WhatsApp beefs up encryption for privacy
The popular messaging service WhatsApp said on Tuesday it had implemented “full end-to-end encryption” – a move which steps up privacy but may lead to conflicts with law enforcement agencies.
The Facebook-owned mobile application with one billion users worldwide made the announcement following weeks of intense debate over efforts by US authorities to compel Apple to help break into an encrypted iPhone.
“WhatsApp has always prioritised making your data and communication as secure as possible,” a blog post announcing the change said.
“And today, we’re proud to announce that we’ve completed a technological development that makes WhatsApp a leader in protecting your private communication: full end-to-end encryption.”
This means that “when you send a message, the only person who can read it is the person or group chat that you send that message to”, the statement said.
“No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us.”
Moves by technology firms to implement the kind of encryption where even the companies themselves don’t have “keys” to unlock data have unleashed criticism in law enforcement circles claiming this creates “warrant-proof” spaces for criminals and others.
The blog post by WhatsApp co-founders Jan Koum and Brian Acton said encryption is an important tool for its users.
“We live in a world where more of our data is digitised than ever before,” they wrote.
“Every day we see stories about sensitive records being improperly accessed or stolen. And if nothing is done, more of people’s digital information and communication will be vulnerable to attack in the years to come. Fortunately, end-to-end encryption protects us from these vulnerabilities.”
WhatsApp is reportedly involved in a court battle similar to the one involving Apple, which fought a federal effort to provide assistance in unlocking an iPhone used by one of the shooters in last year’s San Bernardino killing spree.
Other reports say WhatsApp and another application called Telegram were used by the perpetrators of the November 13 Paris attacks that left 130 people dead.
US Congress is expected to consider legislation which would require technology firms to retain “keys” that could retrieve data in a criminal investigation, with a court order. Similar measures are under consideration in Britain and France.
A broad coalition of technology companies and activists have argued against any encryption rules that would allow “special access” for law enforcement, claiming these would be vulnerabilities that could be exploited by hackers or repressive governments, and threaten security of banking, electronic commerce, trade secrets and more.