WhatsApp piles into the privacy debate and simply invokes encryption for all services
via Flickr © hyku (CC BY 2.0)
- WhatsApp invokes full end-to-end encryption
- Throws down gauntlet to security services
If you’re a WhatsApp user you will have noticed that the service (now with about 1 billion users worldwide) is assuring us all that it’s ‘fully’ encrypted end-to-end. That means all calls, vdieo, messages group chats and so on happening across WhatsApp are, from now on, scrambled with a unique key assigned to each and any communication and so therefore uncrackable. There is no so-called backdoor through which a security apparatus can peer to keep tabs on things.
The WhatsApp announcement comes In the wake of the iPhone security struggle, where the FBI wanted access to an iPhone and Apple said it wouldn’t/couldn’t help it break in. So now the Facebook-owned service has seized the moment and made its own move to encrypt the data on its journey, and that presents those arguing for some sort of last ditch right for authorised interception with a problem. Now an iPhone-using WhatsApp subscriber, for instance, looks fully encrypted and secure - when messages travel across the Internet they can’t be intercepted by anyone (like the NSA) or read by the FBI (or similar) when stored on a phone at either end. As long as the passcode isn’t 0000 your messages are probably safe from prying eyes - except if they’re stored unencrypted in the cloud: then you’re back to ‘vulnerable’ again.
The WhatsApp move, of course, is much to the displeasure of general security agencies and (probably) to at least a proportion of the global population who might sympathise with the oft-voiced contention that “in the current climate, where data intelligence is key to assuring the security of nations against nefarious acts by terrorist organisations, there needs to be the capacity to ensure data can be accessed where suspects are identified. [a mandated back door, in other words] It is clear that well defined legislation should govern access to any such data, so that legitimate users don't feel their privacy would be comprised.” That’s according to Richard Cassidy, technical director EMEA at Alert Logic, one of many industry voices weighing in on the subject.
Many experts, though, welcome the move by WhatsApp and hope that the strong stance taken will encourage other messaging and online players to do the same, pointing out that strong encryption can help prevent big data breaches and - the clincher - that if it’s terrorists you’re after, it’s unlikely that they’re currently exchanging messages like “meet you in half an hour with the bomb” across WhatsApp. They can arrange their own encryption.
Ultimately this argument may really be about how we want to live. How important is it for you to feel fairly confident that whatever you do and say to each other in private - including across the Internet - Big Brother can’t listen in?