WhatsApp has made its unrivalled personal privacy and security its main selling points in recent times; these are especially welcome traits in a communications tool when one considers how many times WhatsApp’s sister app and social platform, Facebook, has featured in the news due to its security flaws. In fact, SALT’s very own Technical Director, Reza Moaiandin, found a loophole in Facebook’s security back in 2015, which meant hackers were easily able to access users’ personal data.
However, while you might presume the world is content with their messages being private and secure, this isn’t the case for everyone. In fact, China has just partially blocked the popular messaging service in an act of national censorship. But closer to home, authorities aren’t after a ban – instead, they want access to the WhatsApp data of others.
How is WhatsApp so secure?
WhatsApp’s end-to-end encryption was put in place in April 2016, and ensures that nobody but the sender and the recipient can see text, images, files or video messages – not even WhatsApp themselves. Calls are also encrypted, making all communication on WhatsApp absolutely private and secure for its billion-plus users.
What is end-to-end encryption?
End-to-end encryption is a method of scrambling messages into a long series of digits, which can then only be deciphered by those who hold the key – in the case of WhatsApp, that is the sender and the intended recipient. The key instantly disappears once each message has been read, leaving no trace, meaning the only way to read a message would be to look at it on the sender or recipient’s phone.
Criticism of WhatsApp’s security measures
Since WhatsApp’s secure encryption has been in place, it has faced much criticism in the press – particularly in the wake of several recent terrorist attacks in the UK, where it has been made known that the perpetrators have used the app moments before embarking upon their deadly assaults.
For some, it seems ridiculous that the authorities aren’t able to access information about WhatsApp messages and calls in the same way they can for basic text messages and calls made from a mobile phone.
Conversely, others relish the communicatory freedom in a time where our every move seems to be monitored by our phones, tablets, and other technology. After all, is communication really the problem here? There have always been methods of communication, and when we’ve all moved on from WhatsApp, there will no doubt be many more.
Amber Rudd, Home Secretary, used to speak out vehemently about the need to give the government access to requested account information (such as phone messages), but she has more recently said this on the matter:
End-to-end encryption has a place. Cybersecurity is really important and getting it wrong costs the economy and costs people money, so I support end-to-end encryption.
The issue, in a nutshell, is personal privacy versus national security, however personal privacy is also a national security issue. Both sides of the argument are valid, and so I can see it being an ongoing debate for a long time to come.
Why WhatsApp can’t supply much data to authorities
The problem here has been that the authorities have requested and been declined access to perpetrators’ WhatsApp records for various legal cases; not because WhatsApp does not wish to share the information, but because it couldn’t even if it wanted to – its end-to-end encryption wouldn’t make it an option. If back doors were to be opened for authorities, this would render WhatsApp much less secure for all users – not just the criminals or potential criminals being investigated.
WhatsApp does try to work with authorities and provides what it can – metadata that outlines who was contacted and when, for example.
Apple found itself in a very similar battle with the FBI in 2016, after a San Bernardino shooter suspect’s iPhone was seized last year; the US government wants a way to access private data on phones and other devices, even when those devices use secure encryption. This case was regarding the simple matter of unlocking the phone, but the basic issue is the same: these companies require full encryption or there’s no point in having any encryption. Less than full encryption is a weakness waiting to be exploited.
The WhatsApp encryption debate boils down to this: should WhatsApp be made less private in case the police or other authorities wish to track communications through it, making it and all its users vulnerable to hackers, or should it stay end-to-end encrypted and aid our national security in that way?
Featured image credit: pazham/Bigstock.com