July 9 – Facebook Inc on Friday said it began testing end-to-end encryption on its popular Messenger application to prevent snooping on digital conversations.
The limited testing on Messenger, which has more than 900 million users, comes three months after Facebook rolled out end-to-end encryption to its more popular WhatsApp, a messaging application with over 1 billion users that it acquired in October 2014.
The move comes amid widespread global debate over the extent to which technology companies should help law enforcement snoop on digital communications.
End-to-end encryption is also offered on Apple Inc’s iMessage platform as well as apps including LINE, Signal, Viber, Telegram and Wickr.
Facebook Messenger uses the same encryption technology as WhatsApp, which uses a protocol known as Signal that was developed by privately held Open Whisper Systems.
“It seems well designed,” said Matthew Green, a Johns Hopkins University cryptologist who helped review an early version of the protocol for Facebook.
While WhatsApp messages are encrypted by default, Facebook Messenger users must turn on the feature to get the extra additional security protection, which scrambles communications so they can only be read on devices at either end of a conversation.
Facebook said that it was requiring users to opt in to encryption because the extra security is not compatible with some widely used Messenger features.
“Many people want Messenger to work when you switch between devices, such as a tablet, desktop computer or phone,” the company said in an announcement on its website. “Secret conversations can only be read on one device and we recognize that experience may not be right for everyone.”
Facebook also said that Messenger users cannot send videos or make payments in encrypted conversations.
Christopher Soghoian, principal technologist at the ACLU, called on Facebook to commit to rolling out encryption by default once it irons out any bugs in the new technology.
“Encryption is best when it is hidden, invisible to the user and turned on by default,” said Soghoian.