Twitter Shelves Plans to Encrypt Messages Between Users

Photo credit: Twin Design/
Photo credit: Twin Design/

Twitter has a reputation for protecting the privacy of its users. It declined to cooperate with the NSA's Prism program ("Twitter deserves kudos for refusing to give in," wrote TechDirt last June); it regularly challenges law enforcement subpoenas for information on its users; it offers two-factor authentication; and in January it started to encrypt (via StartTLS) its own emails to users. It is somewhat surprising, then, that according to a report in The Verge, "Twitter has shelved a project that would have made it more difficult for the government to intercept users’ private messages without a court order."

Twitter has made no public comment on the report; but that is not surprising since it never officially announced a DM encryption project. Nevertheless, 'sources' have told The Verge that the program was dropped earlier this year without explanation, "and a source confirmed it will not be implemented this quarter or next."

Ironically, this news comes at the same time as Edward Snowden, the whistleblower who exposed the extent of NSA and GCHQ snooping, reiterated the value of encryption in preventing mass surveillance. At SXSW last week he stressed that encryption works by making indiscriminate surveillance too expensive, forcing the spy agencies to concentrate their efforts on known targets. At TED2014 this week he suggested that encryption is the best way to protect the internet.

But The Verge does not suggest that Twitter is becoming less concerned about its users' privacy. It offers two possibilities – one that commercial pressures are diverting the company's resources; and two that encryption at this moment might be too difficult.

On the first, "Twitter has been rethinking its messaging mechanism, evidenced by major changes just before its IPO last year, so it may be that there is just too much in flux to invest in encryption right now," suggests The Verge. Going public introduces new pressures. A social network's monetary value is directly linked to the number of users; and, reported Read Write last month, "Twitter is suffering from slow growth." Slow growth means less value, and its share price has slipped steadily over the last three months from just under $70 to just over $50. Twitter's priority may currently be to reverse this trend rather than spend resources on encryption.

On the second, it could be that Twitter has not yet established the best way to secure DMs. StartTLS (Twitter's preferred encryption as demonstrated by its use in its own emails to users) only works where it is enabled at both ends. But DMs can be received via SMS and email, and Twitter has no control over those systems.

The bottom line is that shelving its DM encryption plan is a blow to users, but on its own it cannot be seen as a slackening of Twitter's resolve to protect its users as best it can.

What’s hot on Infosecurity Magazine?