A nonprofit association that promotes social responsibility among corporations has concluded in a new report that Meta’s planned expansion of strong encryption to its Messenger and Instagram services will do more good than harm for human rights, giving the company more ammunition as it fights efforts in the United Kingdom and other countries to carve out exceptions to make police work easier.
Business for Social Responsibility, whose work on the subject was paid for by Facebook parent Meta but whose reputation is for independence in its published reports, recommended that the company continue to promote end-to-end encryption, which prevents anyone without direct access to the devices of the sender or the receiver from viewing messages.
Founded in 1992, BSR works cooperatively with companies on rights, environmental and governance issues but asks for full authority over its public reports. The group said it believed its 120-page paper is the first comprehensive report on the human rights impact of end-to-end encryption, so its conclusions could extend to other companies as well.
Facebook released the report and its response late Monday, after The Washington Post published a version of this article.
The report analyzed the implications of expanding end-to-end encryption from Meta’s WhatsApp messaging service to Messenger and Instagram. It concluded that the privacy that encryption ensures is crucial to protecting free expression, especially in an increasingly connected world where authoritarian regimes rely on surveillance.
“Privacy and security while using online platforms should not only be a privilege of the technically savvy and those able to make proactive choices to opt into end-to-end encrypted services, it should be something that is democratized and available to everyone,” BSR wrote, noting that Meta has more than 2.8 billion users across all products.
Even officials in democracies long seen as protectors of free speech have turned against strong encryption in recent years, citing terrorism and more recently child abuse.
But BSR said complaints about criminals using better encryption underestimated the value to investigators of increased access to data about users of digital systems short of messaging content. Meta, Internet access providers and others amass much more information about users than was available to police decades ago.
Meta has said it is on track to fully encrypt Messenger sometime in 2023. It is likely to roll it out first in some countries where it has clear legal protection for doing so, according to a person briefed on the effort who spoke on the condition of anonymity because the information has not yet been made public.
Meta did not immediately respond to questions about the report or its plans. In a corporate blog post, it said the assessment “found that expanding end-to-end encryption enables the realization of a diverse range of human rights and recommended a range of integrity and safety measures to address unintended adverse human rights.”
The report acknowledges that bad actors could take advantage of more prevalent encryption, and it called for Meta to improve systems that allow users to report suspicious activities and to increase the amount of information it divulges about what it is finding on its platforms.
Law enforcement officials in multiple countries have accused Meta of enabling the distribution of child pornography, adult approaches to minors, and human trafficking, as well as the faster spread of misinformation.
But BSR said that 90 percent of the millions of abuse images detected and reported by Facebook under the current system are old, and that stronger parental controls, including over encrypted material, could help prevent more harmful interactions.
In its response document, Meta said it had fully or partly implemented or planned to implement the vast majority of BSR’s 45 recommendations, which include increasing the use of artificial intelligence, clearer and more consistent tools for reporting suspicious activity, and greater disclosure of what the company is prohibiting and how it detects it.
Meta said that it was still studying six of the proposals and that it had rejected only one — that Meta explore scanning for banned material on users’ devices. Meta said that would defeat the idea of end-to-end encryption.
Apple recently announced it would adopt what is known as client-side scanning to detect known images of child abuse before their transmission or cloud storage, but it shelved the idea, at least temporarily, after vocal opposition from civil rights groups and others who argued that governments would start demanding the program also hunt for forbidden political material.
BSR said that such worries were valid but that if it were possible to conduct such scans without breaking encryption, that might tip the balance toward being more helpful.
Meta rejected that, stating in its response document that people who use end-to-end encryption “rely on a basic premise: that only the sender and intended recipients of a message can know or infer the contents of that message. As a result, Meta does not plan to actively pursue any such client-side scanning technologies that are inconsistent with this user expectation.”