All Facebook and Messenger chats will be encrypted automatically, parent company Meta has announced. Messages and calls protected by end-to-end-encryption (E2EE) can be read only by the sender and recipient.
It has been possible to opt in to encrypted messages for years, but now it will become the default position. Critics, including UK police and government, have claimed the roll-out will make it harder to detect child sexual abuse on the platform.
The protection meant nobody, including Meta, can see what is sent or said, “unless you choose to report a message to us”, Loredana Crisan, head of Messenger, wrote in a post announcing the change.
The company had worked with outside experts, academics, advocates and governments to identify risks to “ensure that privacy and safety go hand-in-hand”, she wrote.
It is expected that messages in Instagram, which is also owned by Meta, may get encryption by default sometime in the new year.
Meta says that people will know when their chats are upgraded and become encrypted, because they will be prompted to set up a recovery method to be able to restore their messages if they lose, change or add a device.
Apps including iMessage, Signal and WhatsApp all protect the privacy of messages with E2EE, but the tech has become a political battleground.
The apps and their supporters argue the tech protects privacy and security, including that of children.
But law enforcement, some children’s charities and the Home Office have opposed the expansion of E2EE.
New powers in the recently passed Online Safety Act could enable Ofcom to force tech companies to scan for child abuse material in encrypted messages. Signal and WhatsApp have said they will refuse to comply with such requests.
But despite those powers, there has been continued pressure on Meta to hold the expansion of E2EE.
James Babbage, the director of general threats at the National Crime Agency (NCA), said in September that if Facebook introduced end-to-end encryption it would “massively reduce our collective ability” to protect children.
And the-then home secretary, Suella Braverman, alleged that Facebook Messenger and Instagram direct messages were the platforms of choice for online paedophiles, telling the BBC that “we are arresting in this country about 800 perpetrators a month, we are safeguarding about 1,200 children a month from this evil crime”.
But Meta argued that it had spent years developing robust safety measures to prevent, detect and combat abuse while maintaining online security.
“When E2EE is default, we will also use a variety of tools, including artificial intelligence, subject to applicable law, to proactively detect accounts engaged in malicious patterns of behaviour instead of scanning private messages,” the company wrote.
The firm also announced on Wednesday that it would add a number of new features, including the ability to edit messages for up to 15 minutes after they have been sent.
It will also give users the ability to control if people who send messages receive “read receipts” telling them a message has been read.
The changes will take some months to fully roll out, the company said.