In March of last year, Mark Zuckerberg made a dramatic pledge: Facebook would apply end-to-end encryption to user communications across all of its platforms by default. The move would grant strong new protections to well over a billion users. It’s also not happening any time soon.
What Zuckerberg didn’t spell out at the time is just how difficult that transition would be to pull off, and not just in terms of political hurdles from encryption-averse law enforcement or a shift in Facebook’s business model. Encrypting Facebook Messenger alone represents a herculean technical challenge. According to one of the Facebook engineers leading the effort, a version of Messenger that’s fully end-to-end encrypted by default remains years away.
“I’ll be honest right now and say we’re still in a place of having more questions than answers,” said Jon Millican, Facebook’s software engineer for Messenger privacy, in a talk today at the Real World Crypto conference in New York. “While we have made progress in the planning, it turns out that adding end-to-end encryption to an existing system is incredibly challenging, and involves fundamentally rethinking almost everything.”
Millican’s presentation at the conference, in fact, wasn’t about how Facebook plans to pull off the transition to default encryption for Messenger, which currently offers the feature only through its Secret Conversations mode. Instead, it seemed aimed at explaining the many hurdles to making that transition, and asking the cryptography community for ideas about how to solve them.
Millican readily admitted that means Facebook users shouldn’t expect to see a default encryption rollout for several years. That also likely means the company’s planned integration of WhatsApp, Facebook, and Instagram messaging will take at least as long, given that all three would likely need to be end-to-end encrypted to avoid undermining the existing default protections in WhatsApp.
“We publicly announced the plan years in advance of being able to actually ship it,” Millican said of Messenger’s encryption rollout in an interview with WIRED ahead of his conference talk, while declining to say when exactly Facebook expects the rollout to be complete. “There are no imminent changes coming here. This is going to be a long process. We’re dedicated to getting this right rather than doing it quickly.”
“If this is taking several years, maybe they’re not putting their money where their mouth is.”
Matthew Green, Johns Hopkins University
Facebook Messenger’s bounty of features—video calls, group messaging, GIFs, stickers, payments, and more—almost all currently depend on a Facebook server being able to access the contents of messages. In an end-to-end encrypted setup, only the people at the ends of a conversation would possess the keys on their devices to decrypt messages, requiring that more of Messenger’s mechanics be moved to apps and browsers. Facebook’s servers would act only as blind routers, passing messages on without being able to read them—which also keep them safer from government agencies or other snoops.
Millican argues that getting to that point will require rebuilding every feature of Facebook Messenger from the ground up. “We’re looking at a full-stack rethink and re-architecture of the entire product,” he says. “We’re not just adding end-to-end encryption to a product, we’re building an end-to-end encrypted product.”
Facebook has, of course, already carried out the sort of billion-user transition to default encrypted messaging that it now says is so difficult. In 2016, Facebook-owned WhatsApp enabled default end-to-end encryption for all its billion-plus users. But Millican points out that transition also took years, despite the WhatsApp of 2016 having been much simpler than Facebook Messenger in 2020. He points to key differences in the two apps; WhatsApp doesn’t support multiple devices, beyond a desktop program that essentially routes messages via the user’s phone. And it doesn’t back up messages to a server so that they’re available when you reinstall the app. Messenger does both.
Apple may present another model of how to achieve the sort of massive end-to-end encrypted network Facebook has committed to create: It’s managed to build rich features and end-to-end encryption by default into iMessage. But it doesn’t have the sort of full-featured, independent web interface that Facebook Messenger offers, which presents other challenges, since it’s designed to allow users to send messages from any device. (WhatsApp’s web interface, like its desktop app, only works when it’s linked with a user’s phone.)