![](\"https:\/\/media.wired.com\/photos\/624b8400a8eca935d76e7024\/master\/pass\/security-meta-endtoend.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Lily Hay Newman| Date: Wed, 06 Apr 2022 11:00:00 +0000<\/strong><\/p>\n Lily Hay Newman<\/a><\/span><\/span><\/p>\n To revist this article, visit My Profile, then View saved stories<\/a>.<\/p>\n To revist this article, visit My Profile, then View saved stories<\/a>.<\/p>\n After years of<\/span> tech companies and police fumbling and clashing over end-to-end encryption, Meta this week brandished a new tool in its arsenal that may help the social media giant resist government pressure to change course or weaken its plan to implement end-to-end encryption across its private communication services.<\/p>\n On Monday, Meta published a report<\/a> about the human rights impacts of end-to-end encryption produced by Business for Social Responsibility, a nonprofit focused on corporate impacts. Meta, which commissioned the independent BSR report, also published its response<\/a>. In a study that took more than two years to complete, BSR found that end-to-end encryption is overwhelmingly positive and crucial for protecting human rights, but it also delved into the criminal activity and violent extremism that can find safe haven on end-to-end encrypted platforms. Crucially, the report also offers recommendations for how to potentially mitigate these negative impacts.\u00a0<\/p>\n Since 2019, Meta has said<\/a> that it will eventually bring end-to-end encryption to all of its messaging platforms. The security measure, designed to box services out of accessing their users' communications, has already long been deployed<\/a> on the Meta-owned platform WhatsApp, but the initiative would bring the protection to Facebook Messenger and Instagram Direct Messenger as well. Meta has said that its delay in fully deploying end-to-end encryption on these other services largely has to do with technical challenges and interoperability issues, but the company has also faced criticism<\/a> about the plan from the United States government and other countries around the world over concerns that adding the feature would make it more difficult for the company and law enforcement to counter a range of threats, like child abuse and distribution of child sexual abuse material, coordinated disinformation campaigns, viral hate speech, terrorism, and violent extremism. The US government, and the FBI specifically, has long argued<\/a> that comprehensive encryption that protects user data equally protects suspects from criminal investigations<\/a>, thus endangering the public and national security<\/a>.<\/p>\n \u201cI am glad to see BSR\u2019s report affirm the crucial role that encryption plays in protecting human rights,\u201d says Riana Pfefferkorn, a research scholar at the Stanford Internet Observatory who was not involved in the study. \u201cWhile it\u2019s true that undesirable conduct occurs in encrypted contexts, most people aren\u2019t criminals, whereas everyone needs privacy and security. Weakening encryption is not the answer.\u201d<\/p>\n The question for Meta and privacy advocates around the world has been how to develop mechanisms for stopping digital abuse before it starts, flagging potentially suspicious behavior without gaining access to users' actual communications, and creating mechanisms that allow users to effectively report potentially abusive behavior. Even very recent efforts to strike a balance have been met with intense criticism by privacy and encryption advocates.\u00a0<\/p>\n For example, Apple announced plans in August to debut a feature that would scan user's data locally on their devices for child sexual abuse material<\/a>. That way, the reasoning went, Apple wouldn't need to access the data directly or compile it in the cloud to check for abusive material. Researchers raised a host of concerns, though, about the potential for such a mechanism to be manipulated and abused and the risk that it wouldn't even accomplish its goal if the system produced a slew of false positives and false negatives. Within a month, Apple backed down<\/a>, saying it needed time to reassess the scheme.<\/p>\n In its report to Meta, BSR did not endorse such \u201cclient-side scanning\u201d mechanisms, saying that the approach ultimately produces an untenable slippery slope. Instead, BSR recommended that Meta pursue other mechanisms like safe and responsive reporting channels for users and analysis of unencrypted metadata to catch potentially problematic activity without direct communication scanning or access.<\/p>\n \u201cContrary to popular belief, there actually is a lot that can be done even without access to messages,\u201d says Lindsey Andersen, BSR's associate director for human rights. \u201cAnd what is essential to understand is that encryption isn\u2019t just any old technology, it\u2019s a really important means to advance human rights, and it's unique in that way. I'm not sure we\u2019ve seen anything that has so many clear human rights benefits as end-to-end encryption.\u201d<\/p>\n The BSR report includes 45 recommendations, 34 of which Meta has committed to implementing. The company says it will partly implement another four and that it is doing further research about six of the remaining recommendations. The company declined to adopt one recommendation related to exploring a special type of math known as homomorphic encryption<\/a> as a means to potentially develop more secure client-side scanning. Meta says this recommendation is not worth pursuing because, it concluded, it is not technically feasible.<\/p>\n Meta says that throughout BSR's research process the company has been guided by the findings and that its direction is already largely aligned with BSR's proposals. And at the beginning of March, the company rolled out end-to-end encryption for Instagram Direct Messaging in Ukraine and Russia in response to Russia's invasion of Ukraine. The company told WIRED on Monday that it will not deploy the protection across its messaging services in 2022, but that it is planning to move forward in 2023.<\/p>\n \u201cFrom a human rights perspective you realize there are tensions, but it isn\u2019t an either-or,\u201d says Gail Kent, Meta's Messenger global policy director. \u201cThat's something we are hoping that we can show in our product\u2014you don\u2019t need to choose between privacy and safety, you can have both. And we clearly know from speaking to users that users expect us to provide both. On Messenger or Instagram DMs they expect to have a trusted space where they can communicate freely without interactions they don't want.\u201d<\/p>\n After decades of going in circles on the problem, the debate won't be resolved by one report. But it doesn't hurt to have the biggest social media company on the planet pushing and investing to find a solution.<\/p>\n