End to End encryption

“Privacy” has been a hot topic these days. The lawsuit between the FBI and Apple, referring to the iPhone 5C used by the terrorist that attacked in San Bernardino, has started a huge debate on privacy and security. Many of the biggest technology related companies in the world, supported Apple in the privacy issue. Google and Facebook are probably 2 of the bigger names among many other companies.

Whatsapp is a very popular messaging application in many countries in Europe. In Spain for example, we use the word “whatsapp” as a verb. The same way as “text me”, people would say “whatsapp me”. The fact that many people use a company’s name as a verb implies how popular and important this messaging service is between European people.

(Similar thing happens here in the US with VENMO or GOOGLE) “Hey, venmo me the money when you can please!”, “I’m not sure about that, let me Google real quick”.

A couple of days ago pop up messages were appearing in some of my conversations in this messaging app. Claiming that now whatsapp had end-to-end encryption.

whatsapp

What is end-to-end encryption?

 

End to end encryption means that when you click the button “send”. Your message will encrypt at the moment it’s out of your phone. Then it will get to whatsapp’s servers and remain encrypted, then sent to the destination phone. The only two people that will be able to read that message are the “sender” and the “receptor”.

The key to decrypt the messages is now stored in each device and not in the servers as it used to be. Not even whatsapp can access to this messages anymore.

The main difference between end-to-end encryption and partial encryption is that in partial encryption, the message will get decrypted once it gets to the servers, stored, and then encrypted again to be sent to the receptor’s phone. All text messages, file transfers and voice calls are scrambled en route between users’ phones so they can’t be intercepted.

splash

Whatsapp have been involved in several cases of privacy problems. But in this last update, they made sure that the encryption in the messaging was done right. Whatsapp has been working with a company called Open Whisper Systems, a well-known company that created products like “Redphone” or “signal”, or “textsecure”.

In other words, now the only people capable to read this bunch of encrypted bits (0 & 1) are the people implied; sender and receiver (or receivers).

The fact that such a huge service used over a billion users is getting end to end encryption is a game changer.

whatsapp2-crop-original-original

Companies want to defend their values and their customers (therefore the main source of revenue). Even a big brand like Apple is sensitive to a crisis that strikes one of their main products. Even Amnesty International, where I did an internship last year, called WhatsApp’s move a “huge victory” for free speech. Is it a matter of national security vs. personal privacy?

Security can’t be an excuse for governments to control all communications and monitor the people. The Apple case will be the precedent and now the companies, as for example Whatsapp, are moving towards a better privacy for their customers, denying the possibility to create backdoors. Which company is going to be next?

The Pixel Shark.

 

10 comments

  1. Super interesting and relevant post! I have to admit, when the news came out that Whatsapp was using end to end encryption I had no idea what that meant. So thank you for taking the time to explain it! This is clearly a pivotal moment in the tech industry as we are at a crossroads between security and free speech, and where to draw the line. I definitely think this will remain a relevant topic as long as we have terrorist organizations that are using applications such as this to communicate and the government is unable to listen in on their messages.

  2. Great post! I think companies can incorporate E2E encryption as a way to protect themselves in privacy issues similar to what happened to Apple. By taking away their own capability to decrypt these messages, I think it will be harder for someone (the government) to put the company in a position where privacy concerns could be questioned. They have essentially said that they won’t help in these situations because they no longer have the capability to do so. Really interesting topic, something that will definitely be seen more in the future.

  3. I really enjoyed this. I had no idea what the difference between end to end and partial encryption was and you did a great job of explaining it. I think the debate between national security and personal privacy is an extremely complicated issue and I’m not sure there is any one correct answer. Taking the ability to decrypt messages away from specific companies, as WhatsApp did here, at least prevents the government from strong arming them into giving up information on their users.

  4. Thanks for the explanation of end to end encryption! Maybe Whatsapp is doing this in response to the increasing likelihood of events like the case of Apple vs. the FBI. If the government were to ever ask for messages, Whatsapp can now more easily deny access. It does raise the question of personal privacy vs national security like you said. Definitely an interesting move in light of other controversies like when a judge ordered the app to be shutdown in Brazil and rumors of illegal activity being conducted via the messaging app. Seems like a smart move for the company to look out for its own interests and users’ interests moving forward.

  5. yifanhong04233 · ·

    Very interesting post. Privacy is becoming a much more important topic in recent years as the government is putting more surveillance upon us for national security purpose. But I am wondering what if the End to End Encryption technology is used by terrorists–it would be harder for the government to track their activities. In the end, there is no good or bad technologies–it all depends on who is using it. I am very interested to see how to balance privacy and national security.

  6. Nice post. I do think the option of encryption will become increasingly the norm in future product releases. I’m not sure that many people particularly care one way or another, but if its relatively simple to do so, I think more people will opt in that direction.

  7. Thanks for explaining this! You did a good job of making i was to understand, as well as giving a different perspective by highlighting whatsapp instead of iMessage. I think encryption has become a buzzword as of late, especially regarding the drama surrounding the FBI and Apple. Many people are hanging onto any last shred of “privacy” they think they may have, and large tech companies are racing to become the leader in this form of user security. I think that since the FBI recently hacked an iPhone, that whatsapp is going to have to double down on their security measures in order to outperform iMessage on the encryption front. Great post!

  8. Cool post, with the ever growing internet and social media platforms, its important for users and suppliers to protect data. I think that knowing that my message is encrypted would give me better peace of mind when talking about something sensitive or personal over the internet. We live in a cool era when we are learning to adapt to the changing world of technology.

  9. Thanks shark ! you made a complex (to me) issues easy to understand and digest. I think i like more freedom of communication. Yes, it allows organizations like ISIS to exist. But i think i want honestly and truth more than anything else. Bravo!

  10. Nice post. I appreciate you breaking this down and explaining how this all works in terms of whatsapp. Prior to reading an article on this, I was a little nervous and surprised at what it all meant because the day it rolled out, it just sort of popped up on the screen the morning I opened my whatsapp chats. While I’m sure there are loop holes as seen in the Apple vs the FBI case,and the fact that Whatsapp is owned by Facebook still leaves me feeling a little ify, I do think overall, it’s a step in the right direction in terms of digital security if it’s used for the purposes they say it will be used for.

%d bloggers like this: