World Association of Newspapers and News Publishers


Alleged WhatsApp “backdoor” merely a defensible "security trade-off"

World News Publishing Focus

World News Publishing Focus
Your Guide to the Changing Media Landscape

Alleged WhatsApp “backdoor” merely a defensible "security trade-off"

The discussion over WhatsApp’s security started when the Guardian reported on a security loophole that seemingly made it possible for WhatsApp and Facebook to read encrypted messages. However, other security experts quickly weighed in, including the company that has developed the encryption technology that WhatsApp uses, defending the app’s implementation of encryption.

The WhatsApp “backdoor”, according to the Guardian’s reporting, was made possible by the recreation of unique security keys that encrypt message: WhatsApp has the ability to force the generation of new encryption keys, without notifying the user, and make the sender send unreceived messages again, re-encrypted with new keys. This, allegedly, makes it possible for WhatsApp to access its users’ messages.

However, Open Whisper Systems, the creator of Signal Protocol, which WhatsApp’s encryption uses, quickly responded defending WhatsApp's encryption implementation. The main issue is how it handles “in-flight” messages, which have been sent but not received yet. In WhatsApp’s case, a new key is generated and the message resent, with the user receiving a notification. 

Many privacy and encryption experts called key change handling a normal part of cryptography, and defended WhatsApp’s execution. For instance EFF acknowledged that it indeed included a “vulnerability”, but didn’t constitute a “backdoor” but rather a security trade-off, and a defensible one in EFF’s view.

For anyone interested in encryption in “private” messaging apps, this comparison is a useful resource. The most secure service seems to be Signal, which was designed as a secure messaging service first and foremost.

WhatsApp, one of the most used mobile messaging services, is undoubtedly used by countless journalists around the world who may presume the app is a secure way of communicating with their sources.

More generally, some commentators pointed out that it seems the discussion over messaging security has moved on from whether encryption should be used to how it is done.

Author

Teemu Henriksson's picture

Teemu Henriksson

Date

2017-01-16 14:09

Author information

The news publishing industry is experiencing transformation at an ever-growing pace, with new policy issues arising as the landscape changes.

We will be examining policy discussions that will define the news publishing environment of the future, the key topics being internet governance, privacy and copyright. Click here to learn more about our work.

WAN-IFRA Media Policy team and experts.


© 2019 WAN-IFRA - World Association of News Publishers

Footer Navigation