Social media has allowed us to connect with friends and family during these difficult and physically isolating times, but it has also given many of us a false sense of privacy and security when using platforms such as Facebook Messenger.
Whilst it may seem like an exchange on Messenger is just between you and your intended recipient, chances are the conversation is at risk of being shared with law enforcement.
Facebook Messenger and Encryption
The key to privacy within the online space is encryption.
Encryption is a method of converting a message into a secret code that cannot be understood until it is ‘decrypted’ on the side of the intended recipient.
Many apps such as WhatsApp and Signal use end-to-end encryption by default, but Facebook Messenger doesn’t.
The default status for Messenger is an unencrypted exchange of information which the company can store and access if it wishes to, or if it is requested to by law enforcement.
Users can opt in to a ‘secret conversations’ feature on Messenger, which allows for end-to-end encryption, but this isn’t entirely fool proof. For example, Messenger’s abuse-reporting mechanism allows message recipients to report alleged bad behaviour including any criminal offences that may be committed online such as sharing child abuse material to Facebook.
Facebook claims it intends to make all information on Messenger end-to-end encrypted by default, but the company has been conspicuously slow in introducing this feature.
Government Powers Over Big Tech
Even if you were to use the secret conversations feature on Messenger, you shouldn’t be overly confident that your online exchanges are safely encrypted.
Privacy online is increasing being framed as a hinderance to national security and law enforcement activities, which has led to a number of expanded powers.
The Assistance and Access Bill, which passed in late 2018, allows government agencies such as ASIO and the Australian Federal Police to force device manufacturers and service providers to weaken encryption protections.
The legislation allows government agencies to issue three types of requests:
- A technical assistance request: which asks the company (such as Facebook) to share technical details about a digital service to assist law enforcement.
- A technical assistance notice: which forces a company to do something (such as decrypt a messenger for them) or face a fine. This requires a warrant.
- A technical capability notice: which allows the Attorney General to force a company to modify their software or services, or develop a new function to help law enforcement access a person’s data.
These measures have raised serious red flags for privacy advocates who argue that law enforcement could essentially force companies to allow a ‘backdoor’ into encrypted messages.
Should You Worry?
Some people in response to the passing of the Assistance and Access Bill argued that most of us don’t have anything to fear as long as we aren’t doing anything illegal.
However, this misunderstands the real risks of increased government control over apps such as Messenger.
Although the legislation specifically states that none of the requests should “implement or build a systemic weakness, or a systemic vulnerability” into an online service – many have questioned whether this can be upheld.
A number of tech companies have raised concerns that they will struggle to ensure the privacy of users whilst complying with government requests. The International Civil Liberties and Technology Coalition stated in its submission that:
Protections for privacy, data security, and free expression that are derived from the availability of strong encryption would be undermined by government demands that communications providers introduce intentional vulnerabilities into secure products for the government’s use.
Home Affairs Minister Peter Dutton has already specifically requested that Facebook halt plans for default end-to-end encryption so that the company can allow “a means for lawful access to the content of communications to protect our citizens”.
Facebook also has a less than impressive history when it comes to protecting privacy. In 2018, it was revealed the company allowed the harvesting personal data of users without consent by Cambridge Analytica a British consultancy, for political advertising purposes.
In short, even when using the ‘secret conversations’ option on Facebook Messenger it’s best to assume that at least somebody else is watching.