These days, it seems that there’s constant tension between different types of security. Big governments are looking for international security and the ability to monitor conversations and data transfers. Individuals want physical safety, but also want to know that they have security and privacy when it comes to the information that they send over the internet. It’s a classic case of having your cake and eating it too. The most recent player in this quiet war is WhatsApp with their announcement of double encryption this week.
The ultra popular messaging app WhatsApp is so popular, it’s often used as a verb, just like Google. ‘Google it’ and ‘I’ll WhatsApp you’ show just how much of a name brand these products have become for a large percentage of the world. WhatsApp is committed to user privacy and so this week announced that they have instituted a new change into the message backup process for iPhone users. WhatsApp believes in end to end encryption, meaning that the only two parties in the entire transfer process who can read the message are you and your recipient. To this already encrypted system, WhatsApp has now added encryption to messages that are backed up to iCloud. iCloud accounts are already encrypted, of course, but if the messages are readable on the cloud, hackers (or ubiquitous government agencies) could potentially get into an iCloud account and read the messages.
To solve this issue, WhatsApp has now announced that all messages backed up in the cloud will carry another layer of encryption which will require the user in order to be readable. The FBI and other agencies have claimed that they are already able to circumvent the encryption by replicating a SIM card with the original user’s number, which would mitigate the need for the encryption key in order to access the messages. The company that is claiming to be able to do this is Oxygen, and other anti-encryption companies are seeking to do the same thing. The goal is to find ways around the current encryption abilities within the cloud, but without having possession of the device. For now, the current system allows for law enforcement groups to be able to access messages on phones where the SIM card is in their possession. But as the anti-encryption work continues, those doors will continue to be pushed open.
The FBI isn’t the only group looking for information, either. The UK government has also recently drafted a leaked document stating that they are seeking to start increasing their investigatory powers over one in ten thousand citizens as well. With the increased surveillance of governments, WhatsApp’s announcement has been an interesting addition to the conversation.
Dual layers of encryption within the cloud are becoming a necessary reality in today’s security environment. Because of the nature of security and the changing abilities of hackers, the cloud has become a dangerous place to store private and important information. WhatsApp is the first, but certainly not the last, to start increasing these measures.