Facebook’s decision to move toward end-to-end encryption and “secure data storage” is the right call. It is necessary. With this decision, company executives will be on the right side of history, as I will explain more below.
The decision to more deeply embrace ephemerality as part of the future of their “privacy” strategy is, however, a mistake.
Driving toward disappearing messages may look good on paper, and may seem consistent with what users think of as “privacy.” But I think embracing ephemerality will ultimately prove to be somewhere between regrettable and deeply problematic both for society and the platforms that adopt it.
First, ephemerality is going to prove dangerous when it comes to defending ourselves in the future of information warfare, which will mostly happen on private channels and in living rooms, rather than the “town square.” Companies will need data about misinformation to fight misinformation, for example. The solution shouldn’t be centralized record-keeping, but local data retention. Records should be kept somewhere.
Second, ephemerality will force a series of questions about ownership of information that we are ill-prepared as a society to address and that I believe we should leave un-formalized.
Finally, unlike encryption, ephemerality is both impossible to guarantee and runs contrary to the natural trajectory of technology. In my experience, when you can’t trust something and it runs against the grain of what technology fundamentally does, it becomes a liability.
Why embracing encryption is the right call
There are several reasons that moving to embrace encryption for private messaging is the right call for both the world writ large—and for Facebook as a company.
On a societal level, we face globally an unprecedented consolidation of control over human speech onto just a few platforms. Not just public broadcasting, but literally all speech. There is no precedent to help us think through what that means.
It is almost guaranteed the power we now wield to control private speech will, at some point, go terribly wrong.
It could happen in a variety of different ways—from poor decisions by company leaders to communities advocating for things that are not ultimately in their best interest. The only thing that is nearly certain is that the power is so great, at some point it will be misused, with cataclysmic results—if not in the next few years, certainly in the next few decades.
Historically it was impossible in practice for dictators to regulate living room conversations. They could only regulate the public discussions in the “town square.” The fact that all speech—if centralized and unencrypted—can now be monitored at scale will eventually lead to disaster. The only solution for central platforms is to throw away the keys.
If that is the macro-social reason why encryption is critical, it also should not be lost on anyone that moving in this direction is the only way that large international speech platforms will survive into the future.
We largely lived in a “pax digitus” for the first few decades of the internet, where the internet was an “other space” that was left alone by regulators. This era is clearly over.
It will be a hard fight for Facebook to get from where they are today to global, secure end-to-end messaging. Most people have forgotten how controversial the export of encryption technologies outside the U.S. was for the first wave of internet companies, and in many ways this is many orders of magnitude more impactful. But it is the right thing to do, and I am glad they are up for the fight.
Why including ephemerality as part of the privacy narrative is a mistake
It is obvious why consumers “like” ephemeral messaging, and easy to understand from a lay perspective why, if polled, I am sure they view it as a strong privacy feature to have their messages “disappear.”
Exploding messaging makes people think they can share more, that their messages will be distributed in a more limited way, in a context which requires less cognitive load and consideration. It feels like they’re just shooting the sh*t at a bar where no one will remember what you said the next morning.
That said, it is a very poor idea to treat ephemerality as part of the overall privacy narrative for three reasons:
1) Ephemerality creates serious risk of completely un-auditable private speech at hyperscale
Private messaging is the next battlefield for information warfare, disinformation and subversion.
As I wrote a few years ago in the column, “Free Speech and Democracy in the Age of Micro-Targeting,”the thing to really be worried about is individuals and organizations using the internet to believably and personally interact with millions of people personally and privately, telling them what they want to hear and skipping the “public” sphere entirely.
I do not believe that the answer is for records of private messages to be kept and accessed through a centralized platform. The risk of that centralization is even greater than the risk of the attacks that will come. It is far too easy for things to go wrong.
However, I also think it is a mistake to believe that you want no records kept at all. When the next generation of bad-actors uses ever more sophisticated AI to manipulate people en-masse through personalized targeted outreach, we must be able to reconstruct and litigate what happened.
What I believe should happen is much the way the world has worked outside of the internet for a very long time. Each person who is party to a conversation should have records of the conversations and interactions they have had. When something goes wrong, society should be able to appeal to—and compel with due process—those individuals to disclose their personal records.
I think it could even be a good idea for a central platform to keep some sort of hash of the message to help corroborate the validity of whatever is “discovered” on the device, and perhaps even have formal data retention policies. I trust the distributed partial storage of millions of people versus a handful of centralized platforms.
The pain, cost and publicity of the state getting records from groups of its citizens (or non-citizens!) is far greater than the costs associated with going to a centralized platform, which creates a healthy social tension and balance.
Encryption is a powerful tool. We should have it to defend against centralization. But the idea that we should have no records is simply a bridge too far. Instead, we should trust people to maintain and control their own “correspondence” today, as they have in the past.
Allowing anyone to talk to anyone else instantly, at scale, completely in private, with no ability— under any social or legal framework—to know what is said, is too dangerous even for my taste.
Records are all that allow us to as a society find networks of bad actors, and hold the powerful to account for their speech and actions over time.
2) Ephemerality exposes challenges of information ownership which we won’t resolve
If one person takes a picture on another person’s camera of a group of people at a party, who owns that image and should have access to it in the future?
The formal legal answer might be that the person who snapped the picture owns it, but in practice that isn’t how it works nor is it how we would want it to work as a society.
The same question comes up in a conversation. If we speak together, and iterate on each other’s ideas, who owns what utterances? Should I be able to take back mine in the future even if it destroys the context and meaning of your words?
Right now, we live in a world where the idea of information ownership is—on a day-to-day basis—socially enforced and casual versus formally structured.
If platforms make shared media ephemeral, and only permanent to the person who formally “owns” it, more precise definitions of ownership in day-to-day media will be required. That will lead to all sorts of weird behaviors (30 photos of the same thing, copying important notes and conversations and recommendations separately out of a thread, etc.)
In the physical world, ownership may be easy enough because possession is 9/10ths of the law. An object can only be in one place at a given time; however, information is a very complicated system. Information moves by being copied rather than “moved” as we share with each other, and learn from our surroundings.
Moving toward “ephemeral” messaging forces us to start to consider all the social contracts by which we share information and content with each other. I don’t think we are at all prepared to tackle the fundamental questions this creates.
We all understand how letters work. You don’t ask for them back once they are sent. The same thing goes for email. We all know that you can’t force someone to forget something (or ever prove that they have). In my mind, it would be a big mistake to push this form of sharing fully into the mainstream as the norm, rather than the exception.
It will either lead to confusing special cases which will invalidate the overall sense of ephemerality, or will devolve into a set of arguments about context and ownership that are even more complicated than many of those we currently face on the question of “privacy.”
Neither of these outcomes are palatable in any immediate sense. The bigger risk is that major platforms make the wrong calls on these things—and fundamentally distort how people naturally interact with each other.
3) Ephemerality is impossible to guarantee and dangerously out of sync with technological reality
I promise you that Kim Kardashian’s daily Instagram stories are not actually ephemeral. If I had to bet, hundreds of companies and brands are recording and saving them daily for research purposes. The same goes, I would bet good money, for hundreds—if not thousands—of others.
Encryption is a mathematical ground truth. It is science. If a project is open source, you can prove it. It is true that if encryption is being offered by a large organization that is not open source, then you have to rely upon auditors to prove their claims of encryption - but whether or not something is encrypted is still a fact.
Ephemerality, conversely, is just a product trick. It can never be proven, and if I can see something on a screen, then you can assume that I can be saving and recording it in some way.
Ironically, as the cost of storage and computing declines and the algorithms for reading and structuring images improve, the ability to constantly record everything I am doing will only improve.
It is a big mistake for products to ever “fight” with technology, as opposed to trying to direct it. The idea of trying to enforce memory loss at a time when memory explosion is one of the key features of our society is just out of step.
At some point, people will realize that they can’t actually trust “disappearing” messages to disappear, which will undoubtedly be a major future scandal in some form or another.
The best products and product decisions are, in my mind, ones that are able to consider the past and anticipate the future.
Encryption fits well in that narrative. The techniques might need to slightly change over time, but it is a decision for the ages.
Ephemerality is the opposite. It may have existed in a deep, dark prewritten past, but we long ago graduated to a world where things are written down. The historical precedent for it is weak. It also simultaneously doesn’t live up to the expectations of any future I can recognize. Except in a world of highly locked down technology or “Men In Black” mind-flashers, it just doesn’t fit how humans will want to extend and expand their memory.
If ephemerality becomes a platform feature of the future, then the sad reality will likely be a divergence of the haves and the have-nots, where some people record their lives and have the ability to search over and access it, while others do not. Those who record will have power over those who don’t.
The fundamental parts of privacy
The privacy of speech breaks down into control over three elements: identity (who is speaking), content (what is said), and audience (who can listen).
It makes sense that, for Facebook at least, the “identity” part of privacy is left out. It would be a bridge too far to imagine a world where there would be anonymous content on Facebook platforms, both because of the heritage of the company and because people know how nasty and terrible anonymous speech becomes. Also, even I stretch to imagine what anonymous personal messaging actually looks like as a product.
The audience control, who should be able to listen, is the easiest to think about and I think Facebook has it right now. I should be able to share exactly what I want with just whom I want, without having to include anyone else (including any middlemen) in the conversation. That ability to define your audience and freely speak to them is the core of the “living room” experience we need to defend into the technological future for the resilience of humanity.
The content part is where it gets sticky. Ephemerality is, effectively, an attempt to force specific behavior on the content people share—which doesn’t make sense. Ephemerality is dangerous given the realistic future of technology and information warfare, it is out of step with how people actually think about information and the patterns by which it is broadly shared, and it also runs contrary to the technological narrative—which is never the side of history you want to be on.
Information moves by being copied from person to person. Technology fundamentally accelerates that model. Products can try to stand in the way of the technological narrative, and might succeed for a while. But ultimately when they collide, technology almost always wins, which is a very good thing.