Facebook holds back on end-to-end encryption

News

By Zach Miners

March 19, 2014 05:58 AM ET

IDG News Service - If you're a Facebook user and you want the best form of encryption to keep hackers and spies out of your posts and chats, you don't have a ton of options now.

Facebook has gradually amped up its security protocols and encryption methods over the years. This includes its "bug bounty" program that pays outsiders to uncover security holes, as well as HTTPS encryption, which encrypts people's communications in transit but still decrypts it at data centers before re-encrypting it.

However, end-to-end encryption, which holds promise as the best way to secure users' posts, is not in any of Facebook's major products by default. The technology is meant to encrypt people's communications at their client devices so that governments and others must target the person and not Facebook's data centers.

Facebook has been able to deploy end-to-end encryption for a long time, Chief Security Officer Joe Sullivan said on Tuesday. It hasn't rolled the technology out across its services partly due to its complexity. The company has also held back because, when end-to-end encryption is done right, it's hard for the average person to communicate, he said.

"If you use end-to-end encryption on email, you realize how hard it can be," Sullivan said during a talk with the press at Facebook's headquarters in Menlo Park, California. End-to-end encryption can be hard for people to use and understand because it typically requires a manual process of exchanging public keys between the sender and receiver whenever they send an email or any other type of message.

If Facebook users want that type of security, there are some third-party apps they can use to add end-to-end encryption to Facebook's services, Sullivan said.

Continued here:
Facebook holds back on end-to-end encryption