Facebook holds back on end-to-end encryption
Facebook cites third-party services for users seeking end-to-end encryption
IDG News Service - If you're a Facebook user and you want the best form of encryption to keep hackers and spies out of your posts and chats, you don't have a ton of options now.
Facebook has gradually amped up its security protocols and encryption methods over the years. This includes its "bug bounty" program that pays outsiders to uncover security holes, as well as HTTPS encryption, which encrypts people's communications in transit but still decrypts it at data centers before re-encrypting it.
However, end-to-end encryption, which holds promise as the best way to secure users' posts, is not in any of Facebook's major products by default. The technology is meant to encrypt people's communications at their client devices so that governments and others must target the person and not Facebook's data centers.
Facebook has been able to deploy end-to-end encryption for a long time, Chief Security Officer Joe Sullivan said on Tuesday. It hasn't rolled the technology out across its services partly due to its complexity. The company has also held back because, when end-to-end encryption is done right, it's hard for the average person to communicate, he said.
"If you use end-to-end encryption on email, you realize how hard it can be," Sullivan said during a talk with the press at Facebook's headquarters in Menlo Park, California. End-to-end encryption can be hard for people to use and understand because it typically requires a manual process of exchanging public keys between the sender and receiver whenever they send an email or any other type of message.
If Facebook users want that type of security, there are some third-party apps they can use to add end-to-end encryption to Facebook's services, Sullivan said.
Facebook has tried to support end-to-end encryption as a concept, Sullivan said. "At a minimum, we want to support third-party initiatives," he said.
One such messaging app is Pidgin, which provides end-to-end encryption and can be used to apply its encryption to chats carried out over Facebook's Messenger app, Sullivan said.
Sullivan would not comment on any plans for Facebook to incorporate end-to-end encryption into Messenger itself.
Talk of encryption -- and its effectiveness -- has risen over the past year due to disclosures over government surveillance, as well as a spate of cyberattacks allegedly carried out by the Syrian Electronic Army and other groups.
Edward Snowden, the former National Security Agency contractor who leaked the surveillance documents, called attention to the issue last week at the SXSW Interactive technology festival in Austin, Texas.
Snowden endorsed encryption during a panel discussion at the show. But he said the protocols currently employed by services such as Facebook, Google and Skype still leave consumers vulnerable to mass surveillance because they do not provide end-to-end encryption.
- Transforming Information Security: Future-Proofing Processes This report provides a valuable set of recommendations from 19 of the world'd leading security officers to help organizations build security strategies for...
- The Evolution of Corporate Cyberthreats Cybercriminals are creating and deploying new threats every day that are more destructive than ever before. While you may have more people devoted...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- Establish Cyber Resiliency: Developing a Continuous Response Architecture Many enterprises fail to proactively prepare the battlefield for a data breach by only leveraging outdated techniques that focus on the perimeter or...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Cybercrime and Hacking White Papers | Webcasts