Skip to main content Skip to main content

August 1, 2016

Facebook Messenger Adopts Encrypted Messaging

By Peter Schaub

The Scoop On The New Facebook Messenger

Facebook Messenger, the free peer-to-peer social media messenger app rolled out by Facebook in 2011, has been living in the shadow of it’s cousin WhatsApp for years… but that’s all about to change.

Facebook has recently announced a significant update that will change Facebook Messenger for good …Facebook’s newest addition, Secret Conversations.

Secret Conversations is a secure interface utilizing end-to-end encryption that allows a single message stream between two users to become protected from all outside sources including Facebook itself. This means that if a user needs to share a piece of sensitive text with another user — like credit card or social security numbers — they can open the Secret Conversations option, type out their message, and send it securely. At this point in time, Facebook has stated that “rich content” (GIFs / Images / Videos) are not compatible with the Secret Conversations interface and cannot be transferred across the encrypted platform.

But progress doesn’t come without it’s fair share of hiccups. Here are the most notable two for Secure Conversations:

  • First, the two users’ secure conversation can only be displayed on the same device that the conversation was originated on. This means that you won’t be able to switch from your tablet to your phone when viewing the conversation. It will only be accessible on the original device.
  • Secondly, the initial wide-release of the Secret Conversations option will only be available on Android and iOS devices. This means that you’ll need to rely on the standard Messenger interface when using both laptops and desktops.

But even with its pair of shortcomings, Secret Conversations is a step forward as a whole for Facebook Messenger. All messages are retained indefinitely, but can be deleted from existence at any point in time, and can even be set to a timed detonation period which will automatically eliminate the message based on the designated time preference.

 

This quote comes directly from Facebook explaining Secret Conversations’ stipulations:

Starting a secret conversation with someone is optional. That’s because many people want Messenger to work when you switch between devices, such as a tablet, desktop computer or phone. Secret conversations can only be read on one device and we recognize that experience may not be right for everyone. It’s also important to note that in secret conversations we don’t currently support rich content like GIFs and videos, making payments, or other popular Messenger features.

 

Secret Conversations vs. Compliance Regulations

Admittedly, Secret Conversations is an easy, simple, and secure communication method that is a huge step forward for Facebook, but just because end-to-end encryption exists doesn’t mean the application is compliant with federal regulations.

For compliance standards, the application would need to retain specific pieces of information that (at this time anyways) it simply does not retain, including time/date the message was sent, time/date the message was read, and a full, verifiable audit trail.

This means that you would never want to send sensitive documentation across messenger that specifically needs to adhere to compliance regulations (HIPAA / SOX / FINRA / etc.).

For example, when doing business the sending any form of ePHI (electronic Protected Health Information) or privileged information that can directly identify a client should never be sent across the Secret Conversations platform.

While Secret Conversations is great for private peer-to-peer conversation, it doesn’t hold up to compliance requirements, therefore; businesses should not use it as a secure communication option. Only a secure email solution is compliant with the aforementioned regulations.

Facebook has definitely stepped their game up in providing an encrypted communication method for the general public to access, but there’s a level of caution that needs to be taken before sending encrypted. This also brings up the worldwide debate of Privacy vs. Security and if certain parties should even be allowed to access the secure platform, but we’ll leave that discussion for another day.

The Secret Conversations addition is currently being beta tested and is not available to the entire public:

Secret Conversations are available on a limited test basis right now, but we will be making the option more widely available this summer. During this test, we will gather feedback about the functionality, measure performance and introduce tools to enable you to report objectionable content to us.

No official release date for Secret Conversations has been announced.

 

Written by Peter J. Schaub

President & CEO of NeoCertified

Images courtesy of Facebook.

Edit this page