WhatsApp locks in security with encryption of messages

In late March, the debate over data privacy between tech firms and governments looked like it was dying down for the time being.

Six weeks in to its bitter public row with Apple, the US FBI announced that it had, after all, found a way to access the iPhone of the San Bernardino gunman Syed Rizwan Farook.

The bureau dropped its case against Apple and it appeared as if the heated public debate about data encryption and online privacy that had gripped the tech community and a fair proportion of the general public was about to slip off newspaper front pages, and out of the public consciousness, at least for a while.

The respite was short-lived, however. Just over a week later, WhatsApp users started getting the following notification message:

“Messages you send to this group are now secured with end-to-end encryption. Tap for more info.”

With no warning, WhatsApp announced on April 5 that it had turned on full end-to-end encryption for all communications over its network.

“The idea is simple: when you send a message, the only person who can read it is the person or group chat that you send that message to,” said WhatsApp’s founders Jan Koum and Brian Acton in a blogpost announcing the move.

“No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us. End-to-end encryption helps make communication via WhatsApp private – sort of like a face-to-face conversation.”

By rolling out end-to-end encryption for its vast user base, WhatsApp has thrown down the gauntlet on behalf of the tech industry, as disputes over online privacy with government agencies around the world become more heated.

End-to-end encryption for messaging services is not a new phenomenon; WhatsApp began offering the feature for users of its Android app in November 2014. And the feature is already available via a series of messaging apps including Telegram, ChatSecure and Signal, the personal choice of the US National Security Agency whistleblower Edward Snowden.

But what makes WhatsApp’s move this month so important is the sheer number of people affected. The messaging service, launched just six years ago, now has more than 1 billion regular users around the world.

And while WhatsApp can still provide metadata to authorities (including the identities of people receiving messages and the date and time of communication) now every single message sent over the most recent version of the software is encrypted end-to-end.

“It’s big news because it has brought encryption to the masses,” says the UK-based online security expert Graham Cluley.

“By turning the feature on by default and being so transparent about what they’re doing they are helping the average Joe realise the benefit of encryption. In short, encryption isn’t just for boffins and nerds [anymore].”

Of course, Messrs Koum and Acton naturally did not mention that non-oppressive regimes and law enforcement agencies trying to prevent criminal acts also cannot see inside those messages either. And that might prove to be a bit of a problem, with the relationship between tech companies and governments becoming increasingly fraught.

Even before its April 5 move, WhatsApp found itself in trouble with authorities eager to tap into the contents of messages across its network.

Last month police in Brazil arrested Diego Dzodan, the vice president of Facebook for Latin America, after WhatsApp, which was bought by Facebook in 2014 for US$22 billion, allegedly failed to comply with a court order to hand over messages relating to a drug investigation.

“WhatsApp cannot provide information we do not have,” the messaging service said following Mr Dzodan’s arrest (he was released 24 hours later), suggesting that the messages authorities sought were sent via end-to-end encryption, and were therefore unreadable by anyone other than the sender and receivers.

And WhatsApp’s new encryption protocols have already been raising eyebrows in India, one of the service’s largest markets.

Local regulations stipulate that private companies offering communications services are only permitted to offer 40-bit encryption or lower (WhatsApp’s new service uses 256-bit encryption), unless they receive explicit permission to do so from the authorities.

Once such permission is granted, messaging services offering higher than 40-bit encryption are required to hand over decryption keys to the authorities. As in the Brazilian case, WhatsApp may plead that such keys do not exist, and therefore cannot be handed over to authorities or anyone else.

Blackberry, meanwhile, has for many years been at the centre of the privacy dispute between the tech world and governments, its Blackberry Enterprise Server was for many years the most secure mainstream communications solution available.

Most recently, the company announced in November that it was exiting the Pakistan market, after receiving demands from authorities for official access to the company’s encryption systems. The government eventually relented in January, enabling BlackBerry to continue operating.

Many will, of course, remember how Blackberry’s services were nearly outlawed in the UAE and Saudi Arabia in 2010, with regulators citing security concerns about the use of Blackberry Messenger and other services.

The UAE’s Telecommunications Regulatory Authority did not respond to requests for comment on whether WhatsApp’s higher encryption standards would affect whether the messaging service is allowed to continue operating in this country.

Following WhatsApp’s move, Microsoft has become the latest tech firm to take the fight to the authorities.

Last Thursday the software behemoth announced it was suing the US government, over the right to notify its customers of authorities’ requests to access their private data.

“We believe that, with rare exceptions, consumers and businesses have a right to know when the government accesses their emails or records,” said Microsoft’s chief legal officer Brad Smith in a blogpost last week.

“Yet it’s becoming routine for the US government to issue orders that require email providers to keep these types of legal demands secret. We believe that this goes too far and we are asking the courts to address the situation.”

Such moves by Microsoft and WhatsApp are only likely to intensify the debate over online privacy and government oversight for years to come.

jeverington@thenational.ae

Follow The National's Business section on Twitter

Tickets

Tickets start at Dh100 for adults, while children can enter free on the opening day. For more information, visit www.mubadalawtc.com.

Whiile you're here

Damien McElroy: Anti-science attitudes in America are proving lethal

Editorial: What makes the UAE such a good place to test vaccines?

Editorial: The fight against Covid-19 should be guided by science

While you're here

The National Editorial: The fragile future of jobs in the Middle East

Daniel Bardsley: Covid-19 effect on jobs – the occupations most at risk

Alice Haine: Sunak urged to rescue ailing car industry as production slumps

Conflict, drought, famine

Estimates of the number of deaths caused by the famine range from 400,000 to 1 million, according to a document prepared for the UK House of Lords in 2024.
It has been claimed that the policies of the Ethiopian government, which took control after deposing Emperor Haile Selassie in a military-led revolution in 1974, contributed to the scale of the famine.
Dr Miriam Bradley, senior lecturer in humanitarian studies at the University of Manchester, has argued that, by the early 1980s, “several government policies combined to cause, rather than prevent, a famine which lasted from 1983 to 1985. Mengistu’s government imposed Stalinist-model agricultural policies involving forced collectivisation and villagisation [relocation of communities into planned villages].
The West became aware of the catastrophe through a series of BBC News reports by journalist Michael Buerk in October 1984 describing a “biblical famine” and containing graphic images of thousands of people, including children, facing starvation.

Band Aid

Bob Geldof, singer with the Irish rock group The Boomtown Rats, formed Band Aid in response to the horrific images shown in the news broadcasts.
With Midge Ure of the band Ultravox, he wrote the hit charity single Do They Know it’s Christmas in December 1984, featuring a string of high-profile musicians.
Following the single’s success, the idea to stage a rock concert evolved.
Live Aid was a series of simultaneous concerts that took place at Wembley Stadium in London, John F Kennedy Stadium in Philadelphia, the US, and at various other venues across the world.
The combined event was broadcast to an estimated worldwide audience of 1.5 billion.

Yuki Means Happiness
Alison Jean Lester
John Murray

SPEC%20SHEET%3A%20APPLE%20M3%20MACBOOK%20AIR%20(13%22)

%3Cp%3E%3Cstrong%3EProcessor%3A%3C%2Fstrong%3E%20Apple%20M3%2C%208-core%20CPU%2C%20up%20to%2010-core%20CPU%2C%2016-core%20Neural%20Engine%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EDisplay%3A%3C%2Fstrong%3E%2013.6-inch%20Liquid%20Retina%2C%202560%20x%201664%2C%20224ppi%2C%20500%20nits%2C%20True%20Tone%2C%20wide%20colour%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EMemory%3A%3C%2Fstrong%3E%208%2F16%2F24GB%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EStorage%3A%3C%2Fstrong%3E%20256%2F512GB%20%2F%201%2F2TB%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EI%2FO%3A%3C%2Fstrong%3E%20Thunderbolt%203%2FUSB-4%20(2)%2C%203.5mm%20audio%2C%20Touch%20ID%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EConnectivity%3A%3C%2Fstrong%3E%20Wi-Fi%206E%2C%20Bluetooth%205.3%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EBattery%3A%3C%2Fstrong%3E%2052.6Wh%20lithium-polymer%2C%20up%20to%2018%20hours%2C%20MagSafe%20charging%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ECamera%3A%3C%2Fstrong%3E%201080p%20FaceTime%20HD%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EVideo%3A%3C%2Fstrong%3E%20Support%20for%20Apple%20ProRes%2C%20HDR%20with%20Dolby%20Vision%2C%20HDR10%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EAudio%3A%3C%2Fstrong%3E%204-speaker%20system%2C%20wide%20stereo%2C%20support%20for%20Dolby%20Atmos%2C%20Spatial%20Audio%20and%20dynamic%20head%20tracking%20(with%20AirPods)%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EColours%3A%3C%2Fstrong%3E%20Midnight%2C%20silver%2C%20space%20grey%2C%20starlight%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EIn%20the%20box%3A%3C%2Fstrong%3E%20MacBook%20Air%2C%2030W%2F35W%20dual-port%2F70w%20power%20adapter%2C%20USB-C-to-MagSafe%20cable%2C%202%20Apple%20stickers%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EPrice%3A%3C%2Fstrong%3E%20From%20Dh4%2C599%3C%2Fp%3E%0A

MORE FROM ED HUSAIN: The UAE-Israel accord is a win for every Muslim

Profile of MoneyFellows

Founder: Ahmed Wadi

Launched: 2016

Employees: 76

Financing stage: Series A ($4 million)

Investors: Partech, Sawari Ventures, 500 Startups, Dubai Angel Investors, Phoenician Fund

Tips to stay safe during hot weather

Stay hydrated: Drink plenty of fluids, especially water. Avoid alcohol and caffeine, which can increase dehydration.
Seek cool environments: Use air conditioning, fans, or visit community spaces with climate control.
Limit outdoor activities: Avoid strenuous activity during peak heat. If outside, seek shade and wear a wide-brimmed hat.
Dress appropriately: Wear lightweight, loose and light-coloured clothing to facilitate heat loss.
Check on vulnerable people: Regularly check in on elderly neighbours, young children and those with health conditions.
Home adaptations: Use blinds or curtains to block sunlight, avoid using ovens or stoves, and ventilate living spaces during cooler hours.
Recognise heat illness: Learn the signs of heat exhaustion and heat stroke (dizziness, confusion, rapid pulse, nausea), and seek medical attention if symptoms occur.

The biog

Born: Kuwait in 1986
Family: She is the youngest of seven siblings
Time in the UAE: 10 years
Hobbies: audiobooks and fitness: she works out every day, enjoying kickboxing and basketball