Facebook has pledged to make end-to-end encryption (E2EE) the default across all of its messaging services – though has told users not to expect it on Facebook Messenger or Instagram Direct until 2022 “at the earliest”.

Gail Kent, Facebook’s policy director for Messenger, shared a blog post on 30 April outlining the social media company’s plans to improve the security of its messaging apps following the surge in private messaging during the COVID-19 pandemic.

Kent said the rise in messaging meant more people were concerned about the privacy and security of what they were sending, further fuelling the popularity of privacy-focused messaging platforms like Signal and Telegram.

Facebook CEO Mark Zuckerberg made commitments to improving Facebook’s reputation as a privacy-focused social media platform back in 2019, admitting at the time that the company did not “have a strong reputation for building privacy-protective services”.

Zuckerberg cited private interactions, encryption, reducing permanence, safety, interoperability, and secure data storage as the core guiding “principles” of developing a privacy-focused social network.

While Facebook has introduced a number of privacy and safety tools over the past year, including additional privacy settings, messaging forwarding limits, an app lock and Snapchat-style disappearing messages, end-to-end encryption remains a work in progress.

Kent said the company was “working hard to bring default end-to-end encryption” to all of its messaging services, but added that this was “a long-term project and we won’t be fully end-to-end encrypted until sometime in 2022 at the earliest.”

SEE: Security incident response policy (TechRepublic Premium)

Kent added: “The safety features we’ve already introduced are designed to work with end-to-end encryption, and we plan to continue building strong safety features into our services.”

End-to-end encryption has been perhaps one of the most sought-after safety features within messaging and meeting platforms since video conferencing became the norm in 2020.

Facebook-owned WhatsApp is encrypted by default, though it received backlash from privacy-concerned users in January when a privacy policy update indicated it would share more user data with Facebook. The companies later clarified that the changes were only relevant to business users of WhatsApp, though not before some customers jumped ship for rival apps Signal and Telegram.

Kent addressed customers’ privacy expectations when outlining Facebook’s plans to reinforce security across its messaging platforms, which she said would be “guided by input from outside experts.”

Kent said: “People want to know how their data is being used and what data is accessible by us or others when messaging. In addition, people may have different privacy expectations based on the size or nature of a group chat or audience.

“Ultimately, privacy is personal and comes with different expectations depending on their situation. So transparency and controls are key.”

SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)

People also want messaging that’s free from unwanted advertising and more protection from scams, which have also increased sharply during the pandemic.

Kent additionally acknowledged a “clear need” to balance the privacy and security of users’ messages while maintaining the safety of the platform, and ensuring that law enforcement can access data when needed “in response to real-world harms”.

In the UK, Facebook is facing calls to keep its messaging platforms unencrypted to help law enforcement tackle abuse on the platform.

Kent said there was as yet “no consensus on a recommended approach” that could adequately balance safety, privacy, and security, and that more consultation would be needed.