“Messages you send to this group are now secured with end-to-end encryption. Tap for more info.”
On April 5 WhatsApp announced that it had turned on full end-to-end encryption for all communications over its network.
“The idea is simple: when you send a message, the only person who can read it is the person or group chat that you send that message to,”
said WhatsApp’s founders Jan Koum and Brian Acton in a blogpost announcing the move.
“No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us. End-to-end encryption helps make communication via WhatsApp private – sort of like a face-to-face conversation.”
By rolling out end-to-end encryption for its vast user base, WhatsApp has thrown down the gauntlet on behalf of the tech industry, as disputes over online privacy with government agencies around the world become more heated.
End-to-end encryption for messaging services is not a new phenomenon; WhatsApp began offering the feature for users of its Android app in November 2014. And the feature is already available via a series of messaging apps including Telegram, ChatSecure and Signal, the personal choice of the US National Security Agency whistleblower Edward Snowden.
But what makes WhatsApp’s move this month so important is the sheer number of people affected. The messaging service, launched just six years ago, now has more than 1 billion regular users around the world.
And while WhatsApp can still provide metadata to authorities (including the identities of people receiving messages and the date and time of communication) now every single message sent over the most recent version of the software is encrypted end-to-end.
“It’s big news because it has brought encryption to the masses,”
says the UK-based online security expert Graham Cluley.
“By turning the feature on by default and being so transparent about what they’re doing they are helping the average Joe realise the benefit of encryption. In short, encryption isn’t just for boffins and nerds [anymore].”
Of course, Messrs Koum and Acton naturally did not mention that non-oppressive regimes and law enforcement agencies trying to prevent criminal acts also cannot see inside those messages either. And that might prove to be a bit of a problem, with the relationship between tech companies and governments becoming increasingly fraught.
Even before its April 5 move, WhatsApp found itself in trouble with authorities eager to tap into the contents of messages across its network.
Last month police in Brazil arrested Diego Dzodan, the vice president of Facebook for Latin America, after WhatsApp, which was bought by Facebook in 2014 for US$22 billion, allegedly failed to comply with a court order to hand over messages relating to a drug investigation.
“WhatsApp cannot provide information we do not have,”
the messaging service said following Mr Dzodan’s arrest (he was released 24 hours later), suggesting that the messages authorities sought were sent via end-to-end encryption, and were therefore unreadable by anyone other than the sender and receivers.
And WhatsApp’s new encryption protocols have already been raising eyebrows in India, one of the service’s largest markets.
However is WhatsApp still secure now?