Post by: John E Dunn | Sophos Naked Security | Published on: 11/16/2016
Not that long ago, encryption was a technology that only techies and the paranoid worried about.
Now the one of the most popular apps in the world, WhatsApp, sees end-to-end encryption as being central to its future and that of its estimated 1 billion users.
The latest bit of WhatsApp to get the security makeover is face-to-face video calling, a new feature being added to the program in a global roll-out from this week.
So why has encryption suddenly become so important to everyone?
Conventional wisdom holds that in a post-Edward Snowden world, app users have started worrying government surveillance of their lives and are crying out for technologies that guarantee privacy.
End-to-end encryption (with forward secrecy and user verification), licensed from Open Whisper Systems in 2014, does this because the keys used to encrypt data are generated by mobile devices and are never stored on WhatsApp servers.
The company can’t access user data even if it wanted to. Crucially – and this is the bit to pay attention to – law enforcement agencies who turn up at its offices can’t either.
Naturally, WhatsApp and other companies busily integrating end-to-end encryption into their software emphasis privacy.
It’s a theme WhatsApp CEO and co-founder Jan Koum, a Ukrainian who grew up under Soviet Communism, often returns to. In a blog from this April:
“No one can see inside that message. Not cyber-criminals. Not hackers. Not oppressive regimes. Not even us. End-to-end encryption helps make communication via WhatsApp private, sort of like a face-to-face conversation.”
In addition to video calls, WhatsApp users now enjoy this security feature for messaging and phone calls too.
An alternative explanation is that WhatsApp and other software makers are busily adding strong encryption to protect themselves as much as users.
It’s no secret that governments see encryption as a threat to their monitoring of criminal suspects. Tech companies, for their part, fear being dragged into that effort in a way that turns them into surveillance proxies.
That would be bad for their image, bad for their user numbers (some would move elsewhere) and probably technically inconvenient to manage on a day-to-day basis.
There is precedent here: in 2010 BlackBerry found itself battling governments over user encryption keys held on its servers.
The election of Donald Trump as US president has heightened these fears, although given that FBI policy to encryption is already hostile it’s not clear how official policy can tighten much further.
Harder to explain is WhatsApp’s recent controversial integration with Facebook that gives the parent company access to user’s contacts and metadata.
In plain English, WhatsApp (and potentially the FBI and GCHQ) can’t see what a user is saying but they can see who they are saying it to.
WhatsApp’s user base continues to expand apace, undaunted by privacy worries even as governments circle. The sooner WhatsApp can get encryption up and running the better – for its users but also for WhatsApp itself.
Reference Article: https://nakedsecurity.sophos.com/2016/11/16/whatsapp-tightens-user-privacy-with-encrypted-video-calls/