WhatsApp encryption: is it as secure as they say?

Facebook says it does not read WhatsApp messages

WhatsApp messenger is an american freeware instant messaging services that is owned by Facebook and has become extremely popular worldwide due to its full ability to support voice calls video calls and share images, document, user location and other contents. Perhaps the most famous offering and what has made the company a household name is the fact that the app claims to be fully end-to-end encrypted and Facebook does not and cannot read the messages of users although in the last few days this claim has been called into question.

Contractors fill buildings to read supposed secure whatsApp messages

A new investigation is highlighting that facebook hire thousands of contract workers filling full office buildings and the one purpose of these workers is to sift through millions of pieces of user content. Facebook  acknowledges that yes tht contractors spend the days sifting through content that WhatsApp users and the services own algorithms flag.

Only flagged content gets read by people

The story according to Facebook is that there is a WhatsApp function that allows users to report abuse and it is these message that are reviewed. Facebook says it is unable still to listen to personal calls or read messages send through WhatsApp due to the levels of encryption used.

WhatsApp founding principle is what readers may commonly hear as end-to-end encryption and that means the messages are scrambled before being send and are only unscrambled before being received from a intended receiver but when a user reports abuse unencrypted versions of the message sent to these buildings of contractors that WhatsApp employs and it is this process that has greatly angered people.

What are the critics saying?

A public relations team at WhatsApp say that “each day whatsapp protects over 100 billion messages with end-to-end encryption to help people communicate safely. We have built our service in a manner that limits the data we collect while providing us the ability to prevent spam, investigate threats, and ban those engaged in the worst kind of abuses”.

The online discussions have a variety of thoughts about this revelation. Some are saying that this news disclosure is completely misleading and there is nothing wrong with WhatsApp. Others are suspicious about the fact that even if the functionality is only used for analyzing abuse of the app, the issue still exists that this is a potentially exploitable part of the platform. All criticism of the application revolves generally around the fact that WhatsApp and Facebook are a closed box and this being so no one really can know what is going on. Skeptics draw main attention to the fact that there is little information around what the abuse algorithm is actually doing and if we don’t know that, we cannot truly know if the messaging system is secure or not.

The most extreme critics say the entire idea of reporting abuse has no place in end-to-end encryption services and should be done away with to clear the air about the security of the app. Still, others maintain that the entire point of end-to-end encryption is that a message cannot be read in transit and once it has reached the receiver, there is nothing stopping them from showing others the content of the message.

Are people asking the right questions?

If we give WhatsApp the benefit of the doubt that they are probably not reading anything except abuse reporting contend then we must ask ourselves should software companies be in the business of policing content? If it is an issue of legalities should that not be a task for law enforcement or the police? also, is an American company the correct entity to be policing content in other countries across the world as well? We at ICNA do not think so.

Abuse reporting mechanism remains the key issue- what exactly can this abuse algorithm do and see? one thing is for sure – Facebook is a black box and they will protect their intellectual property so do not get your hopes up for them releasing any information on how this algorithm might work.