11 December 2023

Why It Took Meta 7 Years to Turn on End-to-End Encryption for All Chats

LILY HAY NEWMAN

Mark Zuckerberg personally promised that the privacy feature would launch by default on Messenger and Instagram chat. WIRED goes behind the scenes of the company’s colossal effort to get it right.

Since 2016, the social behemoth now known as Meta has been working to deploy end-to-end encryption in its communication apps. CEO Mark Zuckerberg even promised in 2019 that the data privacy protection would roll out by default across all of the company's chat apps. In practice, though, it was a wildly ambitious goal fraught with technical and political challenges, and Meta has only been able to move toward it in gradual, incremental steps. But this week the company is finally starting its full rollout.

“It's been a wild ride," says Jon Millican, a software engineer within Meta's messenger privacy team. “I suspect this is the first time that something’s been end-to-end encrypted with all of the constraints that we’re working with. It’s not just that we’re migrating people’s data, but it’s actually that we're having to fundamentally change a bunch of the assumptions that they work with when they’re using the product.”

Meta has had to stake out a position as a committed proponent of end-to-end encryption amid pressure from law enforcement and victim advocacy groups that the privacy feature—which makes data unintelligible everywhere except on the devices of the sender and recipient—limits necessary oversight and impedes crucial police investigations. Meanwhile, the company has spent the past four years, not to mention the better part of a decade, developing the technology to retrofit two massive communication platforms—Messenger and Instagram chat—such that they could still offer the features and general experience users expect under the technical constraints and usability challenges of end-to-end encryption.

“I understand that many people don't think Facebook can or would even want to build this kind of privacy-focused platform—because frankly, we don't currently have a strong reputation for building privacy-protective services, and we've historically focused on tools for more open sharing,” Zuckerberg memorably wrote in his 2019 treatise. But he added that there was a clear desire from users to have access to private and secure encrypted communication services. “This is the future I hope we will help bring about,” he wrote.

Meta says that it will take some time for the rollout of full default end-to-end encryption to reach all Messenger and Instagram chat users, and the feature is still only launching for direct messages between two accounts. End-to-end encryption for group chats will continue to be opt-in for now. But these final delays have to do with gradually converting billions of accounts to run the cryptography and encrypted storage schemes that underly the effort. And while the infrastructure is new and had to be painstakingly tailored to Meta's services, the company says it built the system on the Signal Protocol and thoroughly vetted the implementation both internally and with independent experts. In the lead-up to this announcement, the company did a final round of outreach to privacy groups and cryptographers to show them the documentation and have them test the feature.

“It looks just like Messenger, except that under the hood it has really strong encryption,” says Matt Green, a Johns Hopkins cryptographer who previewed the launch a few weeks ago. “Getting things to work on the web seems like it was the hard part, but they pulled it off.”

The challenge of building end-to-end encrypted services has to do with the fact that such systems inherently blind the servers that enable them to the activity they are facilitating. In other words, these systems have to somehow stand in the hallway on the first day of school and tell each student which classes to go to and how to get there without knowing who any of the kids are or what their course schedule is.

This especially poses challenges for syncing people's messages across multiple devices or repopulating their messages on a new device. Some encrypted chat apps like Signal address this issue by storing all your messages locally on your device and then providing a tool that helps you transfer that data trove from one device to the next over Bluetooth when you, say, get a new phone and want to switch everything over. This approach doesn't preserve your history if you lose the device where the data is saved, and many users around the world don't have resources or access to devices with enough storage space to preserve messages locally. People may want to auto-delete messages anyway, but for users who want to save their history, such schemes can be impractical.

With these considerations in mind, Meta engineers developed an encrypted storage protocol, dubbed Labyrinth, that allows the company to store users' chat histories and other communication data on its servers for ease of use, but in a form that is always encrypted and inaccessible to the company.

“There are two things users will experience” in the transition, Gail Kent, Messenger's global policy director, tells WIRED. “They will be asked to create secure storage and create a pin that will then enable them to add the data and the messages onto other devices and restore if they lose their device. Yet nobody apart from them has access to that message content. It seems like a tiny thing, but the innovation behind it is pretty extraordinary. And then the second thing that they’ll see is a line in their conversations that says this message is now end-to-end encrypted. And when they start a new conversation, it will say that at the start of the conversation.”

Turning on end-to-end encryption for cloud services makes it harder for companies to assist their users with data recovery. It also requires thoughtful strategies for keeping systems usable while striking a balance with security. The challenge is one that companies like Apple have grappled with as well. Like many of its peers, Meta will offer multiple options for protecting and accessing Labyrinth secure storage, including setting a pin, storing a code in a third-party service like iCloud, or saving a 40-character recovery code.

Meta is also providing an option for people to use end-to-end encrypted communication without turning on secure storage at all if they want to store messages locally on one or all devices. Currently, the company isn't offering a mechanism to transfer this local data onto other devices. A core component of Labyrinth, though, is what's known in cryptography as a “key rotation” system for revoking a device's access and keeping it from viewing or sending messages on an account if a user wants to remove it.

Meta's engineers have spent a huge amount of time over the past four years re-architecting more than 100 Messenger and Instagram chat features so they interoperate with end-to-end encryption and seem to function the same way they always have—even if they're working differently on a technical level under the hood. Extra features like themes, custom reactions, and emojis are all preserved. The company also announced new features this week like the ability to edit a message and control whether other users see a read receipt once you've viewed a message.

Initial reactions to the launch have already begun to mirror the broader controversy around end-to-end encryption, with privacy advocates lauding the move and law enforcement and victim defense groups, particularly those that aim to address online child sexual abuse, condemning the step. After years of receiving both sympathy and criticism about the scale and scope of the project, though, Meta is finally, really taking the plunge.

“The technical complexity was just extraordinary, and it's even more complex when you are doing it for well over a billion users who don’t stop using the app to let you re-create it,” Meta's Kent says. But at the same time, she adds, “we’re increasing the security, safety, and privacy for well over a billion people, and that’s a pretty amazing feat.”

No comments: