Facebook plans to merge Instagram, WhatsApp and Messenger

Where will this leave data protection?

Facebook has today announced its intention to merge Instagram, WhatsApp and Messenger. The announcement follows a period of the social media giant consolidating its power. The company plans to allow WhatsApp users to send messages to Instagram and Messenger users from within one app, and vice versa.

The announcement raises important security questions around how accessible messages will now be to Facebook themselves and outside actors.

Currently, WhatsApp is the most secure of the three. It uses end-to-end encryption, which “scrambles” messages sent by users that can only be unscrambled by the recipient’s phone. WhatsApp themselves cannot read these messages.

Facebook’s Messenger app only encrypts messages between the sender and their servers, before re-encrypting them between the server and recipient. This means that Facebook can view messages sent via Messenger, and can therefore be required by law to hand over these messages if requested by law enforcement agencies. However, it still utilises encryption so third parties cannot unscramble the messages they may intercept.

Instagram, however, offers no encryption for its messaging service. If someone was able to intercept messages sent between Instagram users, they would not be scrambled and could therefore be easily read in the event of this.

The three services are therefore all different in how they secure data. Facebook will probably have to bring them all in line with each other, but they will likely settle for Messenger’s current approach if they do this. They could keep them operating as they are now, but this would prevent WhatsApp users sending messages to Instagram users securely, the WhatsApp user would need to be informed that their message will not be encrypted. I’m certainly interested in seeing what approach they take.

It also raises bigger questions of the monopoly Facebook (and indeed other internet giants) holds, and whether these companies should be better regulated to responsibly secure the data of their users. Governments are likely to favour Messenger’s approach, as that still gives them access to messages if required in a criminal investigation, for example.

Share this post: