WhatsApp users will have recently noticed a padlock icon and message appearing on their conversations, reading: ‘Messages you send to this chat and calls are now secured with end-to-end encryption.’
One seemingly simple update to the application caused a huge disruption across the technology industry. The Facebook-owned company’s announcement guarantees its 1 billion users around the world that neither WhatsApp or third parties can listen in to or read anything sent from one user to another – includomg messages, photos, videos, voice messages, documents or calls.
For WhatsApp not to have access to this data is a big deal. There were questions around whether it was a move in response to the Apple and FBI case, but that’s unlikely given end-to-end encryption of this scale would have been in development and testing for some time.
A change of this scale would not have been implemented without plenty of testing and planning – necessary to ensure there wasn’t a negative impact on WhatsApp’s massive userbase.
How will this affect its users?
Encryption is very common across the internet. If a user makes an online purchase or even visits Google.com, a padlock and HTTPS is visible in the browser, which means the data being sent across the internet is encrypted or hidden from anyone who might try to eavesdrop or steal the information, such as a credit card number.
WhatsApp has taken this a little further because it is the world’s largest cross-platform messaging application that works on a host of different devices, so a bold move on its part.
The end-to-end encryption is the difference in sending a postcard where anyone – including the postman – can read your message and sealing that postcard in an envelope for only you and the receiver to read.
A message sent through WhatsApp is now encrypted from the moment it leaves a sender’s device until the moment it is picked up by the recipient. No one in-between, including WhatsApp, can view the contents of the message, even if it is captured in transit.
Users can now be assured that messages and calls are secured from anyone trying to intercept them. The service still functions exactly the same as before, so there won’t be any noticeable difference when using it.
Why has there been so much talk about it?
The fact that not even WhatsApp can view the messages or listen to the calls means that if the company receives a lawful request for someone’s personal data or messages, it won’t have access to them and cannot hand anything over.
Due to the way WhatsApp has implemented this, it is going to make it very difficult for law enforcement and government agencies to get legal access to data that might be needed to help their investigations.
It will also be interesting to see what happens following the ruling earlier this year from the European Court of Human Rights (ECHR) that companies are within their rights to read worker’s private messages if a workplace policy is thought to be violated. That will be very difficult to do with WhatsApp’s encrypted messages.
How will governments react?
There has been some debate about whether government agencies would try to ban this, but it would be very difficult to do so. Banning encryption could cause huge damage to the digital economy.
We need encryption to keep our personal data safe, but we also need to find a balance where police agencies can get lawful access to data to help in their investigations.
This results in an interesting predicament: web users are very free with the personal data they share online, but want assurance they’re not being unduly monitored and losing privacy at the same time.
If other messaging services such as Viber, Facebook Messenger and Snapchat react in the same way as WhatsApp, it could trigger an encryption revolution.
Gary Newe, technical director, F5 Networks