Teal blue header image

WhatsApp end-to-end encryption: Protection or risk to national security?

WhatsApp, the instant messenger service, is under increasingly intensified pressure to give Government security services access to the app's encrypted communications, following recent terrorist attacks.

Background

WhatsApp prides itself on claiming that no one can intercept its messages, not even the company itself. Whilst some research has demonstrated that the way in which WhatsApp has implemented its end-to-end encryption protocol has allowed the company to read some messages, privacy and security is still the primary selling point of the app. This research has also been brushed off as an acceptable 'trade-off' which makes the app much easier to use on a day-to-day basis for the general consumer.

The technology

End-to-end encryption works by each WhatsApp user having a personal identification key, using the Signal protocol. When that individual sends a message, it is sent via that key to its intended audience, who will also have their own identification key. The contents of this message can only be unlocked by this designated key, meaning that even if the message was intercepted mid-transfer, it would appear in indistinguishable text.

WhatsApp could create a form of master key, which would allow the company to overrule all individual keys and therefore gain access to the message contents. However, no matter how genuine the intentions are, this ultimately could allow a third party to wiretap this password and break encrypted messages, which could lead to severe financial and reputational damages to countless organisations.

The debate

WhatsApp has become a primary tool of communication for activists, dissidents and diplomats and this level of privacy could be placed at risk if encryption was ended. We are all aware of the security breaches in relation to sensitive information, leaked in a series of email chains. Danvers Bailleu, chief operating officer at Cognitive Logic states, 'We either have secure encryption or we do not – there is no halfway house, because the moment a back door exists, the encryption is no longer secure.'

Unfortunately, these privacy encryptions can be used for the wrong reasons.

WhatsApp does work alongside the relevant authorities to provide metadata, hence why it is known that messages have been sent before incidents occur, as the data provides information on who was contacted and when. However, the actual contents remain secret.

The future

In the past, BlackBerry Messenger refused to release messages during the London riots of 2011 and WhatsApp once again refused to release encrypted messages concerning the 2014 Paris attacks. The same arguments were raised around national security then, but it seems little has changed.

In 2016, the Investigatory Powers Act was launched to allow companies to break encryption in certain circumstances, but thus far this obligation has not been tested.

Meanwhile, the use of end-to-end encryption is rapidly growing, with WhatsApp switching the technology on globally this year, and its competitors such as iMessage and Signal also replacing unencrypted text messages with the same technology.

The tech community is being urged to focus its efforts on enabling encryption to be cracked by authorised organisations, whilst avoiding the risk of cyber-crimes. This is an on-going issue, which will undoubtedly have a knock-on effect on businesses across the UK and the data protection mechanisms they use, in the imminent future. 

This publication is intended for general guidance and represents our understanding of the relevant law and practice as at May 2017. Specific advice should be sought for specific cases. For more information see our terms & conditions



Insights & events View all