Written by PreVeil founders Sanjeev Verma and Randy Battat
Last week, Facebook CEO Mark Zuckerberg wrote a blog that changed the world. His 3200-word missive announced that Facebook will pivot its messaging applications to privacy-focused chat and ephemeral communications. At the heart of this privacy focus is the use of end-to-end encryption, an advanced security technology by which messages are encrypted on the user’s device. Only the sender and the recipient can access the message. No one else, not even the provider of the messaging service can see the communication.
The rationale behind Facebook’s strategic shift was based on Mr. Zuckerberg’s realization that:
“[P]eople increasingly want to connect privately in the digital equivalent of the living room. … People expect their private communications to be secure and to only be seen by the people they’ve sent them to — not hackers, criminals, over-reaching governments, or even the people operating the services they’re using.”
To enable this shift, Zuckerberg announced that Facebook Messenger, Instagram Direct and WhatsApp will become interoperable and use end-to-end encryption to deliver security and privacy to users.
Facebook’s end-to-end encryption move – why the world changed
Facebook’s announcement represents a fundamental shift in how the company, will address the security and privacy of user messages. Its messaging platforms will encrypt messages with end-to-end so that even Facebook can no longer read or share them with any third party. This will not only ensure the highest level of privacy for user messages but also greatly enhance security because if Facebook is unable to decrypt user messages then neither can anyone else.
Facebook’s announcement is also profound because it points tech companies to a model where users regain ownership of their data. This is in marked contrast to today’s model where tech companies use and abuse such data primarily for their own benefit.
Virtually all tech companies claim they are secure and committed to user privacy. However, this is simply not true. Google, for example reads every user email for content and keywords. It then uses this information to enable “ a whole host of other products and services”. Not surprisingly the “host of other products” in the Google family use that information to sell ever more sophisticated advertising. Moreover, as reported by the Wall Street Journal, the company also gives 3rd party app developer access to users’ Gmail inboxes. These 3rd parties are themselves in the business of finding ever more clever ways to monetize the information gleaned from emails. Google meanwhile steadfastly asserts it wants users to “remain confident that Google will keep privacy and security paramount.”
The implications of providers having access to user emails can at times force companies to take actions they otherwise would not want to take. In April 2016, Microsoft filed a suit against the U.S. government for demanding that the company turn over customer email and not inform the customer it had done so. Microsoft said in its suit that its remote storage of data “has provided a new opening for the government to access electronic data.” The U.S. government was only able to demand access to user email on Microsoft servers because Microsoft had access to the messages in the first place.
Finally, tech companies’ access to user communication weakens security and makes it easy for hackers to steal that information. Simply put, when a company can read user messages then so can attackers. Yahoo for example regularly reads user emails to create tailored ads. However, because of this access hackers were able to breach Yahoo’s servers and get at the email accounts of all 3 Billion Yahoo users. Hackers were able to steal user names, email addresses, telephone numbers, passwords, dates of birth, security questions and answers.
These examples paint the picture for why Mr. Zuckerberg’s blog was so profound. He changed the world by announcing consumers demand private spaces for their communications akin to their conversations in the living room. Moreover, Mr. Zuckerberg emphasized that this level of privacy for communications and security is only possible with true end-to-end encryption. Only with the use of end-to-end encryption can users regain control over their communications and ensure their messages are not read by companies, third parties, governments, hackers or attackers.
Mr. Zuckerberg, we couldn’t agree with you more.
PreVeil was founded on end-to-end encryption
PreVeil was founded by security researchers from MIT and UC Berkeley on the idea that the best way to protect data is to use end-to-end encryption. Whereas Mr. Zuckerberg’s platform is focused on providing end-to-end encryption for messaging between consumers, PreVeil provides the encryption in an easy-to-use way for email and file sharing for businesses and individuals. For email, users can keep their same user address. For file sharing, users will experience a Dropbox-like ease of use for exchanging information.
The PreVeil platform delivers on the vision defined by Mr. Zuckerberg of being secured by end-to-end encryption. With PreVeil, no one else, not even PreVeil, can ever access your data. This is the real way to hand control back to users and enterprises and allow them to create the equivalent of a digital living room for exchanging their information.
In the closing paragraphs of his blog, Mr. Zuckerberg notes that creating the end-to-end encryption platform he envisions will take time. At PreVeil by contrast, end-to-end encryption is here today. You don’t need to wait for the future.
For more information, contact us.
The post Facebook’s adoption of end-to-end encryption has changed the world. appeared first on PreVeil.
*** This is a Security Bloggers Network syndicated blog from PreVeil authored by Randy Battat. Read the original post at: https://www.preveil.com/blog/facebooks-adoption-of-end-to-end-encryption-has-changed-the-world/