Described by some as the biggest news story of the year, last week WhatsApp added encryption to 1 billion people’s messages. But what is encryption and what does it mean for our everyday privacy?
Hailed by Wired as “taking encryption to the masses”, WhatsApp’s decision could be a turning point in access to digital privacy and security for people globally. The move is timely in the follow up to recent legal wrangling between Apple and the FBI over an encrypted iPhone. Yet WhatsApp has actually been implementing end-to-end encryption since 2013, the year Edward Snowden’s NSA revelations shocked the world.
A notification may have popped up in the middle of your chats last week, which read: “Messages you send in this chat and calls are now secured with end-to-end encryption. Tap for more info.” End-to-end means a message is encrypted before it leaves your phone and decrypted only after it reaches the other person’s phone, so nobody else, not even WhatsApp, can read or listen to it. WhatsApp offered this explanation on their blog:
“Encryption is one of the most important tools governments, companies, and individuals have to promote safety and security in the new digital age. Recently there has been a lot of discussion about encrypted services and the work of law enforcement. While we recognize the important work of law enforcement in keeping people safe, efforts to weaken encryption risk exposing people’s information to abuse from cybercriminals, hackers, and rogue states.
“While WhatsApp is among the few communication platforms to build full end-to-end encryption that is on by default for everything you do, we expect that it will ultimately represent the future of personal communication.”
WhatsApp has gone straight to the top of the pile in terms of its partners, working with leading open source software project, Open Whisper Systems. Providing encryption for messaging services, it comes highly recommended, or as one cryptographer puts it: “After reading the code, I literally discovered a line of drool running down my face. It’s really nice.” Its messaging app Signal has been encrypted since 2014 and is used daily by Edward Snowden among others.
Across the board people are pretty happy with WhatsApp’s latest move. Yet critics argue that there are areas where our privacy and security are still vulnerable. People can read your messages if you store them on your phone or you backup messages to the cloud. And of course, it’s crucial the person you’re communicating with is taking the same precautions too.
The information about a message, rather than its content – known as metadata – is also an increasingly hot topic, with privacy campaigners claiming it can be easily used to construct identities. This metadata, which is still accessible to WhatsApp, is arguably even more revealing than message content, because it already comes with computer-readable information like sender, recipient and time codes. All this information is crucial in piecing together our online profiles, the holy grail in digital marketing and targeted ads.
The desktop version of Edward Snowden’s favourite end-to-end messaging app, Signal, created by Open Whisper Systems is now available as a Chrome app to anyone who wants to try it out. The app is also open-source and its code is available to view on GitHub.