Encryption has been at the centre of a series of high-profile tug-of-wars recently, with the UK government pushing the controversial Snoopers’ Charter and the FBI having a very public dispute with Apple over a locked iPhone.
The battle of encryption wills has seen government and security agencies pitted against tech companies and security experts, with one side championing national security and the other user privacy.
Those on team user privacy are today claiming victory, following WhatsApp’s move to roll out end-to-end encryption to its entire user base – a small group of over 1 billion people. In simple terms, what this means is that only the people directly communicating can read the messages sent and received.
Announced on the company blog, WhatsApp explained: "The idea is simple: when you send a message, the only person who can read it is the person or group chat that you send that message to. No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us. End-to-end encryption helps make communication via WhatsApp private – sort of like a face-to-face conversation."
This has been viewed as a huge win for user privacy, reflecting how recent security debates and scandals have pushed encryption and security in general into the mainstream consciousness. Richard Anstey, EMEA CTO at Intralinks, said:
"This announcement by WhatsApp reflects a growing consumer awareness of the purpose and merits of encryption. It’s a win for privacy advocates, but undoubtedly a cause of frustration to governments across the world. Following the Apple/FBI scandal, and the return to prominence of the Snoopers’ Charter in the UK, encryption has been pushed into the mainstream despite encryption algorithms having been around for years."
The roll-out of end-to-end encryption by WhatsApp is all the more significant when looking at the size of its user base – there will now be a potential one billion people communicating via encrypted messages. This has a number of significant ramifications for both the consumer and business landscape – firstly, encryption will no longer be a foreign concept to the security layman, consumers will demand the same-level of security from other technology, specifically apps. Secondly, these consumer demands and security expectations will transition to the workplace, with consumerization already transforming the tools used in the workplace. Both points lead to one clear result – greater user privacy.
Tony Pepper, CEO of Egress Software Technologies, said: "It’s good news for security in general that consumer technologies, like WhatsApp, are offering end-to-end encryption – the more encryption becomes ‘the norm’, the less resistance IT will have in getting people to adopt it in a commercial environment.
"The fact that end-to-end encryption is now being offered in popular apps means that employees will expect, and even push to have, the same level of information security from the data sharing tools they use for work, such as email and online collaboration. This could help to create a safer data sharing environment for everyone."
WhatsApp’s encryption play may prove to be the first in a wave of encryption solutions to flood the consumer market, and while tech companies will be competing product-wise, encryption has proved a unifying topic among Silicon Valley leaders. As tech companies unite behind encryption, user privacy is certain to get stronger and more secure.
Jacob Ginsberg, Senior Director at Echoworx, said: "It seems that the large players in the technology industry are taking more notice of people’s right to communicate privately – whether that be just email security or end-to-end encryption. WhatsApp is taking a great leap towards securing users data and making them more aware of privacy.
"With WhatsApp, and last year, Facebook, taking steps to educate users and raise awareness of secure communications, hopefully more will follow suit. This is vital as questions mount, particularly in the UK, about people’s right to privacy. We’ve recently seen large technology companies band together over issues with encryption – most notably with the recent case of Apple vs. FBI."
Everyone seems to be behind encryption – consumers, tech companies, security experts – bar, of course hackers and cyber criminals…and government agencies of course.
It is this last opponent to encryption which is the real threat to user privacy. I say threat to user privacy, but others would counter with threat to national security. The backbone of the argument for encryption backdoors rests on messages and communication sent between criminals and terrorists – notably the Telegram app was identified as a reported tool of the terrorists behind the Paris terror attacks in 2015. However, the security industry is almost unanimous in its assertions that any weakening of encryption would only weaken information and, ironically, be a threat to national security.
Intralinks’ Richard Anstey said: "End-to-end encryption is already posing a problem for intelligence agencies which are pushing for "backdoors" to decrypt messages between terrorists, some of which may be exchanged on WhatsApp.
"However, security experts across the world – including myself – are very reluctant to weaken encryption mechanisms, because this would have a wider knock-on effect in day-to-day life – both personal and professional. It can cause all sorts of sensitive information to become less protected from hackers, criminals and unfriendly nation states."
While the privacy vs. national security debate shows no sign of slowing, the move from WhatsApp is a huge victory for privacy advocates. However, WhatsApp, although used by one billion users, is just one app among many – many that are unsecured and vulnerable to hackers and numerous cyber threats.
Let’s hope the adoption of end-to-end encryption by WhatsApp will spur more tech companies to add encryption to their products and services, as Gary Newe, Technical Director and cyber security expert at F5 Networks, is quick to remind us:
"There are still a high number of apps available to download which don’t have the necessary encryption in place, which leaves users vulnerable to malware and exposed to criminals looking to steal their data."
This article is from the CBROnline archive: some formatting and images may not be present.