In an effort led by CEO Mark Zuckerberg, Facebook has plans to rearchitect WhatsApp, Instagram direct messages, and Facebook Messenger so that messages can travel across any of the platforms. The New York Times first reported the move Friday, noting also that Zuckerberg wants the initiative to “incorporate end-to-end encryption.” Melding those infrastructures would be a massive task regardless, but designing the scheme to universally preserve end-to-end encryption—in a way that users understand—poses a whole additional set of critical challenges.
As things stand now, WhatsApp chats are end-to-end encrypted by default, while Facebook Messenger only offers the feature if you turn on “Secret Conversations.” Instagram does not currently offer any form of end-to-end encryption for its chats. WhatsApp’s move to add default encryption for all users was a watershed moment in 2016, bringing the protection to a billion people by flipping one switch.
Facebook is still in the early planning stages of homogenizing its messaging platforms, a move that could increase the ease and number of secured chats online by a staggering order of magnitude. But cryptographers and privacy advocates have already raised a number of obvious hurdles the company faces in doing so. End-to-end encrypted chat protocols ensure that data is only decrypted and intelligible on the devices of the sender and recipient. At least, that’s the idea. In practice, it can be difficult to use the protection effectively if it’s enabled for some chats and not for others and can turn on and off within a chat at different times. In attempting to unify its chat services, Facebook will need to find a way to help users easily understand and control end-to-end encryption as the ecosystem becomes more porous.
“The big problem I see is that only WhatsApp has default end-to-end encryption,” says Matthew Green, a cryptographer at Johns Hopkins. “So if the goal is to allow cross-app traffic, and it’s not required to be encrypted, then what happens? There are a whole range of outcomes here.”
WhatsApp users, for example, can assume that all of their chats are end-to-end encrypted, but what will happen in Facebook’s newly homogenized platform if an Instagram user messages a WhatsApp user? It’s unclear what sort of defaults Facebook will impose, and how it will let users know whether their chats are encrypted.
Facebook can also glean more data from unencrypted chats and introduce monetizable experiences like bots into them. The company has had a notoriously hard time earning revenue off of WhatsApp’s 1.5 billion users, in part because of end-to-end encryption.
“We want to build the best messaging experiences we can; and people want messaging to be fast, simple, reliable and private,” a Facebook spokesperson said in a statement on Friday. “We’re working on making more of our messaging products end-to-end encrypted and considering ways to make it easier to reach friends and family across networks. As you would expect, there is a lot of discussion and debate as we begin the long process of figuring out all the details of how this will work.”
Facebook emphasizes that this gradual process will allow it to work out all the kinks before debuting a monolithic chat structure. But encryption’s not the only area of concern. Privacy advocates are concerned about the potential creation of a unified identity for people across all three services, so that messages go to the right place. Such a setup could be convenient in many ways, but it could also have complicated ramifications.
In 2016, WhatsApp started sharing user phone numbers and other analytics with Facebook, perforating what had previously been a red line between the two services. WhatsApp still lets users make an account with only a phone number, while Facebook requires your legal name under its controversial “real name” policy. The company maintains this rule to prevent confusion and fraud, but its rigidity has caused problems for users who have other safety and security reasons for avoiding their legal or given name, such as being transgender.
In a Wall Street Journal opinion piece on Thursday evening, Zuckerberg wrote that, “There’s no question that we collect some information for ads—but that information is generally important for security and operating our services as well.” An indelible identity across Facebook’s brands could have security benefits like enabling stronger anti-fraud protections. But it could also unlock an even richer and more nuanced user data trove for Facebook to mine, and potentially make it harder to use one or more of the services without tying those profiles to a central identity.
“The obvious identity issue is usernames. I’m one thing on Facebook and another on Instagram,” says Jim Fenton, an independent identity privacy and security consultant. “In some ways, having the three linked more closely together would be good because it would make it more transparent that they are connected. But there are some Instagram and WhatsApp users who don’t want to use Facebook. This might be seen as a way to try to push more people in.”
Such a change to how chat works on the three brands isn’t just a potentially massive shift for users—it also seems to have stirred deep controversy within Facebook itself, and may have contributed to the departure last year of WhatsApp cofounders Jan Koum and Brian Acton.
End-to-end encryption is also difficult to implement correctly, because any oversight or bug can undermine the whole scheme. For example, both WhatsApp and Facebook Messenger currently use the open-source Signal protocol (used in the Signal encrypted messaging app), but the implementations are different, because one service has the encryption on by default and the other doesn’t. Melding these different approaches could create opportunities for error.
“There’s a world where Facebook Messenger and Instagram get upgraded to the default encryption of WhatsApp, but that probably isn’t happening,” Johns Hopkins’ Green says. “It’s too technically challenging and would cost Facebook access to lots of data.”
And while end-to-end encryption can’t solve every privacy issue for everyone all the time anyway, it’s harder to know how to take advantage of it safely when a service doesn’t offer it consistently, and creates potential privacy issues when it centralizes identities.
“I think they can work this out,” Fenton says. “The bigger problem in my opinion is user confusion.”