Popular messaging app WhatsApp has added end-to-end ecryption in its latest update to the app. This means that governments, hackers, even WhatsApp (and Facebook who owns it) can’t peek at your messages.
Following the huge row between the FBI and Apple over encrption, this could be seen as the tech industry biting back. Fred Touchette, Manager of Security Research at AppRiver stated that “WhatsApp’s decision to offer full end to end encryption is a great thing. People have the right to privacy and security and this will certainly help provide more of both of those for the WhatsApp users. If more companies used or provided more encryption, even outside the mobile market, we would certainly read far less about breaches wherein the data that was stolen was not only easily accessible, but also easily readable. Security and privacy are a good thing and we should all welcome it with open arms.”
WhatsApp founders Brian Acton and Jan Koum stated in the announcement: “The idea is simple: when you send a message, the only person who can read it is the person or group chat that you send that message to. No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us,”
As the population becomes more aware of security and the implications of not bothering with it, the argument of privacy vs. security is evolving. Security is becoming a big selling point in messaging and file-sharing apps, with apps such as Signal being downloaded at an ever increasing rate.
WhatsApp’s move means that if they’re asked to share information with law enforcement, their hands are tied.
What is encryption?
Encryption is the scrambling of data in such a way that only the intended recipient can read it. The original message is scrambled using a very large digital number, known as a key – commercial encryption uses 128 bit key which is regard as extremely difficult to crack. The recipient of the message has the key to unscramble the message, so it is only decoded at its true destination. It’s all done using very advanced mathematics and it makes us a lot less prone to hacking and surveillance. Splendid!
What do the experts think?
Richard Cassidy, Technical Director at Alert Logic joined Mr. Touchette in hailing the decision:
“WhatsApp’s decision to encrypt it’s data certainly heralds a big win for data privacy advocates of instant messenger applications; something that has become a bone-of-contention among privacy rights groups and users of WhatsApp globally. Apple and Google have led the way in taking a firm stance in protecting its users data, however in the current climate, where data intelligence is key to assuring the security of nations against nefarious acts by terrorist organisations, there needs to be the capacity to ensure data can be accessed where suspects are identified. It is clear that well defined legislation should govern access to any such data, so that legitimate users don’t feel their privacy would be comprised under normal usage circumstances. This move signals a clear direction by popular user applications and IM services that others will follow suit on, to attract more users concerned with their data privacy rights, which we are seeing a stark increase of globally”
We’re with Richard in expecting this to become a new trend in the market for messaging apps. It also sends a very strong message to the FBI in the aftermath of the much-documented San Bernandino iPhone debacle. Cris Thomas, a Strategist at Tenable Network Security concurs, saying that “Extending encryption to the videos, photos and communications of 1 billion users is a strong statement by WhatsApp following the Apple/FBI case, especially because the level of encryption being used will prevent even WhatsApp from accessing customers’ encrypted data, effectively pre-empting any attempts by law enforcement to force the company to compromise the security of its products. Strong encryption is essential in this hyperconnected age, not just for security and privacy, but for freedom of thought and expression.”
He also had a warning to users who may need to take further action to ensure their data is fully protected by encryption:
“Also note that just because you use WhatsApp doesn’t necessarily mean no one can read your messages. If you’re using an unencrypted iCloud backup or someone has access to your Android device your messages are still readable. Think of this as using an armoured truck to deliver cash between two people who live in a public park. The messages while in transit are secure, but the endpoints are still vulnerable. That doesn’t lessen the importance of what WhatsApp has done here, but people need to understand their personal threat model.”
So readers, we advise that you update your WhatsApp and check what the encryption is like on any other meesaging apps you use, as well as your backup. If the FBI-Apple argument taught us anything, it’s that the government is pretty persistent when it wants to access information – when they do, the same tools may become available to hackers and criminals, so it’s essential you take any steps you can to prevent easy access – even if you aren’t doing anything wrong!