Law enforcement agencies around the world are about to get very frustrated by WhatsApp.
On Friday, the hugely popular Facebook-owned messaging app turned on end-to-end encryption for all of the billion phones in its network, meaning any calls made or messages sent through the app are encoded in a way that they can't be intercepted by a third party, even by WhatsApp itself. (All WhatsApp can see is digital gobbly-gook.) Only individual users will be able to decode the messages sent to them. That means police and law enforcement officers won't be able to get WhatsApp to turn over messages or wiretap calls if they think that one of the company's billion users is talking about criminal activity on the app.
Needless to say, governments have not historically been happy when that happens. Exhibit A: The recent FBI-Apple battle. Exhibit B: WhatsApp itself.
End-to-end encryption has been turned on for WhatsApp on Android phones since 2014. And it has frustrated law enforcement investigations. In December, WhatsApp was temporarily blocked in Brazil because the company couldn't hand over encrypted messages sought by law enforcement in relation to a drug case. And just last month, a Facebook executive was arrested in Brazil over the same case.
Law enforcement hates when there is information that it can't get its hands on. FBI director James Comey has described technology companies' building default encryption that's unlockable only by users as equivalent to car companies designing trunks that only their owners can open.
But the end-to-end encryption in WhatsApp doesn't mean that it's impossible for law enforcement to get relevant information in investigations. While WhatsApp can't hand over the content of communications, it can still hand over metadata, e.g. who a user is talking to and when.
End-to-end encryption also won't protect WhatsApp users if their phone is seized or if those they communicate with betray them. Someone in your group chat could screenshot your conversation and share it with the police or with the world. And law enforcement, rather than going to WhatsApp and demanding messages (as it goes to Google when it wants Gmail messages or Verizon when it wants to wiretap a call), could get a user's phone, open the app and read what's been written.
WhatsApp didn't necessarily roll out end-to-end encryption to frustrate worldwide governments, but rather to make its messaging platform as secure as possible. However, unjust government surveillance was on the minds of WhatsApp founders Brian Acton and Jan Koum when they were interviewed by Wired:
Espousing an article of faith that’s commonly held among Silicon Valley engineers—sometimes devoutly, sometimes casually—they believe that online privacy must be protected against surveillance of all kinds.
“We’re somewhat lucky here in the United States, where we hope that the checks and balances hold out for many years to come and decades to come. But in a lot of countries you don’t have these checks and balances,” says Koum, dressed in his usual T-shirt and hoodie. Coming from Koum, this is not an academic point, as most of WhatsApp’s users are outside the US. “The argument can be made: Maybe you want to trust the government, but you shouldn’t because you don’t know where things are going to go in the future.”
Wired notes that when Apple's CEO wrote an open letter in February declaring the company's refusal to build a backdoor for the iPhone for the FBI, Acton turned to Koum and said, "Tim Cook is my hero."
Along with developer Moxie Marlinspike, who helped WhatsApp incorporate the new security measure, Koum and Acton fundamentally believe that people should be able to communicate without worrying that they could potentially be under surveillance, whether by government agents or hackers.
Given our reliance on digital communication, being able to see our online activity is increasingly the equivalent of reading our minds. As a society, we have a big decision to make around the default privacy settings for our digital selves, and how easily the government should be able to monitor them. But for now, technology companies are making those decisions for us.