Meta

Independent Assessment: Expanding End-to-End Encryption Protects Fundamental Human Rights

Takeaways

  • We’re publishing the findings and recommendations of an independent human rights impact assessment that we commissioned on our plans to expand end-to-end encryption by default to Messenger and Instagram DMs.
  • This assessment found that expanding end-to-end encryption enables the realization of a diverse range of human rights and recommended a range of integrity and safety measures to address  unintended adverse human rights. 
  • The report includes 45 recommendations. Our response details our commitment to implementing 34 of the recommendations, partly implementing four, assessing the feasibility of six and taking no further action on one.

Today, we’re publishing the findings and recommendations of an independent human rights impact assessment (HRIA) on our plans to expand end-to-end encryption (E2EE). The assessment was conducted by Business for Social Responsibility (BSR) in line with the UN Guiding Principles on Business and Human Rights and Meta’s Corporate Human Rights Policy.¹ We are taking the exceptional step to publish this HRIA in full as a standalone product because we believe it represents a groundbreaking contribution to the ongoing conversation on implementing E2EE while meaningfully advancing the field of human rights. 

Privacy is a fundamental human right. End-to-end encryption is a widely-used technology that protects the privacy and many other human rights of billions of people every day. E2EE keeps people and their personal communications safe from hackers, criminals and authoritarian regimes. That’s why in 2016 we implemented this technology by default on WhatsApp and as an option on Messenger, and in March 2019 we announced plans to extend this protection by default across our messaging apps

Since then, we’ve witnessed a global pandemic push more of our lives online, leading to an increased threat of cybercrime and invasion of people’s private communications. At the same time, the threat of authoritarianism is on the rise. That’s why, following Russia’s invasion of Ukraine, we accelerated the deployment of E2EE options on Instagram and promoted our disappearing messaging features on Messenger so that people in the affected countries would have more secure communication. Safe and secure messaging is more important than ever.

Assessment: Expanding E2EE Supports Human Rights, Adverse Impacts Can Be Addressed

This comprehensive rights-based analysis of implementing E2EE is the first of its kind. By analyzing encryption across all rights recognized in the Universal Declaration of Human Rights and a range of other human rights instruments, the HRIA expands existing rights-based analyses and underscores why encryption is important today and in the future. 

The report found that:

Read the full report.

Implementing the Recommendations

BSR’s recommendations are designed to help us maximize the positive human rights impacts of E2EE, while mitigating potential adverse impacts. The report includes 45 recommendations broken down into four sections: product, process, product policy and public policy. Our response details our commitment to implementing 34 of the recommendations, partly implementing four, assessing the feasibility of another six and taking no further action on one. We’re committed to implementing the vast majority of the recommendations and working diligently towards our plans for expanding E2EE as a means to help protect people and support their human rights. We’ve already made progress on many of the recommendations, but our work in this area is never done. 

Over the years we’ve invested billions of dollars, hired thousands of people and collaborated with experts around the world to help keep people safe without compromising their sensitive and personal information. The recommendations will help guide our approach to safer private messaging for Messenger and Instagram DMs as we implement E2EE by default on these messaging apps: helping to prevent abuse and to safeguard people’s privacy, giving people controls to help them stay safe and not reading people’s personal messages unless they report them to us.

To monitor for harmful or illegal content, many messaging platforms — including Messenger and Instagram DMs — have historically relied on the ability to proactively access people’s messages. With end-to-end encryption, however, only the sender and recipient can access the content of those messages. Scanning technologies that seek to proactively access message content, whether on a person’s device or otherwise, without the person’s consent and control could be abused by criminals, hackers or authoritarian regimes, putting people’s safety at risk. While other reasonable mitigations can and should be enacted, we do not believe such approaches, often called “client-side scanning,” can be developed and implemented in a manner that is rights-respecting, nor can such technologies meet the expectations people have of end-to-end encrypted messaging services. 

Our Progress and Collaboration

As we make these major enhancements to our messaging apps, we want to be thoughtful in our approach, comply with our human rights policy and evaluate how our decisions can help respect and support human rights. While we expect to make significant progress this year, implementing E2EE on Messenger and Instagram messaging continues to be a long-term project and we’re taking our time to get this right. 

The report emphasizes the need for collaboration across industry, academia, civil society and government to implement end-to-end encryption in a deliberate way that’s consistent with our commitment to people’s privacy, safety and security. We will continue engaging with these partners in promoting the vital human rights end-to-end encryption protects, while remaining mindful of the need to help safeguard all human rights.

 

1. This assessment was conducted by BSR from 2019-2021 using methodologies based upon the UN Guiding Principles on Business and Human Rights (UNGPs), including a consideration of the various human rights principles, standards, and methodologies upon which the UNGPs were built. BSR engaged with a diverse range of rights holders and stakeholders when undertaking this assessment and supplemented the stakeholder inputs with their own insights into the human rights concerns of rights holders and stakeholders gathered in a variety of contexts, including previous HRIAs undertaken for Meta.