WhatsApp, the world’s most popular instant-message app with more than 1 billion users, is now fully encrypted on all platforms: Android, iPhone, BlackBerry and others.
That’s good news for users who care about security and privacy, including journalists and dissidents. At the same time, it represents the intensification of a trend toward ubiquitous encryption that has posed challenges for law enforcement in the United States and around the world.
“The idea is simple: when you send a message, the only person who can read it is the person or group chat that you send that message to. No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us,” WhatsApp co-founders Jan Koum and Brian Acton wrote in a blog post Tuesday.
Such encryption, in which only the sender and receiver can decrypt messages, makes it virtually impossible for foreign governments and U.S. agencies to intercept instant messages and voice calls, even with a warrant.
WhatsApp, which is owned by Facebook, has frustrated federal investigators in criminal investigations, but the Justice Department has not taken the matter to court publicly in the way it did recently with Apple.
The Apple case involved data stored on an iPhone used by one of the terrorists in San Bernardino, Calif. By contrast, WhatsApp provides chat, group chat and voice call services to users — or “data in motion.”
WhatsApp and Facebook are “great American companies,” FBI General Counsel James A. Baker said Tuesday in a moderated discussion at a conference of the International Association of Privacy Professionals. But “this presents us with a significant problem.”
If the trend continues, he said, “encryption like that will continue to roll out in a variety of different ways across the technological landscape,” adding that the “genie’s out of the bottle.”
Some of it is good, Baker said, noting that his own data has been stolen by hackers a number of times and he wished that the data had been encrypted. “But the key thing is that it has costs.”
His boss, FBI Director James B. Comey, has often said that the Islamic State is using encrypted apps to direct people to kill “innocent people” in the United States. And it is hindering investigations of murder, child pornography, organized crime and a range of other crimes, law enforcement officials said.
Still, Comey said at a congressional hearing last month: “It is not our job to tell the American people how to resolve that problem. . . . Our job is simply to tell people there is a problem.”
But for WhatsApp and Open Whisper Systems, a group of software developers that has helped the company integrate the “end-to-end” encryption into its platform, the issues are security and privacy. “What we’re doing is trying to make private communications simple,” not thwart criminal investigations, said Moxie Marlinspike, founder of Open Whisper Systems.
Criminals and terrorists will use encryption regardless of what commercial firms do, he said. Some al-Qaeda-linked groups have released their own encryption platforms.
Koum and Acton said in their blog post: “While we recognize the important work of law enforcement in keeping people safe, efforts to weaken encryption risk exposing people’s information to abuse from cybercriminals, hackers, and rogue states.”
Koum, who is WhatsApp chief executive, said he has a personal stake in privacy. “I grew up in the USSR during communist rule and the fact that people couldn’t speak freely is one of the reasons my family moved to the United States.”
Open Whisper Systems developed the encryption protocol for WhatsApp — the same protocol used for an Open Whisper messaging app called Signal, which has millions of users. Over the next year, Open Whisper Systems will continue to work with additional messaging platforms to incorporate strong encryption, the group said.