WhatsApp encryption – what does it mean for you?

Yesterday WhatsApp flipped a switch and gave over a billion users end-to-end encryption for all their messages - text, images, voice and videos. But what does that actually mean for ordinary users?

For the vast majority of us, it means very little. In fact WhatsApp has already been encrypting text messages for some time now - this is just the official rollout of their format agnostic end-to-end encryption system. When we update WhatsApp to the latest version, the feature will immediately start working, but unless you’re looking for it, you probably won’t even notice.

But under the surface WhatsApp has now made it impossible for governments, criminals, intelligence agents and jealous spouses to “listen in” on WhatsApp messages as they move around the internet.

Until WhatsApp enabled this feature it was possible to intercept these messages as they travelled over the public internet and read them without either the sender or the recipient realising the conversation was being snooped. This is exactly what agencies like the NSA and GBHQ have been doing for the better part of a decade.

How is this different from what other services like Facebook and Google Chat do? Although those services do use encrypted links - i.e. your messages are secure while they travel over the internet to the provider - they have the keys required to unscramble your content. This means that the FBI or NSA can compel those services to hand over the contents of your messages.

With end-to-end encryption, WhatsApp simply cannot hand over those messages because it cannot read them itself. In order to decrypt (i.e. unscramble) those messages, you need a key that only exists only on the phone of the intended recipient.

Without that key, you would need to rely on brute computational force to crack the encryption. That would take hundreds of years even if you used every computer on the planet.

This is the critical point and one that will also pose an interesting challenge for WhatsApp. Most free services on the internet rely on collecting your data and using that to target you with advertising. That’s why Gmail and Google seem to know exactly what you’re thinking.

But with end-to-end encryption, this simply isn’t an option for WhatsApp - your data is as safe from WhatsApp itself as it is from the FBI or the NSA. That means WhatsApp aren’t planning on selling your data like it’s big brother Facebook is currently doing.

So why are they doing this? The idealistic view is that WhatsApp’s founders, Jan Koum and Brian Acton care deeply about privacy. Koum has a whole media-friendly story about growing up in under an oppressive regime (he was born in Soviet Ukraine and only moved to the USA when he was 16), and how awful it is to completely lack privacy.

No doubt the story is sincere, but it also happens to serve WhatsApp’s public relations interests. In 2014, shortly after WhatsApp was acquired by Facebook, flaws in the platform’s security earned it a kicking from several tech journalists. Another security scare in late 2015 did nothing to improve the platform’s reputation.

The cynical view, then, is that WhatsApp is simply burnishing its privacy credentials and repairing its public image with security conscious users. That has a ring of truth, but it also doesn’t explain the drastic lengths WhatsApp has gone to here.

In order to roll out this feature they partnered with Moxie Marlinspike, the anarchic hacker genius who acts as a kind of grand wizard of privacy technology. His Open Whisper technology is the backbone of WhatsApp’s encryption layer, and Marlinspike’s unimpeachable credentials lend the platform a priceless stamp of approval.

But isn’t this all overkill for a platform mainly used for casual chats between friends and family? And won’t this make WhatsApp a haven for terrorists and criminals?

Both of those arguments rely on the idea that governments have a natural right to invade your privacy. Privacy crusaders like Marlinspike reject that idea outright, as do a growing number of ordinary people.

I was once ambivalent about surveillance. My reasoning was lazy: if you have nothing to hide then you have nothing to worry about. But revelations by Edward Snowden and WikiLeaks have completely changed my mind.

The state should not have the power to invade privacy en masse and at will. The executive arm of a government enjoys a monopoly on the use of force - both lethal and nonlethal. That same branch can also imprison, fine and exclude you from whole professions. That power requires checks and balances.

Security and law enforcement agencies around the world have become accustomed to getting their way. With the bogeyman of terrorism lurking under every bed, they simply need to invoke “homeland security” and every door is open to them.

I’m not saying the state should have no power to surveil criminals and terrorists, or to seize evidence. I’m saying that we need to go back to the old-fashioned model of policing and espionage - physically surveilling suspects. And don’t tell me it’s not practical. We have drones, for goodness sake!

The free world’s security apparatus has overreached. The fact that WhatsApp’s new feature makes their jobs more difficult is, on balance, a good thing. Ordinary people should not and will not be surveilled.