Taking a cue from Google and Apple, Facebook for the first time is giving its users more encryption options to keep their information private, infuriating agencies like FBI and NSA who believe that “law enforcement and national security investigators need to be able to access communications and information to obtain the evidence necessary to prevent crime and bring criminals to justice in a court of law” and that locking user data places lives in danger by limiting government surveillance. The US government who recently said they will stop spying on Americans is up in arms because this new encryption won’t let them spy on Americans.
In a blogpost, Facebook explained how the feature will work: “It’s very important to us that the people who use Facebook feel safe and can trust that their connection to Facebook is secure…Whilst Facebook seeks to secure connections to your email provider with TLS, the stored content of those messages may be accessible as plaintext (with attachments) to anyone who accesses your email provider or email account.
To enhance the privacy of this email content, today we are gradually rolling out an experimental new feature that enables people to add OpenPGP public keys to their profile; these keys can be used to “end-to-end” encrypt notification emails sent from Facebook to your preferred email accounts. People may also choose to share OpenPGP keys from their profile, with or without enabling encrypted notifications.”
Created as PGP (which stands for “pretty good privacy”), nearly 25 years ago by Phil Zimmermann, OpenPGP is one of the most popular available standards for protecting email with public key encryption.
You will be able to update your own public key, using a desktop browser, at:https://www.facebook.com/me/about?section=contact-info
“It also means that people who activate the email encryption and then lose their private key cannot turn to Facebook for help. The social network would have a copy of the public key uploaded to a user’s Facebook profile, but encrypted chats or emails off the site would still require the users’ private key to unlock. Other account recovery methods like SMS and Trusted Contacts can still work without relying upon email recovery,” explains Jay Nancarrow, a communications manager with Facebook.
The Committee to Protect Journalists has praised Facebook’s encryption decision. “Facebook has taken an important step to help protect users’ private communications by default, and make the risky environment, in which journalists work, a little bit safer,” said CPJ Internet Advocacy Coordinator Geoffrey King.