Marketplace Logo Donate

Daily business news and economic stories from Marketplace

More users want encryption, but the transition can be complicated for messaging apps

Heard on:
A grid of numbers 0, 1 and a lock icon to illustrate encryption protection of data

Encryption your data. Binary code and digital Lock. Hacker attack and data breach. Big data with encrypted computer code. Safe your data. Cyber internet security and privacy concept. Database storage 3d illustration

get the podcast

End-to-end encryption is a way to keep messages private. It’s sometimes used by apps, which basically turn those messages into unintelligible chunks of data as soon as a user hits “Send.”

The idea is that no one except sender and recipient can access that message. Not hackers, not third parties, not even the app platform itself. And you have to have special “keys” stored on an individual device to decrypt it.

But many messaging platforms don’t have this kind of encryption, and some provide it only as an option.

Kimberly Adams of “Marketplace Tech” spoke with Matthew Green, a professor at the Johns Hopkins Information Security Institute, about why more apps don’t have end-to-end encryption by default. The following is an edited transcript of their conversation.

Matthew Green: One of the problems is that that services like Facebook Messenger, they’re designed to work across multiple different devices, right? And getting all of that to work with encryption is hard because it means you have to have encryption keys delivered to all those different phones. That’s challenging. And then law enforcement and platform abuse teams, they’re worried that people will break laws, send abusive pictures and so on. And end-to-end encryption is very nerve-wracking for those interests because they can’t see the images.

Kimberly Adams: From a design standpoint, does it matter when you add encryption to a messaging service?

Green: Yes, it makes much more sense to add encryption from the beginning. If you design a new messaging service and it has encryption right from the start, like Signal, for example, then it’s really easy to deploy that. You can figure out each time you add a new feature, you say, “How does this fit into the encryption? How do I do things?” In the other direction, when you’re basically going backwards to a very popular service that already does not use encryption, adding encryption can be challenging because you have to think about all these features you support, like multiple devices, working on arbitrary web browsers, bots, things like that. Each of those services has to be adapted to use encryption. And that’s why Facebook Messenger in particular — Facebook is now deploying encryption across all of its existing services — it’s taking them a long time to figure out all those details.

Adams: How does money factor into the encryption debate? Because, I mean, these messaging services could potentially provide a lot of useful user data that could be monetized or used to create targeted ads. And I imagine if you have really good end-to-end encryption, that ability to monetize that content theoretically goes away, right?

Green: My impression is that a lot of these advertising-supported networks like Google and Facebook, they have more user data about you than they know what to do with. So for them, there’s actually kind of a balance where, hey, yes, we could have access to all your private conversations and thoughts. But we already have so much data, do we really want to be the people who are mining your private conversations to get that? And that’s why I think so many of these providers, particularly Facebook, are moving to encryption, is they just don’t need that private conversation data. They already have enough.

Adams: What do you see as the demand moving forward by users, at least, for encrypted messaging apps and services?

Green: Well, one of the things that’s been amazing to me is over the last year or so I use this app called Signal, which is a great thing. And I get notifications saying, “So-and-so is on Signal.” And it used to be that so-and-so was some computer scientist or technical person I work with. And nowadays, so-and-so is my neighbor who I don’t even think knows how to use a computer. The impression I get is that people genuinely feel that private messages should be private. And so I think that now they know that the older systems aren’t very private, they’re happy to switch to these newer technologies that doesn’t cause them any controversy or any pain.

Adams: As somebody who studies this all the time, how have you noticed, sort of, the public perception and knowledge around issues of encryption change?

Green: Encryption used to be one of those science fiction things. You’d see it on TV, you know, “Star Trek,” or you’d see it on cop shows occasionally. But it was always a criminal using encryption. I think that what’s really changed is that encryption has gone from this thing that was mostly used by mobsters or the bad guys on TV to something that everyone just kind of takes for granted. And we understand why, right? Because we’re all carrying our entire lives around with us, all our private conversations on this little computer in our pocket. And we really, really are sensitive to the fact, even if not consciously, we’re sensitive to the fact that all of our private information could go so easily. And I think nowadays, the people who think about this stuff, they think about encryption as basically the only antidote against, you know, losing everything that you care about. And so encryption has gone from being kind of an exotic, dirty word, to just being a technology that is there and protects us.

You may have heard last week that Meta is testing new encryption features in its Messenger app. The company has said it would take years to add more secure encryption to Messenger by default.

Meta made the announcement after it complied with court orders and released chat histories between a Nebraska woman and her teenage daughter. The messages are allegedly about the daughter seeking abortion services more than 20 weeks into her pregnancy, which is illegal in that state.

Meta has said its decision to roll out additional encryption features in Messenger is not related to that court order.

If you want to know how to test that new end-to-end encryption feature on your Messenger app, The Verge has a handy summary.

But if you’re in the market to try an app that’s already encrypted, PC mag published its take on the best, most secure messaging apps of 2022.

They’re in no specific order: WhatsApp, Telegram and — a favorite here in Washington, D.C. — Signal.

What's Next

Latest Episodes From Our Shows

Listen
4:51 AM PDT
6:58
Listen
2:40 AM PDT
5:03
Listen
2:45 AM PDT
1:50
Listen
4:54 PM PDT
14:03
Listen
4:08 PM PDT
26:14
Listen
Sep 29, 2022
2:55
Listen
Aug 9, 2022
24:46
Exit mobile version