Facebook says it’s testing encryption that’ll actually keep users’ DMs private

Earlier this week, a Nebraska teenager was charged with removing, concealing, or abandoning a dead human body and concealing the death of another person because she allegedly self-managed an abortion while 23 weeks pregnant. Nebraska outlaws abortions after 20 weeks.

Instrumental in her case is a series of Facebook DMs between her and her mother—who’s also being charged—that allegedly detail the abortion.

How did police get ahold of her DMs?

Simple: Facebook handed them over.

Now, in a new company blog post, Facebook parent Meta says it’s “working hard to protect your personal messages and calls with end-to-end encryption by default on Messenger and Instagram.”

For those unfamiliar, end-to-end encryption locks down messages so only two people have access to them: the sender and the recipient. If someone other than the sender/recipient tries to access the messages from the outside, they’ll be scrambled.

Facebook currently has some end-to-end encryption. As TechCrunch lays out, it introduced end-to-end for “secret” Messenger conversations back in 2016. Then, in 2021, it added end-to-end to voice and video calls. As of January, group chats and calls in Messenger also have an end-to-end encryption option—but it is an option, where users have to opt-in. It is not the default. By default, Facebook stores messages in plain text, easily readable to it and anyone else who gains access.

What Facebook is now beginning to test is automatic encryption for chats “between some people,” Meta says.

“If you’re in the test group, some of your most frequent chats may be automatically end-to-end encrypted, which means you won’t have to opt in to the feature,” it says. It did not say how it’s defining “most frequent.”

As for Instagram, Meta started a “limited” test of opt-in end-to-end encryption last year, and is currently expanding that test. Users involved in the test will see a prompt asking if they want their DMs to be encrypted.

In both cases, Meta makes a point to mention that users can still report DMs if they think the messages violate Facebook or Instagram’s terms of service. It appears reporting a chat may turn off end-to-end encryption.

Meta said it’s also testing secure storage for mobile users whose chats are end-to-end encrypted. Those users will be able to access their stored messages through a PIN or generated code.

In November 2021, Meta’s global head of safety, Antigone Davis, said the company expects end-to-end encryption will be default across all its platforms “sometime in 2023.”