WhatsApp has decided to turn on encryption for all messages. Will this lead to more private conversations or have they just opened a can of worms?

On April 5, 2016, WhatsApp announced on its blog that they were going to start providing full end-to-end encryption.

The announcement says:

“The idea is simple: when you send a message, the only person who can read it is the person or group chat that you send that message to. No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us. End-to-end encryption helps make communication via WhatsApp private – sort of like a face-to-face conversation.”

What is encryption and how will it work for WhatsApp users?

WhatsApp claims that privacy and security is in their DNA. The  Mountain View, California-based company has offered a detailed technical explanation of how they plan to offer end-to-end encryption in a technical whitepaper.

It may be of interest to many of you that WhatsApp uses broadly the same HMAC-SHA256 technology for authentication that Bitcoin also utilises. For exchanging messages, WhatsApp uses AES256 in CBC mode and the message key changes each time a message is sent and is transient.

WhatsApp will encrypt files and voice calls along with text messages as well that are sent over its network. Everyone who has the latest version of WhatsApp will be able to use this feature, and there is no option of turning encryption off and there is no need to initiate encryption by starting a private chat either.

New encryption enabled WhatsApp users get a message saying, “Messages you send to this chat and calls are now secured with end-to-end encryption. Tap for more info.” Users can then tap on more info to get to a page that has a QR code which can be scanned on your contact’s phone to verify the end-to-end encryption.

In case the QR codes match a green tick should appear. In case of a mismatch an exclamation mark in red will appear warning users that the chat is not encrypted. Users can also manually verify a series of numbers printed on this screen manually.

Does this really matter?

Privacy and security are a matter of great importance for many people, while others take a more relaxed attitude towards them. However in the times that we live in today where there is a real concern about who is looking over our shoulders, reading our chats or snooping on us, encryption is increasingly getting more relevant.

Jan Koum writes about the introduction of end-to-end encryption on his Facebook page:

“People deserve security. It makes it possible for us to connect with our loved ones. It gives us the confidence to speak our minds. It allows us to communicate sensitive information with colleagues, friends, and others. We're glad to do our part in keeping people's information out of the hands of hackers and cyber-criminals.”

Jan Koum

The Battle Between Privacy and Security

Benjamin Franklin said, “Those who surrender freedom for security will not have, nor do they deserve, either one.” Yet, today more than ever we find many that are willing to make that trade. Frequent terrorist attacks have led to an environment where many citizens are ready to sacrifice private conversations if the governments can guarantee that they will be protected from the bad guys.

While in many countries, privacy vs. security is somewhat of a lively debate, in certain others, decisions are made for citizens by the powers that be. Infamouss for its great firewall, The People’s Republic of China is one such case. WhatsApp has been somewhat of a curiosity in China, because it has so far survived the Chinese axe. It is freely available for use by Chinese citizens and has also been on occasion used by them for what the Chinese state considers “subversive” activities. Will the encryption of WhatsApp lead to its ban in China?

Oleg Khovayako, Emercoin Tech Leader says:

“Yes, of course, may be banned. By any reason, not encryption only. for example - if it will be unencrypted, and used for distribute contradict to government info. For example, about separating Tibet, or Taiwan.”

Opening a can of worms

Encryption has long been the bete noire of governments worldwide.

Way back in 2012, Research in Motion, the purveyor of Blackberry devices, was forced by the Indian government to provide the encryption keys for its secure corporate email and messenger services. The Indian government had at that time insisted that Blackberry provide its intelligence and security services the means to monitor all communications that takes place on Blackberry devices.

WhatsApp remains a popular messenger service which is used by nearly 800 million active users as of 2015. This is a far higher number than rival services like Apple’s iMessage, Telegram or Line. If governments suddenly lose access to such a treasure trove of “information”, they can potentially force the likes of WhatsApp to either disable encryption or provide them the means to intercept, as is demonstrated by the Blackberry vs. India case.

There is thus a real fear that WhatsApp has potentially opened a can of worms and may invite bans from at least some oppressive and hostile to privacy jurisdictions.