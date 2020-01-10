Loading...

In March last year, Mark Zuckerberg made a dramatic promise: Facebook would apply standard end-to-end coding to user communication on all its platforms. The move would offer strong new protection to more than a billion users. It doesn’t happen quickly either.

What Zuckerberg did not exactly describe at the time is how difficult that transition would be and not just in terms of political obstacles to coding-averse law enforcement or a change in Facebook’s business model. Only encrypting Facebook Messenger is a huge technical challenge. According to one of the Facebook engineers who took the lead, a version of Messenger that is fully end-to-end coded by default stays away for years.

“I’ll be honest now and say we still have more questions than answers,” said Jon Millican, Facebook’s software engineer for Messenger privacy, in a lecture at the Real World Crypto conference in New York today. “Although we have made progress in planning, it appears that adding end-to-end coding to an existing system is incredibly challenging and needs to rethink almost everything.”

Millican’s presentation at the conference was in fact not about how Facebook plans to complete the transition to standard encryption for Messenger, which the feature currently only offers through Secret Calls mode. Instead, it seemed to explain the many obstacles to making that transition, and the cryptography community to ask for ideas on how to resolve them.

Millican immediately admitted that Facebook users should not expect standard encryption for several years. That probably also means that the planned integration of WhatsApp, Facebook and Instagram messages by the company will take at least the same amount of time, since all three are likely to have to be end-to-end encrypted to prevent existing standard security in WhatsApp undermined.

“We publicly announced the plan years ago to actually send it,” Millican said of Messenger’s coding rollout in an interview with WIRED prior to his conference call, while refusing to say when exactly Facebook expects the rollout to be completed. “There are no upcoming changes here. This is going to be a long process. We are committed to doing this well instead of doing it quickly.”

“If this takes several years, they may not be putting their money into their mouths.”

Matthew Green, Johns Hopkins University

The many functions of Facebook Messenger – video calls, group messages, GIFs, stickers, payments and more – almost all depend on a Facebook server that has access to the content of messages. In an end-to-end encrypted configuration, only the people at the end of a conversation would have the keys on their devices to decrypt messages, requiring more of Messenger’s mechanics to be moved to apps and browsers. Facebook’s servers would only act as blind routers, pass messages without being able to read them – making them safer for government agencies or other snoops.

Millican claims that to reach that point, every function of Facebook Messenger must be rebuilt. “We are looking at a complete review and re-architecture of the entire product,” he says. “We not only add end-to-end encryption to a product, we build an end-to-end encrypted product.”

Facebook has of course already carried out the kind of billion user transition to standard encrypted messages that is now so difficult. In 2016, WhatsApp, owned by Facebook, made standard end-to-end coding possible for all of its billions of users. But Millican points out that the transition has also taken years, despite WhatsApp of 2016 being much simpler than Facebook Messenger in 2020. He points to important differences in the two apps; WhatsApp does not support multiple devices, except a desktop program that essentially sends messages through the user’s phone. And it does not back up messages to a server, so they are available when you reinstall the app. Messenger does both.

Apple can present another model for achieving the kind of massive end-to-end encrypted network that Facebook has captured: it has managed to build rich functions and end-to-end encryption standard in iMessage. But it does not have the kind of full, independent web interface that Facebook Messenger offers that presents other challenges, because it is designed to allow users to send messages from any device. (WhatsApp’s web interface, just like the desktop app, only works when paired with a user’s phone.)

