WhatsApp turns on end-to-end encryption
Facebook-owned WhatsApp has strengthened the encryption of its widely used instant messaging app, a development that in theory makes it harder for law enforcement to gain access to communications.
WhatsApp’s founders said Tuesday that the application now implements end-to-end encryption, which means only authorized users can decrypt messages.
“The idea is simple: when you send a message, the only person who can read it is the person or group chat that you send that message to,” Jan Koum and Brian Acton wrote in a blog post. “No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us.”
The move by WhatsApp comes after fierce debate over the increasing use of encryption and how it affects law enforcement investigations. WhatsApp said in February it had 1 billion users.
In February, a federal magistrate judge ordered Apple to create a special version of its mobile operating system that would help the FBI get into a phone used by one of the San Bernardino mass shooters. Apple objected, setting off a widespread debate.
The order was vacated after the FBI said it had found a way to unlock the phone with the help of a third party. But there are several similar cases outstanding.
Devices using WhatsApp hold the encryption and decryption keys to messages sent over the service. That means law enforcement could not go to WhatsApp or another service provider to obtain the keys.
Alternatively, law enforcement could get access to WhatsApp messages if a suspect divulged their phone’s passcode or the passcode could be obtained another way.
It is also possible that a software vulnerability in the app could allow law enforcement access. Experts believe that may have been how the FBI unlocked the San Bernardino shooter’s iPhone.
WhatsApp’s encryption uses an open-source protocol called Signal, which is also used in an encrypted messaging app of the same name, according to a technical white paper published on Tuesday. Signal was developed by Open Whisper Systems.