Facebook-owned messaging service WhatsApp has joined Google and Apple in offering encryption to the masses, with the company partnering with privacy-focused non-profit Open Whisper Systems to implement its TextSecure protocol.
WhatsApp’s move is perhaps the biggest mass-deployment of encryption technology to date and the end-to-end encryption solution launched via the latest WhatsApp Android update means that the messaging service won’t be able to decrypt the messages even if it’s ordered to do so by law enforcement agencies.
End-to-end encryption means only the sender and receiver can read the intended message and the key to unscramble the message is only stored in user devices.
The technology is used by others, for example Apple’s iMessage system, but in that case the keys are usually also stored in Apple’s servers, which can be accessed by administrators if required.
The TextSecure encryption protocol’s effectiveness is predicated by what’s known as “forward secrecy”, where a fresh key is created for every new message.
According to Open Whisper, billions of encrypted messages are already being exchanged daily but encrypted messaging for group chat or media messages is missing for now.
The non-profit technology group also added that it is working to ensure that the encryption solution is delivered over time to the iOS platform.
“We have a ways to go until all mobile platforms are fully supported, but we are moving quickly towards a world where all WhatsApp users will get end-to-end encryption by default,” Open Whisper said in a blog post.
The move by WhatsApp to make encryption the default is unlikely to prove popular government security agencies keen to pry on public data and is likely to re-ignite the debate about whether rampant encryption poses a serious threat to security.
The tech giants of Silicon Valley are currently locked in a nervous stand-off on encryption in the wake of the overreach of the NSA.
Edward Snowden’s revelations have galvanised both the defenders of privacy and the security agencies. While the public clamours for encryption, the agencies are screaming bloody murder about how new technologies are weakening their hand.
It’s little wonder that the No. 2 official at the US Justice Department recently told Apple executives that new encryption technology that renders locked iPhones impervious to law enforcement would lead to tragedy.
Across continents the narrative remains the same. Canberra’s rush to enshrine mandatory data retention is a symptom of this perceived tension between technology and security.
WhatsApp's effort to make encryption a default will presumably embolden both sides of the debate – privacy advocates will hail the will of technology giants to stand up for the public, while security agencies will rail against the growing impunity with which their reach is being curtailed.
However, one has to consider what an encryption arms race between technology giants entails.
Facebook hasn’t got the best reputation when it comes to public trust and the information now being encrypted by WhatsApp means that the volumes of data travelling across that network will now presumably be off limits to data mining.
If private communications really means private then WhatsApp/Facebook is weakening a monetisation angle that’s an important aspect of its business model.
But perhaps the pay-off is just different, especially at a time when customer trust is a big issue for Google, Apple, Facebook and the rest.
WhatsApp boss Jan Koum is on the record as a faithful defender of privacy and the encryption agenda will cast Facebook in a positive light as well, especially as we start figuring out how far the mining personal user information for monetisation can be stretched.