Facebook announced on Thursday it will begin testing end-to-end encryption as the default option for some users of its Messenger app on Android and iOS.
The development comes as the company is facing backlash for handing over messages to a Nebraska police department that aided the department in filing charges against a teen and her mother for allegedly conducting an illegal abortion.
Facebook messenger users currently have to opt in to make their messages end-to-end encrypted (E2E), a mechanism that theoretically allows only the sender and recipient of a message to access its content.
But had all Facebook messages been encrypted by default back in June when Nebraska police issued a search warrant for Facebook user data of the mother investigated in the case, Facebook would not have messages to hand over to police in the first place.
Facebook spokesperson Alex Dziedzan said on Thursday that E2E encryption is a complex feature to implement and that the test is limited to a couple of hundred users for now so that the company can ensure the system is working properly.
Dziedzan also said the move was “not a response to any law enforcement requests”.
Meta, Facebook’s parent company, said it had planned to roll out the test for months. The company had previously announced plans to make E2E encryption the default in 2022 but pushed the date back to 2023.
An affidavit in support of the search warrant in the Nebraska case shows that a Norfolk police department detective asked Facebook in June for the “profile contact information, wall postings, and friend listing, with Facebook IDs” of the mother. Authorities also requested all of her photos and private messages from April to the day the warrant was issued.
The extent of the user data Facebook ended up handing over is not clear, but private messages between the women discussing how to obtain abortion pills were given to police by Facebook, according to the Lincoln Journal Star.
Experts previously told the Guardian that the main way for tech companies to avoid aiding in abortion-related prosecutions is to not store or collect the data at all.
“The only way for companies like Facebook to meaningfully protect people is for them to ensure that they do not have access to user data or communications when a law enforcement agency comes knocking,” Evan Greer, the director of the digital rights group Fight for the Future, said. “Expanding end-to-end encryption by default is a part of that, but companies like Facebook also need to stop collecting and retaining so much intimate information about us in the first place.”
The Nebraska case illustrates that some tech companies’ focus on limiting or deleting abortion-specific user data in response to privacy concerns may not be an effective strategy.
Facebook this week said that the warrant it received did not mention that the investigation was abortion-related.
As Kate Rose, who works on privacy and abortion access at the Digital Defense Fund, tweeted, “legal data requests are not going to come through neatly labeled as being for abortion”.