Meta Delays Plans To Rollout End-to-end Encryption

BACKGROUND:

Meta has announced plans to delay the global rollout of end-to-end encryption (E2EE) across its messaging applications to 2023. The company previously said it would have E2EE across all its products by 2022 at the earliest. Meta said it would be taking additional time to ensure the implementation across Facebook Messenger and Instagram is done correctly, protecting privacy while also mitigating the risk of online harms.

Experts Comments

November 23, 2021
John Goodacre
Director of UKRI’s Digital Security and Professor of Computer Architectur
The University of Manchester

E2EE is a technology that was designed to protect the content of a message from interception while in transit. It becomes a significantly more complex design if that communication involves multiple endpoints. 

Typical consumer communication applications, however, do not encrypt between the “microphone” and the “network”, leaving a gap in the communication path for interception. For example, to provide transcription services, these applications also still leave E2EE communication

.....Read More

E2EE is a technology that was designed to protect the content of a message from interception while in transit. It becomes a significantly more complex design if that communication involves multiple endpoints. 

Typical consumer communication applications, however, do not encrypt between the “microphone” and the “network”, leaving a gap in the communication path for interception. For example, to provide transcription services, these applications also still leave E2EE communication vulnerable to unwanted interception. 

With software vulnerabilities making devices open to exploit, it is important to ensure a device’s design is secured by default. The UK Government initiative known as Digital Security by Design (DSbD), delivered by UKRI, is working with the tech industry to block by design around 70% of these ongoing vulnerabilities from exploitation. Making technology inherently more secure would help close this gap in E2EE and prevent attackers from intercepting communications through software vulnerabilities.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.