Hard Questions: Why Does Facebook Enable End-to-End Encryption?

Publication Type: 
Other Writing
Publication Date: 
May 7, 2018

End-to-end encryption is a powerful tool for security and safety. It lets patients talk to their doctors in complete confidence. It helps journalists communicate with sources without governments listening in. It gives citizens in repressive regimes a lifeline to human rights advocates. And by end-to-end encrypting sensitive information, a cyber attack aimed at revealing private conversations would be far less likely to succeed. But like most technologies, it also has drawbacks: it can make it harder for companies to catch bad actors abusing their services or for law enforcement to investigate some crimes.

I joined Facebook after two decades with the British National Crime Agency working on international investigations. My job was to work with law enforcement agencies around the world — including Interpol and Europol — to study how criminals communicate with each other.

We used encryption on a daily basis. It made it possible to communicate securely within our own organization as well as other agencies and sources in the field. But it could also create challenges in obtaining evidence. So I have experienced the trade-offs of encryption first hand. Yet I feel strongly that society is better off with it.

How It Works

End-to-end encryption is used in all WhatsApp conversations and can be opted into in Messenger. End-to-end encrypted messages are secured with a lock, and only the sender and recipient have the special key needed to unlock and read them. For added protection, every message you send has its own unique lock and key. No one can intercept the communications.

From my law enforcement days, I understand the frustration of this technology, especially when a threat may be imminent. And now that I’m at Facebook, which owns WhatsApp, I hear from government officials who question why we continue to enable end-to-end encryption when we know it’s being used by bad people to do bad things. That’s a fair question. But there would be a clear trade-off without it: it would remove an important layer of security for the hundreds of millions of law-abiding people that rely on end-to-end encryption. In addition, changing our encryption practices would not stop bad actors from using end-to-end encryption since other, less responsible services are available.

Read the full post at Facebook Newsroom.