By Martin Bostelmann
First of all, WhatsApp’s step towards a strong end-to-end-encryption is great news for the entire crypto scene. Due to their market power, encryption became the standard for instant messaging over night. And all of this based on the Axolotl-Protocol, the very strong end-to-end-encryption co-developed by crypto-mastermind Moxie Marlinspike and used by Signal. In this move WhatsApp used its enormous reach to bring cryptography to users who didn’t really care about the safety of their communication and most likely still don’t.
For us at Qabel the encryption is good news in every way, since we’re happy about every strengthening of communication security and privacy! But above that the topic has further implications for us, mainly lying in the additional attention generated for the subject matter of cryptography. The rise in Google search volume for the keyword “encryption”, which is analyzed below, is based on WhatsApp’s switch to encryption, though the attention generated for the field and its integration into the public debate has a positive effect on the field as a whole. Or as one of our investors used to put it: “There is nothing better that could happen to a toothpaste manufacturer than a promotion campaign by the toothbrush industry”.
Due to WhatsApp’s reach, end-to-end-encryption became the standard and future communication tools will have a very hard time not to implement a strong encryption into their product. Since encrypting communication is not only a matter of securing the content itself but of protecting the entire communication including metadata there are good chances that the customers are going to demand a comprehensive encryption solution, thus giving us a nice heads start.
WhatsApp’s encryption generated a whole lot of attention for the topic and this rise is clearly shown in Googles statistics of the search volume of the keyword “encryption”. When looking at the maximum around April 5th 2016 in relation to the search volume before hand, the dimension becomes clear in which WhatsApp’s news pushed the topic. Especially the very general term “encryption” enables us to see the editional attention generated by WhatsApp in relation to other events in the fields of cryptography and communication safety. The revelations by Edward Snowden in June 2013 didn’t result in a significant rise in the search volume and neither did the launch of crypto-messengers like Telegram (August 2013) or Signal/ TextSecure (July 2014). For the sake of completeness it is worth mentioning that that the search volume dropped after the “WhatsApp-Peak” back to the level it had before but due to the timeframe in figure 1 this is not shown in the graph.
Figure 1: Google search volume for encryption from January 2013 until April 2016, maximum normed to 100
Source: Google Trends
The old proverb saying every attention is good attention has to be seen a little more differentiated in this context. Despite the above mentioned attention by the users for the field of encryption and communication safety the switch also brought more attention coming from the governments and the intelligence community.
Has it been the case Apple vs. FBI that’s been keeping the tech-community’s attention since recently, there is a new lawsuit showing up on the horizon, this time between WhatsApp and the US Department of Justice. All parties are naturally keeping their public statements to a minimum but it can be assumed, that the core of the case will again be the question, to what extend law enforcement authorities and therefore governments can claim access to our private communication.
The case started developing when a court’s wiretap order ran into WhatsApp’s end-to-end-encryption, which worked only between Android devices at that point. The negotiations are classified but according to the New York Times the Justice Department demands full real time access to all sent massages. Maybe their claim even extends to calls made with the app.
Due to the end-to-end-encryption it is impossible for WhatsApp to access the unencrypted data, which means in return, that, in the app’s current version, they have no way of complying with a court order that would demand access to said data. This way, similar to Apple, WhatsApp categorically blocks all possibilities of cooperating with government entities. But does so on a different scale, the one of a billion users. If WhatsApp would lose that case, it would have to comply with the governments demand and publish a version of their app in which the encryption could be switched off unnoticed.
The fact, that the WhatsApp source code is completely closed source turns out to be especially problematic in this context. A spying version of the app could be concealed as an update and that way be distributed to all the users. Due to the closed source code it would be impossible to detect the new “update” as a fraud. Even a test of the encryption would not be of much use, since the encryption would only be deactivated on certain devices.
The idea of an encryption that could be deactivated on demand seems to have found the liking of President Obama. On this year’s technology conference south by southwest, according to dpa, he threatened relatively open towards the tech companies: “If something truly horrible happens, the political situation will turn. Things will happen rapidly and bills pass congress in a dangerous and unfinished kind.” [retranslation from German]. This unsettlingly sounds like the “Never let a good crisis go to waste” quote attributed to Winston Churchill and shows the commitment with which the Obama administration strives towards access to private encrypted data. This concern is shared by the Electronic Frontier Foundation’s Chief Computer Scientist Peter Eckersley who said in the New York Times: “The FBI and the Justice Department will choose the circumstances of this fight very carefully. They are waiting for the case that lets their demands appear reasonable”.
Summing up it can be concluded that WhatsApp’s move towards encryption brought a lot of attention to the topic of cryptography and due to its market power made a strong end-to-end-encryption virtually the norm. On the other hand government entities are continuously working on securing and expanding their access abilities to encrypted communication and are for incomprehensible reasons of the opinion, that backdoors would than only be available to them.