Last week, Facebook CEO Mark Zuckerberg announced a major strategic shift for his company. His 3200-word missive announced that his company will pivot its messaging applications to privacy-focused chat and ephemeral communications. At the heart of this privacy focus is the use of end-to-end encryption, an advanced security technology by which messages are encrypted on the user’s device. Only the sender and the recipient can access the message. No one else, not even the provider of the messaging service can see the communication.
The rationale behind Facebook’s strategic shift was based on Mr. Zuckerberg’s realization that:
“[P]eople increasingly want to connect privately in the digital equivalent of the living room. … People expect their private communications to be secure and to only be seen by the people they’ve sent them to — not hackers, criminals, over-reaching governments, or even the people operating the services they’re using.”
To enable this shift, Zuckerberg announced that Facebook Messenger, Instagram Direct and WhatsApp will become interoperable and use end-to-end encryption to deliver security and privacy to users.
Facebook’s end-to-end encryption move – why the world changed.
Facebook’s announcement represents a fundamental shift in how the company will address the security and privacy of user messages. By using end to end encryption, Facebook can no longer read or share users’ messages with any third party. This change is significant because Facebook, long at the forefront of looking at and monetizing user messages, will now give privacy back to its users. Users will now have complete control over their data when they use the company’s messaging platforms. This shift will not only ensure the highest level of privacy for user messages but also greatly enhance security because if Facebook is unable to decrypt user messages then neither can anyone else.
Today, virtually all tech companies claim they are secure and committed to user privacy. However, this is simply not true. Google, for example reads every user email for content and keywords. It then uses this information to enrich “other products within the Google family”. Not surprisingly “the other products in the Google family” use that information to sell ever more sophisticated advertising. Moreover, as reported by the Wall Street Journal Google also gives 3rd party app developers access to users’ Gmail inboxes. These 3rd parties are themselves in the business of finding ever more clever ways to monetize the information gleaned from emails. Google meanwhile steadfastly asserts it wants users to “remain confident that Google will keep privacy and security paramount.”
The implications of provider access to user email can at times force companies to take actions they otherwise would not want to take. In April 2016, Microsoft filed a suit against the U.S. government for demanding that the company turn over customer email and not inform the customer it had done so. Microsoft said in its suit that its remote storage of data “has provided a new opening for the government to access electronic data.” The U.S. government was only able to demand access to user email on Microsoft servers because Microsoft had access to the messages in the first place.
Finally, tech companies’ access to user communication weakens security and makes it easy for hackers to steal that information. Simply put, when a company can read user messages then so can attackers. Yahoo for example regularly reads user email to create tailored ads. However, because of this access hackers were able to breach Yahoo’s servers and get at the email accounts of all 3 Billion Yahoo users. Hackers were able to steal user names, email addresses, telephone numbers, passwords, dates of birth, security questions and answers.
Facebook’s move to provide users with greater security and privacy sounds the clarion call for the rest of the tech industry. Other tech companies will soon be forced to adopt a broad change in how they treat user data and respect user privacy. Mr. Zuckerberg has rightly sensed that citizens are dissatisfied with the tech industry’s ability to read and monetize their messages. He understands consumers and businesses alike demand private spaces for their communications – as if they were speaking to a friend in their living room. He also realizes that only with end-to-end encryption will this shift be possible.
Mr. Zuckerberg, we couldn’t agree with you more.
PreVeil was founded on end-to-end encryption
PreVeil was founded by security researchers from MIT and UC Berkeley on the idea that the best way to protect data is to use end-to-end encryption. Whereas Mr. Zuckerberg’s platform is focused on providing end-to-end encryption for messaging between consumers, PreVeil provides the encryption in an easy-to-use way for email and file sharing for businesses and individuals.
PreVeil recognizes businesses share their most intimate corporate information such as IP, tax data or M&A prospects over email and through file sharing. Without end-to-end encryption, these messages and associated files would be open to being read by tech companies and hacked by attackers. However, with PreVeil’s end-to-end encryption, these sorts of attacks simply cannot happen.
With PreVeil, no one else, not even PreVeil, can ever access your data. This is the real way to hand control back to users and enterprises and allow them to create the equivalent of a digital living room for exchanging their information.
In the closing paragraphs of his blog, Mr. Zuckerberg notes that creating the end-to-end encryption platform he envisions will take time. At PreVeil by contrast, end-to-end encryption is here today. You don’t need to wait for the future.
For more information, contact us.