Just because your WhatsApp messages may be end-to-end encrypted, doesn’t mean Facebook won’t one day potentially be able to use the contents for advertising. While one of the big assumptions about encryption has been that the messaging platforms themselves aren’t privy to what you’re discussing with your contacts, a new push to develop homomorphic encryption techniques could change the stakes.
End-to-end encryption means that, thanks to a secret encryption key, only the sender and the recipient of a message can actually read it. WhatsApp added it back in 2016, and then began switching on cloud backup encryption for some users earlier this year. It’s a key feature that privacy advocates say to look out for when you’re choosing a messaging platform.
For companies like WhatsApp-owner Facebook, however, while offering this sort of encryption may be becoming expected to be competitive, it also presents a challenge. Without access to your conversations, there’s no way to do targeted advertising: showing commercial content based on the topics of conversation, for instance. If you’re in the business of making money by showing ads, that’s a problem.
One potential answer is known as homomorphic encryption, which Facebook has confirmed to The Information that it’s working on. Effectively, it’s a system whereby processing in the cloud can be carried out on encrypted data, without having to first decrypt it. That allows services to preserve security while still making better use of user data.
Traditionally, if Facebook wanted to use the contents of a WhatsApp chat for targeted marketing, it would need to decrypt it first. For that to happen in the cloud, where it would be most efficient, it would mean Facebook and WhatsApp would need a copy of the user’s encryption key. That, of course, presents a security risk.
With homomorphic encryption, however, a different type of encryption allows for computation to be performed on that encrypted data, without access to the decryption key. The end results of that are also encrypted, and are only visible to someone with that key. The advantage is that the cloud service can carry out the processing but without actually seeing the data itself, thus preserving security.
It’s not a new idea. Indeed, the idea of homomorphic encryption was first introduced back in 1978, with working demos in 2009. One challenge has been the computational load involved, which is significantly higher than when working with non-encrypted data.
In 2011, for example, Microsoft researchers came up with a system that could do basic addition and multiplication on data secured with homomorphic encryption. It took 20 milliseconds to add together 100 different numbers – each 128 binary digits in length – without breaking encryption along the way. Prior systems took more like 30 minutes to achieve the same thing.
Multiple companies are looking at the concept, with a variety of goals in mind. One significant one is the potential use for homomorphic encryption in manipulating healthcare data, which is typically subject to strong encryption in the cloud. Such an approach could possible allow for analysis of that health information – such as looking for signs of hereditary conditions, or even tracking evidence of heart rate or blood sugar issues from real-time medical monitors – without compromising privacy.
According to The Information, Facebook is padding out its artificial intelligence researchers to look into homomorphic encryption. Recent job ads have called for people to work on systems that would ensure privacy while also “simultaneously expanding the efficiency of Facebook’s market-leading advertising systems.”
Exactly how that would work in practice remains to be seen. Such a system might be able to perform analysis of conversational themes in the cloud, on encrypted chat data, and then deliver the results of that analysis to the user’s device. There, it would be decrypted using the secret key, and the device then use that to pull the appropriate adverts from Facebook and WhatsApp’s database. While the result would be a more targeted marketing campaign, it would be operated without unencrypted data being shared beyond the user’s phone or other device.
From the sound of it, it seems like Facebook still has plenty of time to work out the details. According to the company, it’s “too early for us to consider homomorphic encryption for WhatsApp at this time” it said in a statement. Still, if it can figure out how to make the technique work, it could give Facebook a valuable argument as to why it should be trusted with user data, without cutting off a potentially valuable income stream.