Facebook and Instagram encryption plans delayed by Meta until 2023

Plans to roll out end-to-end encryption on Facebook and Instagram have been delayed amid a row over child safety.

Meta – as Facebook’s parent company is now called – said messaging encryption on the apps would now come in 2023.

The process means only the sender and receiver can read messages, but law enforcement or Meta cannot.

However, child protection groups and politicians have warned that it could hamper police investigating child abuse.

The National Society for the Prevention of Cruelty to Children (NSPCC), has claimed that private messaging “is the front line of child sexual abuse”.

UK Home Secretary Priti Patel has also criticised the technology, saying earlier this year that it could “severely hamper” law enforcement in pursuing criminal activity, including online child abuse.

Privacy v protection
End-to-end encryption works by “scrambling” or encrypting the data while it travels between phones and other devices.

The only way to read the message is usually to get physical access to an unlocked device that sent or received it.

The technology is the default for popular messaging service WhatsApp, also owned by Meta – but not the company’s other apps.

The NSPCC sent Freedom of Information requests to 46 police forces across England, Wales, and Scotland asking them for a breakdown of the platforms used to commit sexual offences against children last year.

The responses revealed:

more than 9,470 instances of child sex abuse images and online child sex offences were reported to police
52% of these took place on Facebook-owned apps
over a third of the cases took place on Instagram, and 13% on Facebook and Messenger, with very few occurring via WhatsApp
That has led to fears that Meta’s plans to expand encryption to widely-used Facebook Messenger and Instagram direct messages could shield the majority of abusers from detection.

The NSPCC said that encrypting messages by default could lead to the easier spread of child abuse imagery or online grooming.

But advocates say that encryption protects users’ privacy, and prevents prying by both governments and unscrupulous hackers. Meta chief executive Mark Zuckerberg made those arguments himself when he announced Facebook’s encryption plans in 2019.

‘Getting it right’
Antigone Davis, Meta’s global head of safety, said that the delay in implementing encryption to 2023 was because the company was taking its time “to get this right”.

The company had previously said the change would happen in 2022 at the earliest.

Ms Davis said: “As a company that connects billions of people around the world and has built industry-leading technology, we’re determined to protect people’s private communications and keep people safe online.”

She also outlined a number of additional preventative measures the company had already put in place, including:

“proactive detection technology” that scans for suspicious patterns of activity such as a user who repeatedly sets up new profiles, or messages a large number of people they do not know
placing under-18 users into private or “friends only” accounts by default, and restricting adults from messaging them if they aren’t already connected
educating young people with in-app tips on how to avoid unwanted interactions
Andy Burrows, head of child safety online policy at the NSPCC, welcomed the delay by Meta.

He said: “They should only go ahead with these measures when they can demonstrate they have the technology in place that will ensure children will be at no greater risk of abuse.

“More than 18 months after an NSPCC-led a global coalition of 130 child protection organisations raised the alarm over the danger of end-to-end encryption, Facebook must now show they are serious about the child safety risks and not just playing for time while they weather difficult headlines.”

Tesla drivers left unable to start their cars after outage

Tesla drivers say they have been locked out of their cars after an outage struck the carmaker’s app.

Dozens of owners posted on social media about seeing an error message on the mobile app that was preventing them from connecting to their vehicles.

Tesla chief executive Elon Musk personally responded to one complaint from a driver in South Korea, saying on Twitter: “Checking.”

Mr Musk later said the app was coming back online.

The Tesla app is used as a key by drivers to unlock and start their cars.

Owners posted a multitude of complaints online about not being able to use their vehicles.

“I’m stuck an hour away from home because I normally use my phone to start [my] car,” one owner tweeted.

About 500 users reported an error on the app at around 16:40 ET (21:40 GMT) on Friday, according to the outage tracking site DownDetector. Five hours later, there were just over 60 reports of an error.

“Apologies, we will take measures to ensure this doesn’t happen again,” Mr Musk tweeted.

The app is not the only way to access the cars though, Stuart Masson, editor of The Car Expert website, told the BBC.

“There will be a secondary mechanism to get in or out of the car beyond the app, the difficulty will come for drivers if they are not carrying it,” he said.

“Technology makes things convenient, but relies on a server working 100% of the time. It’s the same as leaving the house without my credit cards, expecting to pay for things with my smartphone. If we are reliant on one mechanism all the time, we can be caught out.”

Professor David Bailey from the Birmingham Business School has written extensively on the automotive industry. He also drives a Tesla and experienced the outage on Friday.

“To some extent, Tesla is a bit of a victim of its own success,” he told the BBC. “It encourages its customers to use the cutting edge technology it creates and sometimes that will go wrong.

“Although of course you can use a key to open the car too, the natural instinct of many Tesla drivers, who are buying one of the most high tech models in the market, is to rely on the technology.”

Facebook gives users ‘more control’ over news feed

Facebook says it is introducing new features to give people more control over what appears in their news feeds.

The social network has been under intense scrutiny in recent years for how its algorithms promote content.

Now, it says it is testing controls to “adjust people’s ranking preferences” and customise the feed.

That includes, for example, increasing the number of posts from friends and family, and decreasing those from groups and pages.

It will also make controls that already exist “easier to access”, it said – such as the favourites and snooze features, which largely live inside a settings sub-menu.

“We’ll begin testing in countries around the world to a small percentage of people, gradually expanding in the coming weeks,” Facebook said in its announcement post.

“This is part of our ongoing work to give people more control over [the] news feed, so they see more of what they want and less of what they don’t.”

Ranking row
It comes as Facebook and its newly-named parent company Meta are under political pressure to let users avoid its ranking systems.

So-called “engagement-based ranking” has been a repeated target of criticism in the testimony of Facebook whistleblower Frances Haugen, who said it prioritised divisive and extreme content.

The BBC is not responsible for the content of external sites.
View original tweet on Twitter
Facebook disagrees with that, but the view has caught on among some.

A group of US lawmakers has tabled a bill named the “Filter Bubble Transparency Act”, which is designed to make sure that social networks give their users an option to use the sites without any kind of algorithmic interference.

That would bring Facebook much closer to its original version. In the early days, when Facebook was only really used by university students, it simply displayed every post from friends, with the most recent ones first.

Clegg: Facebook is ‘barbecues and bar mitzvahs’
Facebook changes its name to Meta in major rebrand
Facebook’s metaverse plans labelled ‘dystopian’
Facebook, for its part, believes that users do not actually want that. A recent report by the Washington Post discovered that Facebook has run at least two experiments in recent years, exploring what happens when the algorithmic feed is disabled.

One of those tests, the Post reported, resulted in users logging into Facebook less often, spending less time reading content, and posting less themselves.

“The documents suggest that Facebook’s defence of algorithmic rankings stems not only from its business interests, but from a paternalistic conviction, backed by data, that its sophisticated personalisation software knows what users want better than the users themselves,” the Post wrote.

Facebook has added one way to access a chronological feed since March this year, although it is not an option available by default.

On its mobile apps, while scrolling through the news feed, an option for “most recent” will sometimes appear. It only works for that browsing session. The next time the app is opened, it will revert to the algorithmic feed.

Crypto bid to buy US constitution print raises millions

A crowd-funded effort to buy a rare 1787 copy of the US constitution at auction claims to have received more than $13m (£9.6m) worth of cryptocurrency donations.

The group, ConstitutionDAO, says it plans “to put the constitution in the hands of the people”, and hopes to raise at least $20m.

But it is not clear how ownership will be arranged if the bid succeeds.

The BBC has approached the group for comment.

Published in 1787, auctioneers Sotheby’s estimates a sale price of up to $20m, when the auction takes place on 18 November.

There are 13 known copies to have survived from a run of 500 originally printed after the text was settled at the Constitutional Convention in Philadelphia, Pennsylvania.

The copy for sale is one of only two not held in the collection of an institution, Sotheby’s says.

The group wants to put the document on public display.

‘Decentralised’ organising
DAO stands for “decentralised autonomous organisation”.

The idea is to enable individuals to come together to make purchases and share ownership, with their transactions and operating rules recorded on the blockchain – the same underlying technology on which cryptocurrencies like Bitcoin and Ethereum run.

ConstitutionDAO launched just a week before the auction, and is soliciting money with which to buy the constitution document in Ethereum.

On its website, the group says it is “pooling together money to win this auction”.

At first, the website told contributors they were buying “fractional ownership and governance. You will own a piece of the constitution based on how much you contribute”.

That has since been changed to say those who contribute will not get a share in owning the constitution.

The question “Am I receiving ownership of the constitution in exchange for my donation?” is answered: “No, you are receiving a governance token, not fractionalised ownership”.

The “governance token”, the website says, could be used to “advise” on “where the constitution should be displayed, how it should be exhibited, and the mission and values of ConstitutionDAO”.

According to a frequently asked questions (FAQ) document posted to the group’s Discord social media channel by a core contributor to the project: “After the initial purchase, the community will be able to restructure ownership” in line with the group’s mission and values.

The website says there will be “refunds” should the auction bid be unsuccessful.

However, the largely unregulated world of cryptocurrency brings with it many risks.

The FAQ warns of the possibility of hacking or of theft of money, although it says “we have made everything as secure and foolproof as possible given the time constraints”.

The cryptocurrency funds that will be used to make the purchase are in a wallet currently controlled by 13 core contributors, with nine being required to approve transactions.

Regulatory hurdles
DAOs have a chequered history. In 2016, “The DAO” – a distributed venture capital organisation – raised $150m, only to see $50m disappear in a hack because of a flaw in the code that it used.

The legal status of DAOs is also not clear, experts say.

Sotheby’s told the BBC: “As DAOs are not legally recognised entities in most jurisdictions, Sotheby’s requires DAOs to take certain legal steps to ensure the entity can participate in our auctions at this time.”

As a result, the project has formed a US limited liability company in order to take part.

On display
The group says that it is seeking “an esteemed partner” to publicly display the constitution.

“The eventual home must have the expertise to properly house, store, and maintain the artefact,” the group says.

“Additionally, the community has expressed strong preferences for institutions that are free to the public and willing to cover the costs associated with housing the document.”

Proceeds of the Sotheby’s auction will go to the Dorothy Tapper Goldman Foundation – a non-profit group that works to promote understanding of democracy.

Arm-Nvidia deal: UK orders further inquiry

A $40bn (£29bn) takeover of UK chip designer Arm by US giant Nvidia will be subject to an in-depth inquiry by the UK’s competition watchdog.

Citing security and competition concerns, Digital Secretary Nadine Dorries told the Competition and Markets Authority (CMA) to launch a phase two investigation.

An initial inquiry by the CMA found “significant competition concerns”.

Nvidia said, however, that the merger would boost competition and innovation.

The firm said in a statement: “We will continue to work with the UK government to resolve its concerns”.

“The phase two process will enable us to demonstrate that the transaction will help to accelerate Arm and boost competition and innovation, including in the UK”, Nvidia said.

Europe launches investigation into Arm-Nvidia deal
Takeover of UK tech firm ‘raises serious concerns’
Chips based on Arm’s designs are used in a wide range of applications, including in the silicon inside many Apple products.

Announcing her decision, Ms Dorries said: “Arm has a unique place in the global technology supply chain and we must make sure the implications of this transaction are fully considered.”

“The CMA will now report to me on competition and national security grounds and provide advice on the next steps.”

In a letter to both Arm and Nvidia setting out the reasons for the decision, officials provided more detail on the national security concerns.

It suggested that the deal could see a “potential reduction of the UK’s autonomy to develop, operate or support defence and security systems that utilise Arm IP (intellectual property)”.

The deal also faces a competition probe by the European Commission.

Apple digital ID scheme comes with conditions and costs

Apple’s much promoted digital driver’s licence feature comes at a cost to the taxpayer, according to reports.

Announced in September, it will allow residents in eight US states to store state IDs and driver’s licences inside the Apple Wallet app on their iPhone.

Apple has “sole control” of several aspects of the rollout, CNBC reports.

But Arizona, Connecticut, Georgia, Iowa, Kentucky, Maryland, Oklahoma, and Utah “bear the burden of maintaining [the feature], at taxpayer expense”.

Using public-record requests and other means, CNBC acquired details of the agreements between some of those states and Apple:

Apple retains control over when the feature is launched and what devices are compatible – but state agencies are responsible for maintaining the relevant computer systems and legal compliance and Apple stipulates how they report on its “performance”
State bodies must employ or allocate people and resources to support the project “on a timeline to be determined by Apple” and, if Apple requests, “designate” project managers to answer Apple’s questions
The contract requires states to market the new feature – but Apple has review and approval power of those marketing materials
The digital ID must be “proactively” offered to every new licence holder or renewal at no extra cost to the person applying
States must promote it to agencies such as local law enforcement or anyone else who regularly checks IDs
“The end result is that states bear the burden of maintaining technology systems at taxpayer expense, a move that ultimately benefits Apple and its shareholders by making its devices even more essential than they already are,” CNBC’s report says.

Jason Mikula, a financial technology writer who also obtained the Apple records, wrote the states “have ceded a shocking degree of control to Apple”.

“Beyond giving Apple near total control over the programme, states also agree to terms that make it nearly impossible to terminate the programme in the future,” he said.

According to two memoranda of understanding, “the state agencies that have entered into them can only terminate them with Apple’s consent or for cause – if Apple breaches the terms of the agreement and doesn’t remedy within 30 days”.

Apple did not respond to a request for comment.

Who needs a Covid passport and how do I get one?
How Covid passports work around the world
When Apple announced the first details of its ID scheme, it emphasised the encryption and other security features, stressing neither the company nor state officials could know “when or where” users showed IDs.

During the coronavirus pandemic, there was significant public resistance in some countries – including the UK – to the idea of digital Covid passports or other ID, despite the NHS Covid-19 app eventually being widely adopted for that purpose in England.

Civil-liberties concerns also led to the scrapping of a 2019 attempt to introduce a more general digital-ID system in the UK.

Apple to fix iPhone 13 Face ID screen repair glitch

Apple has promised to fix a problem with its iPhone 13 that means that screen repairs performed by unofficial parties break its Face ID feature.

The model contains a chip that “pairs” a screen with a specific phone and requires special software tools to “match” a new one.

Repair firms have found that without those tools, the facial-identification security function no longer works.

Apple, whose repairers use the tools, says it will issue a software update.

The feature has been widely criticised by right-to-repair advocates, who suggest it was included to limit who could repair iPhones.

The issue was first reported by iFixit, a company specialising in tools, parts and tech repair guides.

It labelled the new link between screen replacements and Face ID as a “dark day for fixers, both DIY and professional”.

Authorised repairs
The repair firm discovered that the new chip ensures that unless the replacement screen is “matched” to the phone’s unique serial number, Face ID does not work.

The only known existing work-around for independent or do-it-yourself repairers involves delicate, laborious work to transplant the chip from the old screen to the replacement.

The procedure needs specialist equipment and training, which only a fraction of repair shops were capable of, according to iFixit.

Apple told news outlets, including The Verge and The Register, a solution would be made available in a future update but gave no date.

It is not clear whether the issue was a bug or – as some right-to-repair advocates argued – part of a wider move by Apple to restrict third-party repairs.

Apple has often been labelled one of the main opponents of right-to-repair legislation, reportedly arguing that allowing consumers to repair their own devices could lead to injury.

The company’s co-founder, Steve Wozniak, who made the first Apple machines in a garage with Steve Jobs in the 1970s, has expressed support for the right-to-repair movement, saying Apple would not exist without the kind of tinkering repair enthusiasts are campaigning for.

Reacting to Apple’s pledge, iFixit’s Kevin Purdy wrote: “It’s a good day, if media attention and public pushback truly forced Apple’s hand.”

But he also warned that it was “an endless fight”.

“Apple – and the many companies it inspires – will advance again with more parts lockdowns, more feature reductions, more reasons why only their profitable repair centres can do this work,” he said.

‘We lost festive savings in family WhatsApp scam’

A grandfather has told of how he lost money saved for Christmas presents after his family were duped by fraudsters on WhatsApp.

The 75-year-old, who wished to remain anonymous, said they had been tricked by criminals posing as his grand-daughter on the messaging service.

He transferred £1,550 to the con-artists, for an emergency medical bill that was a fake.

WhatsApp and trading standards officers are warning others of the scam.

‘You feel a fool’
Fraudsters posing as the young student sent a message to her father, saying she had a case of haemorrhoids that she was embarrassed to talk about.

Subsequent messages suggested that she needed money for private medical care and asked for the money to be transferred directly.

The correct spelling of her unusual name helped convince the family it was genuine, and her grandfather agreed to pay the supposed bill.

Attempts to contact her directly failed, as the calls went straight to an answerphone.

Only after the money was paid did they get through to her, and realised they had been tricked.

“You feel such a fool,” her grandfather said. “I was angry that I was able to be duped.

“You get used to these scam calls, but they are getting quite clever. I used to run my own business, so if they can fool people like me, a lot of very vulnerable people will be in trouble.”

He is trying to get the money refunded from his bank, but so far they have said their fraud checks were sufficient and have refused to reimburse him.

Young targets
Surveys have suggested that 59% of those asked had received a message-based scam attempt in the last year.

Younger age groups, who were more likely to text than call, were said to be more exposed to these kinds of scams.

WhatsApp hijack scam continues to spread
Fraudsters steal £4m a day as crime surges
Trading standards officers said that scammers sent messages that appeared to come from a friend or member of the family, before asking for personal information, money, or a six-digit code.

Usually you would need this code when setting up a new account, or logging in to your existing account on a new device.

However, if you have not initiated this request, it could be a scammer trying to log in to your account.

The messages are sent from the compromised accounts of friends, or from an unknown number claiming to be a friend who has lost their phone or been locked out of their account.

“These kinds of scams are particularly cruel as they prey on our kindness and desire to help friends and family,” said Louise Baxter, head of the National Trading Standards scams team.

Advice from WhatsApp includes:

Stop. Take five minutes before responding. Make sure your WhatsApp two-step verification is switched on to protect the account
Think. Ask if the request makes sense. Scammers prey on people’s kindness, trust and willingness to help
Call. Verify that it really is your friend or family member by calling them directly
Kathryn Harnett, policy manager at WhatsApp, commented: “WhatsApp protects our users’ personal messages with end-to-end encryption, but we want to remind people that we all have a role to play in keeping our accounts safe by remaining vigilant to the threat of scammers.

“If you receive a suspicious message, even if you think you know who it is from, calling or requesting a voice note is the fastest and simplest way to check someone is who they say they are. A friend in need is a friend worth calling.”

The cost to all scam victims’ wellbeing has been estimated at a collective monetary total of £9.3bn a year, according to the consumer group Which?.

Apple v Epic: Court denies delay on App Store changes

A US federal judge has denied a plea by Apple to delay changes to its App Store as a result of its landmark legal battle with Epic Games.

Apple largely won the fight with the maker of Fortnite. However, it was told it could no longer ban developers from telling customers about non-Apple payment options.

Apple appealed against that ruling.

However, it has been denied permission to delay implementing the change while its appeal is ongoing.

That means that from December, app makers will for the first time be allowed to tell their customers that they do not have to use Apple’s payment system.

Going outside that system means the developers do not pay Apple’s 15-30% cut of sales.

The current rules ban any mention of an external payment system inside apps downloaded from Apple’s App Store. So, for example, a TV or movie streaming service would not be allowed to tell people to sign up on a website before using the app.

‘Fundamentally flawed’
The initial judgement, handed down in September by Judge Yvonne Gonzalez Rogers, found that Apple could not be considered a monopoly for the way it handles its App Store or the fees it charges. “Success is not illegal,” she wrote.

But this week, she threw out Apple’s request to delay implementing the changes on the one key part it lost.

“Apple’s motion is based on a selective reading of this court’s findings and ignores all of the findings which supported the injunction,” she wrote in her ruling.

“The motion is fundamentally flawed,” Judge Gonzalez Rogers added.

In the hearing, she was also critical of Apple’s request for a stay until all appeals are resolved – which could take years – rather than a limited one of some months while it tried to figure out how to change its long-standing rules.

Writing in her judgement, she said: “Other than, perhaps, needing time to establish guidelines, Apple has provided no credible reason for the court to believe that the injunction would cause the professed devastation.

“Links can be tested by app review. Users can open browsers and retype links to the same effect; it is merely inconvenient, which then, only works to the advantage of Apple,” she wrote.

In a statement provided to US media outlets, Apple indicated it plans to go to a different appeals court in a bid to get its bid approved.

If that also fails, then Apple must make the changes by 9 December, which will be 90 days since the initial ruling was handed down.

Epic has also appealed against the initial ruling, which it lost on nine of 10 issues.

Harry says he warned Twitter boss ahead of Capitol riot

The Duke of Sussex has said he warned Twitter boss Jack Dorsey about political unrest in the US – just a day before the deadly 6 January riots.

“I warned him his platform was allowing a coup to be staged,” Prince Harry said at the RE:WIRED tech forum in the US.

“That email was sent the day before. And then it happened and I haven’t heard from him since,” the duke said.

He was speaking at a session discussing whether social media was contributing to misinformation and online hatred.

Mr Dorsey, who is Twitter’s chief executive officer, has so far made no public comments on the issue.

Internet ‘being defined by hate, division and lies’
Prince Harry, who now lives with his wife Duchess of Sussex in California, appeared at Tuesday’s session via video chat as a guest speaker. He was introduced as the co-founder of the Archewell organisation.

The duke used his personal experience with online hatred and the press to reflect that social media companies were not doing enough to stop the spread of misinformation.

He said the internet was “being defined by hate, division and lies”, adding: “That can’t be right.”

His appearance via video chat comes two weeks after a data analytics company alleged that 70% of the hate directed towards the Duke and Duchess of Sussex on Twitter was generated by just 55 accounts.

Meanwhile, investigations into what happened on 6 January, when a mob of President Donald Trump’s supporters stormed the Capitol building in Washington DC and disrupted the official certification of Joe Biden’s victory in the White House race, are continuing.

More than 670 people have been charged with taking part.

On Tuesday, a congressional committee investigating the riots summoned more of Mr Trump’s closest aides to give evidence.

Among the latest batch is a former White House press secretary, a senior policy adviser and personal assistants.

The inquiry is trying to find out if Mr Trump had foreknowledge of the attack.