Facebook Messenger has become omni-present in the lives of one billion people, and despite concerns over the years about what information it might be gathering from users, a report recently released by Amnesty International found it to be highly secure.
The human rights organization also found that Facebook-owned WhatsApp and Apple’s iMessage also excelled in terms of security, while other commonly-used messaging applications didn’t make the grade, including – and somewhat surprisingly – Blackberry’s BBM. Even as the popularity of its hardware dimmed, Blackberry had a reputation for strong security. However, Amnesty said that it is not taking the basic steps necessary to guarantee user privacy, along with more popular messaging services such as Snapchat and Microsoft’s Skype. Blackberry and China-based Tencent brought up the rear with Google landing in the middle.
While Amnesty International is not normally associated with IT security, the organization sees messaging privacy as having an impact on human rights as poor security and lack of encryption leaves users, including activists, open to spying from cybercriminals and government agencies.
It’s important to note that the organization did not carry out an overall assessment of the security of the different messaging apps; rather, it recommends that journalists, activists, human right defenders and others whose communications may be particularly at risk seek expert digital security advice. Neither did Amnesty International rank the companies providing these messaging applications on their overall human rights performance, or their approach to privacy across all their products and services.
Specifically, the organization ranked the companies across five criteria, awarding up to three points per criterion, based on whether its assessment determined that the company met the criteria completely. The five criteria used to evaluate instant messaging services included:
- Does it recognise online threats to human rights?
- Does it deploy end-to-end encryption as a default?
- Does it inform users of risks and encryption used?
- Does it disclose government requests for user data?
- Does it publish technical details of encryption?
Facebook and Apple came out in first and second place, respectively, which encompasses Facebook Messenger, WhatsApp, iMessage and FaceTime. Facebook scored 73 out of 100 points, while Apple came in at 67, as did Telegram Messenger.
Google’s trio of messaging applications – Hangouts, Duo and the recently launched Allo – were in the middle of the pack at 53, while Snapchat only managed 26, and Blackberry was second from the bottom at 20.
Facebook’s high score can be attributed to the fact that WhatsApp deploys end-to-end encryption as a default, and recently introduced a “secret” messages feature for Facebook Messenger which uses end-to-end encryption, although messages are not encrypted otherwise. Earlier this year, WhatsApp extended encryption to photos, videos and voice calls.
Amnesty International has highlighted end-to end encryption, a way of scrambling data so that only the sender and recipient can see it, as a minimum requirement for technology companies to ensure that private information in messaging apps stays private. The companies that ranked lowest on the scorecard do not have adequate levels of encryption in place on their messaging apps.
Since purchasing WhatsApp in February 2014, Facebook has been leveraging features from that application and incorporating them in to Messenger, and has also been pushing mobile users to its standalone application rather than letting them send messages through the mobile website or the mobile Facebook application.
Amnesty International sent letters to the 11 companies assessed, requesting information about each company’s current encryption standards, and details of policies and practices the company has in place to ensure it meets its human rights responsibilities in relation to its instant messaging services. Eight of the companies responded; it did not receive any response from Blackberry, Google or Tencent.
