Questions About WhatsApp Encryption

Do We Need It? Is It Worth It? Should We Care?

WhatsApp Facebook

Justin Sullivan/Getty Images

During the first quarter of 2016, WhatsApp rolled out its end-to-end encryption mechanism over to all users of its leading communication app. This meant that a billion people were now communicating in so-called total privacy such that not even governments and not even WhatsApp themselves could intercept messages and voice calls. That came in a context and at a time where whistleblowers and lawsuits caused some people to be concerned about whether communication over the Internet is still private and secure. But is WhatsApp's encryption really worth it? 

Worth what? It costs nothing to the billion users; it changes nothing in the functioning of the app — it just makes your words very secure and safe. Actually, there is a cost to it. Technically, there is a slight cost in data consumption as encryption requires some overhead. But this cost is rather small. The other cost would be believing that everything is now very secure and that nothing will ever go wrong. Is it very secure? While we wish it is, there are certain considerations that make us skeptical.

Encryption Does Not Always Work 

Your messages and voice calls are normally encrypted by default with WhatsApp. However, it does not work in all cases. For instance, if you are communicating with a person who does not have the latest version of the app, there is no encryption as only the latest version supports it. Moreover, if you are communicating in a group and one of the members is not updated, the whole group goes without encryption. 

Now, even when both sides have updated apps and are using the encryption mechanism, it could be that there still is no encryption. That's what you get to check when you get the message that says messages you send are secured with end-to-end encryption, prompting you to tap for more information. Tapping leads you to verify through a key that is represented by a QR code and a set of numbers. If those numbers are exactly the same as those of your correspondent, you are secured. Alternatively, you can scan the code on your correspondent's device to eventually see the huge tick saying you are safe. This very check suggests that certain codes may not work. Besides, there have been reports of codes not corroborating, meaning messages not encrypted. Since we won't be checking every message we send, how sure can we be that every single message is encrypted? 

Metadata Not Encrypted 

Your messages and voice calls are encrypted but not the metadata that accompanies it. Simply explained, metadata is the supporting data that goes alongside the real data to help transmission. When you send a letter through the post, the letter within the envelope is your data. The address on the envelope, the stamp, and any other data that helps post and transport officers are metadata. 

Through the unencrypted metadata, companies, rogue states and any party that want to establish patterns of your communication can do so. They can gather huge amounts of information from the chat servers, information like who is talking to who, when and for how long. This says a whole lot of things and can be processed into meaningful intel. 

Transparency and Trust

WhatsApp uses the Signal Protocol, which people know, but part of the mechanism is closed. There is definitely part of the work that remains opaque. That part could be ground for backdoor access. How far do you trust Facebook, the company behind WhatsApp?

So What?

For so many of the billion users, encryption or not, things remain the same. They have nothing to hide and don't care if their messages get intercepted. Besides, people are aware that by just creating an account on networks like Facebook and WhatsApp, they are exposing themselves to the world, and most are okay with that. The introduction of end-to-end encryption should not make them privacy paranoids. As for those who care about privacy and security, while they should feel a little bit safer, they have here questions to think about.