Facebook-owned WhatsApp has a surprising new feature that privacy advocates and Edward Snowden himself will love. The highly popular messaging app now has end-to-end encryption to prevent anyone except the sender and intended receiver to view the message.
Federal Bureau of Investigation director James Comey and United States Attorney General Eric Holder will not be pleased with the new feature, as both top-ranking officials have publicly spoken many times against the increased rollout of privacy measures by technology companies coping with a market in the post-Snowden era.
With end-to-end encryption now made default on WhatsApp, no one, not even the government or WhatsApp itself can gain access to a user's messages unless a court issues a search warrant for government agencies so they can travel physically to a user's home and search the mobile device containing WhatsApp.
To deploy encryption, WhatsApp partnered with startup Open Whisper Systems, which announced the new feature in a blog post. Open Whisper Systems is best known for its development of TextSecure, a niche messaging app developed for the security-minded with around 10 million downloads. In a recently released messaging app scorecard by the Electronic Frontier Foundation (EFF), TextSecure received positive marks in all categories, including encryption in transit, end-to-end encryption, verification of contacts and a heavily reviewed and audited code. In contrast, WhatsApp has 600 million users, but received failing marks from EFF because of its lack of security measures.
With Open Whisper Systems now on board, WhatsApp now uses TextSecure's end-to-end encryption protocol. In a blog post, Open Whisper Systems founder Moxie Marlinspike says the billions of WhatsApp messages sent every day by Android users have been encrypted since last week. The iOS version of the app will receive the end-to-end treatment soon.
End-to-end encryption uses a cryptographic key that locks a message, with only the sender and receiver holding the cryptographic key. For now, end-to-end encryption is applied only to personal messages, but Open Whisper Systems is working to include the security feature for group messages and media messages. In the future, Marlinspike says his company will also roll out a feature that will allow users to verify the identity of their contacts to prevent man-in-the-middle attacks that attempt to intercept the messages.
"Even though we're still at the beginning of the rollout, we believe this already represents the largest deployment of end-to-end encrypted communication in history," says Open Whisper Systems.
Apple and Google have also deployed end-to-end encryption for their messaging platforms but with a number of hang-ups. Apple's iMessage, for instance, doesn't track cryptographic keys, which means it can simply create new keys to gain access to the messages. Also, iMessage does not have a cryptographic key for each message sent, so hackers who can crack the key on one message gains access to all past and future messages. Lastly, many Apple users backup their iMessage conversations on the cloud, which renders the entire security measure useless.
Google, on the other hand, still reserves for itself the abililty to scan a user's Hangouts messages, not to mention email content, for purposes of delivering targeted advertisements.
WhatsApp's move has been praised by technologists, who have criticized WhatsApp in the past for its lack of security features. Cryptography researcher Matthew Green of Johns Hopkins University Information Security Institute says the decision to deploy end-to-end encryption for WhatsApp is "very significant" because it is one of the most popular messaging apps.
"Now there are people who don't even know what encryption is who will still get the benefit of a strong encryption protocol on all their messages," Green says.
Even Snowden himself, who used Open Whisper System's TextSecure to leak classified National Security Agency documents to the media, would likely be pleased.
"Don't send your texts unencrypted," he said [video] in an interview with The New Yorker. "Use programs like Redphone, like Silent Circle - anything by Moxie Marlinspike and Open Whisper Systems."