conversations while they’re being read.
But by offering stronger protections in Messenger, a widely used product, Facebook could be seen as making a powerful statement in the encryption debate.
Already, Facebook is facing trouble in Brazil for refusing to provide data from WhatsApp, a separate messaging service it owns, for a criminal investigation. A judge ordered the service blocked and fined the company in May. Facebook has said that WhatsApp does not have the data requested, because WhatsApp conversations are encrypted in a way the company can’t break.
Facebook could face the same problem if courts order it to provide messages from a secret conversation in Messenger.
At the same time, users and privacy advocates are pushing Facebook to make its products more secure.
“I think this really fits the last piece of the puzzle into place,” said Matthew Green, an assistant professor at Johns Hopkins University’s Department of Computer Science, who reviewed a version of Messenger’s encryption code in April. “This is not something there is debate about. I think someone at Facebook called it ‘table stakes for having a messaging application.’”
Green said most popular messaging applications now offer some form of the more complete encryption that will soon be available in Messenger.
He said Messenger’s secret conversations feature will be available initially to roughly 1 percent of Facebook Messenger’s 900 million users.
“If nothing catches fire, I think they are going to pretty quickly roll it out to everyone,” Green said.
By the end of the summer, Facebook said, the encryption feature will become widely available.
As an added layer of assurance, these secret-mode messages will be stored only on devices, not on the social network’s servers. “They see encrypted stuff go over the wire, but they can’t read it,” Green said. Even to Facebook engineers, those encrypted messages will look like gobbledygook.
Facebook will also include a feature in Messenger that will erase messages after an allotted period of time, a popular aspect of Snapchat and other confidential messaging apps.
As it has with WhatsApp, Facebook is again using the Signal Protocol developed by San Francisco nonprofit Open Whisper Systems.
The software group started “poking in and providing feedback” roughly five months ago, said founder Moxie Marlinspike, and it reviewed the code a few days ago.
Unlike WhatsApp, Messenger will not turn on the encryption by default. People will have to choose to use the feature for individual conversations, and those conversations can only be read on a single device.
That approach has drawn criticism. Mixing “secret” and regular messages is not secure by definition, said Nate Cardozo, a staff attorney at the Electronic Frontier Foundation. “It’s too easy to mess up. It’s too easy to send a message believing that it’s secure, but accidentally send it in the insecure mode.”
Observers have leveled similar criticism at Google’s recently introduced messaging app, Allo.
©2016 the San Francisco Chronicle. Distributed by Tribune Content Agency, LLC.
