WhatsApp, one of the most popular alternatives to text-messaging in the world, recently announced that they would be enabling end-to-end encryption in their service (this follows their previous announcement that they’d be partnering with Open Whisper Systems to improve the security of the app).
The timing of this announcement is especially notable, as the battle between Apple and the FBI over passwords and encryption is still ongoing. But what does this mean for you? Here’s what you need to know about WhatsApp encryption.
What, Exactly, Is End-to-End Encryption?
To make sure you understand why this is a big deal, I’ll quickly go through the basics of the technology behind the change. First, let’s take a look at text messaging, a totally unencrypted service. You type out the message on your phone and hit send. That message, character-for-character, is sent to your cell phone provider, where it’s stored on a server. It’s then sent from that server to the recipient’s phone. At every point in the transmission, it’s plain text, which means anyone could read it.
Obviously this isn’t secure. So some apps offer a bit more security. Facebook’s messaging app, for example, encrypts your messages through part of their journey (read up on the basics of encryption if you need a primer). You type it on your phone, and hit send; the message is encrypted, so no one can read it, and then it gets to Facebook. It’s decrypted, and stored on their server.
It’s then re-encrypted and sent to your recipient, where it’s decrypted again. Even with this partial-path encryption, your messages are stored in plain text on Facebook’s server, and they have the keys to the encryption used. They can see your messages, and if they’re compelled to hand them over to the government or they get hacked, someone else will have those keys, too (unless you’re using an Off-The-Record chat client).
Now we get to end-to-end encryption, like the kind used by WhatsApp. In this method of securing your communications, the key to the encryption is known only by the sender and the recipient, and your message isn’t decrypted when it’s stored on the company server. It sits there, fully encrypted, and totally inaccessible to WhatsApp (or whoever else might get access to that server).
Obviously, this is the most secure way to send messages. Not even the company that provides the service can snoop on your messages. Which means if the government gets a secret warrant for their servers, they can’t either. If they get a hold of your phone, it might be another story, but that seems quite a bit less likely.
Why Is WhatsApp’s Timing So Important?
WhatsApp announced that they’d be rolling out end-to-end encryption on 5 April, 2016, just under two months after a federal judge ordered Apple to help the FBI get into the iPhone belonging to Syed Farook, one of the people responsible for the previous December’s terrorist attack on San Bernadino, California.
Apple and the FBI went back and forth over the privacy and security implications of allowing authorities access to a locked iPhone, and the battle still continues, with a number of related court cases being heard. To put it succinctly, there hasn’t really been any resolution. The FBI hired someone else to get into the iPhone, Apple is still holding strong, and big names around the world have started to take sides.
The fact that WhatsApp announced the encryption of their service during this monumental battle is a really big deal. This situation is clearly going to set a precedent for relations between law enforcement and the tech sector in the future, and WhatsApp — and, therefore, Facebook — is coming down on Apple’s side in a big way.
As one of the largest messaging services in the world, WhatsApp is painting a pretty big target on its back for the US government. At the same time, it’s gained a lot of points with privacy advocates and earned more trust as a secure messaging app from its users and potential users.
Will There Be Consequences?
Some countries, generally the more repressive ones, have already banned the use of encryption, and the status of encrypted messaging apps in others is under question. Both France and the UK have made worrying remarks about their intentions to potentially outlaw encrypted services.
But because this functionality was rolled out so recently, we don’t really know if any countries out there will try to ban the app or take legal action against WhatsApp. It seems fairly likely that the US will, at some point, try to compel WhatsApp to create a backdoor encryption key that will let it spy on encrypted communications through the app (it’s also possible that they’ve already made this demand).
We can’t know how WhatsApp would respond to this sort of demand, but Mark Zuckerberg’s statements supporting Apple certainly imply that he would want to take a stand against similar action taken by the government.
Changes for WhatsApp Users
So WhatsApp is taking a stand, but what does that mean for you? For the most part, absolutely nothing. All of the encryption takes place behind the scenes, and your messages will be sent in exactly the same way they used to.
Now, though, when you tap on the name of the person that you’re sending messages to, you can tap Encryption to get a QR code and a long number that you can compare to the code or number on your recipient’s phone to make sure that your messages are encrypted. It’s probably not something you’re going to do on a regular basis, but it’s nice to know that you could check.
Beyond that, your WhatsApp experience will be exactly the same as it was before!
Could this be opening salvo in another battle between the US authorities and an American company? It’s a little early to say, but it certainly looks like that could be the case. How the FBI, NSA, and WhatsApp proceed from here will certainly be interesting, and when something big happens, we’ll be sure to let you know!
What do you think about WhatsApp’s deployment of end-to-end encryption? Are you less worried about Facebook spying on your chats? Do you think it will become a target of the US authorities, or that it might be banned elsewhere in the world? Share your thoughts below!