The ins and outs of WhatsApp's encryption
F5 Networks' Gary Newe discusses what users need to know about WhatsApp's encryption update
If you are using WhatsApp's messaging service, by now you would have seen a padlock icon with the statement: "Messages you send to this chat and calls are not secured with end-to-end encryption, Tap for more info".
Whether the conversation is between an individual or in a group chat, WhatsApp's encryption message will appear. With over one billion users, the latest version of the app means all messages will now only be accessible to the sender and recipient. The security encryption technology ensures WhatsApp messages cannot be intercepted as they travel between devices.
In an official blog post, WhatsApp said: "The idea is simple: when you send a message, the only person who can read it is the person or group chat that you send that message to. No one can see inside that message," WhatsApp said in a blog post announcing the update. "Not cyber-criminals. Not hackers. Not oppressive regimes. Not even us.
"Recently there has been a lot of discussion about encrypted services and the work of law enforcement. While we recognise the important work of law enforcement in keeping people safe, efforts to weaken encryption risk exposing people's information to abuse from cyber-criminals, hackers, and rogue states."
F5 Networks' Gary Newe, director systems engineering of UK, Ireland and Africa has dug deeper to find out what this means for the service's one billion users.
One seemingly simple update to the application caused a huge disruption across the technology industry. WhatsApp's announcement guarantees its 1 billion users around the world that neither WhatsApp nor third parties can listen in to or read anything sent from one user to another - which includes messages, photos, videos, voice messages, documents or calls.
For WhatsApp not to have access to this data is a big deal. There were questions around whether it was a move in response to the Apple and FBI case, but I think that is unlikely. End-to-end encryption of this scale would have been in development and testing for some time. A change of this scale would not have been implemented without plenty of testing and planning - necessary to ensure that there wasn't a negative impact on its massive user-base.
How will this affect its users?
Encryption is very common across the internet. If a user makes an online purchase or even visits Google.com, a padlock and HTTPS is visible in the browser, which means that the data being sent across the internet is encrypted or hidden from anyone who might try to eavesdrop or steal the information, such as a credit card number.
WhatsApp has taken this a little further because it is the world's largest cross platform messaging application that works on a host of different devices, so a bold move on its part. The end-to-end encryption is the difference in sending a postcard where anyone - including the postman - can read your message and sealing that postcard in an envelope for only you and the receiver to read.
A message sent through WhatsApp is now encrypted from the moment it leaves a sender's device until the moment it is picked up by the recipient. No one in-between, including WhatsApp can view the contents of the message, even if it is captured in transit. Users can now be assured that messages and calls are secured from anyone trying to intercept them. The service still functions exactly the same as before, so there won't be any noticeable difference when using it.
Why has there been so much talk about it?
The fact that not even WhatsApp can view the messages or listen to the calls means that if the company receives a lawful request for someone's personal data or messages, it won't have access to them and cannot hand anything over. Due to the way WhatsApp has implemented this, it is going to make it very difficult for law enforcement and government agencies to get legal access to data which might be needed to help their investigations. It will also be interesting to see what happens following the ruling earlier this year from the European Court of Human Rights (ECHR); that companies are within their rights to read worker's private messages if a workplace policy is thought to be violated. Something that will be very difficult to do with WhatsApp's encrypted messages.
How the government might react?
There has been some debate about whether government agencies would try to ban this, but it would be very difficult to do so. Banning encryption could cause huge damage to the digital economy. We need encryption to keep our personal data safe, but we also need to find a balance where police agencies can get lawful access to data to help in their investigations.
We're in an interesting predicament at the moment; we are very free with our personal data and sharing it online, something that cyber criminals are capitalising on. However, we want assurance that we are not being unduly monitored and losing our privacy at the same time. If other messaging services such as Viber, Facebook Messenger and Snapchat react in the same way as WhatsApp, we could have an encryption revolution on our hands.
Tabrez Surve, regional security manager, Middle East & Turkey added: "In general, the people in the Middle East are often more trusting of online security than the rest of the world. Although users may be concerned, they are confident that governments in particular can protect their privacy online. Over the past couple of years, various cyber laws have been enacted across the GCC and action has been taken to ensure the safety and privacy of their citizens.
"On the whole, we see that governments are wary about WhatsApp encryption as it can create a blind spot to their intelligence-gathering activities and the monitoring of particular groups or individuals.
"The WhatsApp encryption reminds us of the days of BBM, when BlackBerry was forced to open data centres to allow governments locally to intercept messages exchanged between individuals if needed. GCC countries were at the forefront of this request to ensure that no encrypted data escaped the watchful eye of the government.
With the smartphone penetration reaching almost 99% in some countries in the Arab world it is going to be interesting to see how this unfolds locally."