For the past couple of months, the biggest story from Silicon Valley has been about Apple vs The FBI. The company’s refusal to unlock an iPhone used by a mass shooter triggered off a major debate on civil liberty vs national security. But yesterday, three guys in California made the scope of that debate seem rather small.
Brian Acton and Jan Koum, founders of Whatsapp – an online messaging service, now owned by Facebook, and used daily by over a billion people around the world to trade messages, make phone calls, send pictures and videos – along with Moxie Marlinspike – coder, cryptographer and founder of Open Whisper Systems, revealed that the company has added end-to-end encryption to all forms of communication on its service.
Users will also be able to verify their encrypted messages by scanning a QR code or reading a code aloud. This is to ensure messages are being sent and received by the correct users. Marlinspike’s technology is called the Signal Protocol.
This means that for any group of people that uses the latest version of Whatsapp – whether it’s 2 people or 10 – the service will encrypt all messages, phone calls, photos and videos shared among them. This will work on every phone that uses the app – from the latest iPhones and Android phones to old school Nokias.
What’s the big deal?
With end-to-end encryption in place, not even Whatsapp’s own employees can read the data sent across its network. In other words, WhatsApp has no way of complying with, say, a court order demanding access to the content of any message, phone call, photo, or video traveling through its service. Like Apple, WhatsApp is, essentially, blockading the government, but on a much larger scale – spanning roughly one billion devices worldwide.
Also, unlike Telegram – a messaging service built by a Russian entrepreneur – Whatsapp’s e2e encryption is on by default – and it cannot be turned off. This means data security is not optional – it has been a strong principle in the tech world which Whatsapp will now strictly follow.
Acton believes that building secure products actually makes for a safer world, though many people in law enforcement may not agree with him. With encryption, anyone can conduct business or talk to a doctor without worrying about eavesdroppers.
The Backdoor Brawl
The FBI and government agencies have called for companies like WhatsApp to allow for a backdoor in their encryption schemes, available only to law enforcement. There’s even been talk of a law that requires these backdoors. But slipping a backdoor into an encrypted service would defeat the purpose: you might as well not encrypt it at all. A backdoor would just open the service to abuse by both government and hackers. Besides, if you did add a backdoor, or remove encryption from WhatsApp entirely, malicious users would just go elsewhere. In the age of open source software, encryption tools are freely available to everyone.
In a blog post on Whatsapp’s website, the founding duo have said this:
“The idea is simple: when you send a message, the only person who can read it is the person or group chat that you send that message to. No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us. End-to-end encryption helps make communication via WhatsApp private – sort of like a face-to-face conversation…
…Encryption is one of the most important tools governments, companies, and individuals have to promote safety and security in the new digital age. Recently there has been a lot of discussion about encrypted services and the work of law enforcement. While we recognize the important work of law enforcement in keeping people safe, efforts to weaken encryption risk exposing people’s information to abuse from cybercriminals, hackers, and rogue states.”
Marlinspike shares their views about data security being akin to communication during simpler times – “In some ways, you can think of end-to-end encryption as honoring what the past looked like,” he says. “Now, more and more of our communication is done over networks rather than face-to-face or other traditionally private means. Even written correspondence wasn’t subject to mass surveillance the way that electronic communication is today.”
For Jan Koum, this move is a bit more personal – “The desire to protect people’s private communication is one of the core beliefs we have at WhatsApp, and for me, it’s personal. I grew up in the USSR during communist rule and the fact that people couldn’t speak freely is one of the reasons my family moved to the United States.”
When asked about reports that terrorists used WhatsApp to plan the attacks on Paris in November last year – reports that politicians have used to back calls for a backdoor – Koum doesn’t budge. “I think this is politicians, in some ways, using these terrible acts to advance their agendas,” he says.
Source: Wired US
WhatsApp, more than anyone so far, has taken encryption to the masses. And the company did this with a very tiny group of people. It took a team of only 15 engineers to bring encryption to the company’s one billion users – a tiny, technologically empowered group of individuals engaging in a new form of resistance to authority, standing up for free speech across the digital world.
Silicon Valley strongly stands for online privacy. World governments now have to worry about something much bigger than one locked iPhone. What are your thoughts on private digital communication across the globe?