How access to WhatsApp encryption may affect your privacy
On the heels of last week’s terror attack in Westminster, the British government has taken a tougher stand on messaging applications: it insists that its security services must have access to encrypted messaging applications such as WhatsApp, revealing it was used by the killer behind the parliament attack.
In this piece, Yudala – the largest online and offline retail chain – examines the benefits of WhatsApp encryption and why access to these encrypted messages by a third-party may mean less privacy for you…
Created in 2009 as an alternative to text messaging, WhatsApp is today one of the world’s most popular instant messaging service with more than one billion users in 180 countries. According to a May 2016 report from research firm SimilarWeb, WhatsApp is the top chat app in 109 countries, including Brazil, India, and the United Kingdom. Facebook acquired WhatsApp in 2014 to make a bigger play in the rapidly-growing messaging market, along with its own Messenger platform. At the time the deal was announced, WhatsApp had 450 million users worldwide.
Khalid Masood, the 52-year-old Briton who killed four people before being shot dead in a rampage in Westminster on Wednesday, reportedly used WhatsApp to send a message some moments before the assault – a discovery that has seen the UK government determined to gain access to the end-to-end encrypted messages sent through the app.
Home Secretary Amber Rudd affirmed that it was “completely unacceptable” that police and security services had not been able to crack the heavily encrypted service.
“You can’t have a situation where you have terrorists talking to each other — where this terrorist sent a WhatsApp message — and it can’t be accessed,” she said.
WHAT DOES WHATSAPP END-TO-END ENCRYPTION MEAN?
WhatsApp’s end-to-end encryption ensures only you and the person you’re communicating with can read what is sent and nobody in between, not even WhatsApp. Your messages are secured with a lock and, only the recipient and you, have the special key needed to unlock and read your message. For added protection, every message you send has a unique lock and key. All of this happens automatically: no need to turn on settings or set up special secret chats to secure your messages.
It is also important to note that end-to-end encryption is always activated, provided all parties are using the latest version of WhatsApp. There is no way to turn off end-to-end encryption. End-to-end encryption is available when you and the people you message are on the latest versions of WhatsApp.
The benefits of end-to-end encryption on WhatsApp are numerous and has remained one of the major factors that has contributed to the growing popularity of the Facebook-owned service. These benefits include:
Privacy: With end-to-end encryption in place, people can communicate with each other and express themselves freely without fear of unintended people gaining access to their private stuff. This way, you can talk to your doctor about your medication, hold intimate chat sessions with your spouse/partner or have a discussion with an associate about a business proposal without the fear of being overheard or the call being tapped.
Safe group chats: Group chats are also safely encrypted, thereby lending an air of confidentiality to messages sent in such a forum. With encryption featuring in group chats, non-group members will have no clue at all about the happenings in the group. This makes it more attractive for people with like minds and interests to discuss their affairs in WhatsApp groups without the fear of being overheard.
Encryption works by default: Encryption setting is turned on by default by WhatsApp in all devices. If you are running the version of WhatsApp that has encryption support, you will be informed of this on your chat screen when you send messages across along with a lock symbol next to the confirmation screen. You can also verify the default ON setting by making use of a unique QR code on the phone of each contact in your list. In case, for some reason, the default encryption setting does not get activated, you can do it yourself through a simple process. In your chat window, just click on your contact’s name at the top of the window to display his or her profile details. You will find an option to turn the encryption on.
WhatsApp can’t read your messages: End-to-end encryption means that even if it wanted to, WhatsApp cannot gain access to your messages. In other words, only the sender and receiver can read intended messages. Not even WhatsApp employees or hackers will be able to gain access to the messages sent or received. This applies to any form of messages – text, images, videos and files.
Encryption works on all devices: The encryption in WhatsApp works using an open-source protocol known as Signal that is developed by an organization called Open Whisper Systems. This company has worked in close association with WhatsApp in determining its requirements and the level of encryption to be provided. The app ensures that smartphones featuring this app support the encryption and decryption keys to be applied to messages going out and coming into the device. The encryption technology is supported by all recent WhatsApp versions running on Android, Windows, iPhones, and Nokia phones. Keeping in line with the usual trend, WhatsApp first introduced encryption on Android before extending it to other platforms.
Even in error, you are protected: WhatsApp has become very focused on making encryption mandatory that it now refuses to work on unencrypted messages. If a person tries to send a contact an unencrypted message, WhatsApp will immediately prevent him or her from doing so. Additionally, the sender will be informed that this is because the messages being sent from his or her end are not encrypted.
No server hacks with end-to-end encryption: When the encryption process was first implemented by WhatsApp, it took place over a central hub. Messages management and key exchange coordination take place centrally, apart from central control of the encrypted code that is executed on both the servers and mobile phones. However, this did not result in complete safety and paved way for end-to-end encryption. As a result, messages will get decrypted only on the receivers’ handsets rather than in between the server and the handsets.