Application security, Compliance Management, Network Security, Privacy

WhatsApp end-to-end encryption completed

Less than two months after Brazilian authorities detained Facebook Vice President for Latin America Diego J. Dzodan for obstructing an organized crime investigation by failing to hand over content from WhatsApp messages requested by the country's government and set the stage over a showdown between tech companies and authorities, WhatsApp integrated the Signal Protocol into its online messaging service, delivering on a promise to provide end to end encryption to its users.

“Over the past year, we've been progressively rolling out Signal Protocol support for all WhatsApp communication across all WhatsApp clients,” according to a blog post by Open Whisper Systems, which collaborated with WhatsApp to develop end-to-end encryption for the messaging service.

Kate Krauss, communications director at the Tor Project hailed the encryption of message content as “an important step” and told SCMagazine.com that “it's great news” but pointed out that “it doesn't disguise who you are talking to.”

WhatsApp explained in a post that “messages are secured with a lock, and only the recipient and [sender] have the special key needed to unlock and read them,” ensuring that no one in between, not even WhatsApp, can read them. That sets the messaging app apart from some others that it said “only encrypt messages between you and them.”

Encryption “happens automatically” and doesn't require users “to turn on settings or set up special secret chats to secure your messages,” the WhatsApp post explained.

“Even if encryption keys from a user's device are ever physically compromised, they cannot be used to go back in time to decrypt previously transmitted messages,” the company, which is owned by Facebook, said in a whitepaper explaining the technical aspectsof the encryption scheme and stressing that third parties, including itself, would be prevented “from having plaintext access to messages or calls.”

That last part might not sit well with law enforcement authorities and government agencies that seek the company's aid in accessing customer data.

Indeed, after Dzodan was detained and subsequently released Javier Pallero, policy analyst at digital rights advocacy Access Now, contended in a statement that end-to-end encryption of data provided by WhatsApp put content outside the social media giant's reach.

And reports of a recent court order approving a Justice Department request to wiretap WhatsApp phone calls and messages for a criminal investigation hint at the conflict to come – the wiretap order, thwarted by WhatsApp encryption, didn't lead authorities to any of the account information they sought.

While authorities might be tempted to use the courts, a la the Apple/FBI brouhaha over an encrypted iPhone, to pressure tech companies, Pallero said at the time of Dzodan's detention that  “holding a company and its representatives liable for not being able to provide information they do not possess is excessive and constitutes an undue burden on the providers of communications services.”

And Tor's Krauss expects authorities will have to do battle with consumers if they press companies like WhatsApp to provide access to communications. “Americans are waking up to realize they have the right to privacy even online,” she said. “The tide is turning. If law enforcement pushes to spy, people will fight back.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.