Last week it was revealed that the governments of the US, UK and Australia are pressuring Facebook to "not proceed with its plan to implement end-to-end encryption across its messaging services without ensuring that there is no reduction to user safety and without including a means for lawful access to the content of communications to protect our citizens."
APC joined over a hundred civil society organisations, including over 20 members, in supporting an open letter to Facebook encouraging the company "in no uncertain terms, to continue increasing the end-to-end security across Facebook’s messaging services." The letter also urged Facebook to resist calls to create so-called “backdoors” or “exceptional access” to the content of users’ messages, which will fundamentally weaken encryption and the privacy and security of all users. As the letter states, "each day that platforms do not support strong end-to-end security is another day that this data can be breached, mishandled, or otherwise obtained by powerful entities or rogue actors to exploit it."
WhatsApp, which is owned by Facebook, already employs end-to-end encryption. In March 2019, Facebook's CEO Zuckerberg announced plans to integrate Facebook’s other messaging apps, Facebook Messenger and Instagram, with WhatsApp and incorporate end-to-end encryption across the entire service. This move is part of Facebook's shift towards what they call "A Privacy-Focused Vision for Social Networking."
APC supports the extension of encryption across all of Facebook's communication apps, a move that would enhance the privacy of billions of people around the world who use Facebook's services. The measure from the governments of the US, UK and Australia would establish a dangerous precedent of forcing a company to provide for access to the content of private communications, and undermine the security of all internet users as a result. Secure and confidential digital communications are key for the enjoyment of human rights, as the Human Rights Council and UN General Assembly have both recognised. Governments should uphold their commitment not to interfere with the use of encryption. On the contrary, they should adopt policies that provide comprehensive protection for the use and development of encryption.
Encryption is vital to keeping people's communications secure from government or corporate surveillance, malicious hackers, stalkers and others. It is especially important for people who may be targeted for what they do (e.g. human rights defenders, journalists and dissidents) or for who they are (e.g. LGBTIQ people and religious or ethnic minorities, among others). Weakening encryption for some means weakening it for all.
We have no illusions that far more is needed than end-to-end encryption to protect people's privacy on Facebook. As part of its same "privacy-focused vision", Facebook recently launched a new messaging app, Threads, which collects huge amounts of user data, including 24/7 access to location data and other types of data that can be used to build up a detailed and intimate portrait of users' lives. Facebook also routinely exploits user data for financial gain and has in recent years been marred by scandal after scandal, and fined time after time for flouting government regulations aimed at protecting people's personal data.
Facebook's intention to extend end-to-end encryption to all of its communication platforms is laudable and efforts to restrict it should be opposed. However, it's time for Facebook to provide people with meaningful privacy. This includes adopting privacy by design and default across its platforms, refraining from disclosing personal data of their users without a judicial order, not preventing users from accessing their services while using circumvention and anonymity tools, and designing encryption protocols and standards to increase encryption online with privacy in mind when developing its products and services.