Facebook and Messenger to automatically encrypt messages

All Facebook and Messenger chats will be encrypted automatically, parent company Meta has announced.

Messages and calls protected by end-to-end-encryption (E2EE) can be read only by the sender and recipient.

It has been possible to opt in to encrypted messages for years, but now it will become the default position.

Critics, including the UK government and police, claim the move to default encryption will make it harder to detect child sexual abuse on Messenger.

The Home Secretary, James Cleverly, said he was "incredibly disappointed" by Meta's decision after working together to tackle other online harms.

"We'll continue to work closely with them (Meta) to keep children safe online, but we must be honest that in our view, this is a significant step back", he said.

James Babbage, director general for threats at the National Crime Agency, was also highly critical.

"It is hugely disappointing that Meta is choosing to roll out end-to-end encryption on Facebook Messenger.

"Today our role in protecting children from sexual abuse and exploitation just got harder," he said.

The switch to encryption meant nobody, including Meta, can see what is sent or said, "unless you choose to report a message to us", Loredana Crisan, head of Messenger, wrote in a post announcing the change, external.

The company had worked with outside experts, academics, advocates and governments to identify risks to "ensure that privacy and safety go hand-in-hand", she wrote.

It is expected that messages in Instagram, which is also owned by Meta, may get encryption by default sometime in the new year.

Meta says that people will know when their chats are upgraded and become encrypted, because they will be prompted to set up a recovery method to be able to restore their messages if they lose, change or add a device.

Apps including iMessage, Signal and WhatsApp all protect the privacy of messages with E2EE, but the tech has become a political battleground.

The apps and their supporters argue the tech protects privacy and security, including that of children.

But law enforcement, major children's charities and the government have opposed the expansion of E2EE.

New powers in the recently passed Online Safety Act could enable Ofcom to force tech companies to scan for child abuse material in encrypted messages. Signal and WhatsApp have said they will refuse to comply with such requests.

But despite those powers, there has been continued pressure on Meta to hold the expansion of E2EE.

In September the-then Home Secretary, Suella Braverman, alleged that Facebook Messenger and Instagram direct messages were the platforms of choice for online paedophiles, telling the BBC that "we are arresting in this country about 800 perpetrators a month, we are safeguarding about 1,200 children a month from this evil crime".

But Meta argued that it had spent years developing robust safety measures to prevent, detect and combat abuse while maintaining online security.

"When E2EE is default, we will also use a variety of tools, including artificial intelligence, subject to applicable law, to proactively detect accounts engaged in malicious patterns of behaviour instead of scanning private messages," the company wrote.

Prof Martin Albrecht, chair of cryptography at King's College London, welcomed the addition of what he called a standard safety feature.

"It secures not only government and business communication, but also private conversations between parents and their children, parents about their children, or groups of friends of all ages," he said.

Campaign group Privacy International backed the tech firm's decision. Encryption, it told the BBC, was "an essential defence, shielding journalists, human rights defenders, lawyers, artists, and marginalised groups from potential abuse by data-hungry companies and governments".

But Susie Hargreaves, chief executive of the Internet Watch Foundation, which works to identify and remove child sexual abuse material online, said it was outraged that Meta had chosen to "prioritise the privacy of paedophiles over the safety of our children".

She accused the platform, which she noted had a strong track record of detecting large amounts of child abuse material before it ended up on its services, of "effectively rolling out the welcome mat for paedophiles".

It was now up to Ofcom "to show its teeth", Ms Hargreaves said.

The firm also announced on Wednesday that it would add a number of new features, including the ability to edit messages for up to 15 minutes after they have been sent.

It will also give users the ability to control if people who send messages receive "read receipts" telling them a message has been read.

The changes will take some months to fully roll out, the company said.