It’s been almost a month since, right on the heels of the Apple vs FBI showdown, WhatsApp added fresh fuel to the already hot encryption debate when it announced it was enabling end-to-end encryption for all of its 1 billion users.
As of April 5, every message, every video recording, every
sound recording, and every photo exchanged via the app is visible by the
parties involved in the communication only and no one else. Not
WhatsApp itself, not government surveillance agencies, not any potential
hackers or snoopers, nobody. From the company’s web site:
“WhatsApp’s end-to-end encryption ensures only you and the person you’re communicating with can read what is sent, and nobody in between, not even WhatsApp. This is because your messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read them. For added protection, every message you send has its own unique lock and key. All of this happens automatically: no need to turn on settings or set up special secret chats to secure your messages.”
With the Brussels attacks painfully fresh in everyone’s
minds, the company’s move reignited the larger issue of national
security versus individual privacy. This week’s one-day shutdown of WhatsApp in Sergipe, Brazil for law enforcement reasons, shows governments worldwide are concerned about the new level of encryption.
We’ve seen fear-mongering headlines such as “WhatsApp locks out terror police,”
as well as reprimands from US senators who stopped just short of saying
that the company is responsible for future terrorist attacks:
“I strongly urge WhatsApp and Facebook to reevaluate their decision before they help facilitate another terrorist attack,” said Republican Senator Tom Cotton
in a statement made at the time, which is pretty much like telling a
car manufacturer that it needs to reevaluate its decision to build a new
model before it facilitates another hit and run.
In the tech world, however, WhatsApp got nothing but praise
for its newly implemented end-to-end encryption. The news that it used The Signal Protocol
designed by Open Whisper System for its encryption lent the move an
extra dose of authority and credibility and WhatsApp was hailed as an
example to follow, a true privacy trailblazer democratizing encryption
by making it available to the masses.
And with good reason.
It was about time someone stepped up to the plate, and who better to
do it than a company with 1 billion users all over the world?
That said though, I have some questions. Possibly some
doubts as well, but I’ll settle for the answers to these questions for
now, if given a choice. Here it goes:
1. What about the metadata?
WhatsApp will still keep records of its users’ metadata.
This means that even though the contents of a message cannot be
accessed by anyone including WhatsApp itself, the phone numbers involved
in the exchange, as well as the timestamps on the messages, are still
being stored on the company’s servers. This means that if a court orders
WhatsApp to share all the info it has on a particular user, the amount
of metadata the company would be handing over would most likely be
sufficient to create a profile and draw some strong conclusions. Knowing
who someone talked to, at what time, and how many times per day is some
pretty powerful information to have, don’t you think?
And it’s not just governments who could get their hands on that data; it’s hackers, too.
2. What about Facebook?
Back in 2014, WhatsApp was acquired by Facebook, which as
you probably know by now, is not the most privacy-minded company out
there. It makes its money serving you ads, and the more it knows about
you, the better it can tailor those ads to your personality and behavior
as a consumer.
That’s a necessary evil in today’s hyper-competitive and
saturated marketplace and, full disclosure, my company has used Facebook
Ads too — but that doesn’t change the fact that users’ privacy is not
at the top of the list for Facebook.
Which is why I’m a little bit worried about WhatsApp’s quest to provide privacy to 1 billion people.
Because at some point in the not so distant past, screenshots made public by freelance Android developer Javier Santos
of a beta update for WhatsApp showed that the company was planning to
ask users to share their WhatsApp account information with Facebook to
improve their Facebook experiences. And if that were to happen sometime
in the future, then Facebook would get to see all that metadata we
mentioned earlier.
Metadata that it could use to create an even more accurate
profile on you than the one it has now by analyzing your Facebook
activity alone. And then it could proceed to serve you some targeted ads
with a side of invasion of privacy.
But even if this never actually happens and your Facebook
and WhatsApp accounts remain separate, there still is the issue of
Facebook’s quest to get everyone to “secure their account” by adding
their phone number to it. And you know what else is associated with that
phone number? Exactly, your WhatsApp account.
So you have to wonder if Facebook’s
fratboy-in-the-club-like obsession with getting your digits is just them
trying to link your Facebook and WhatsApp accounts on their own,
without you consenting or even knowing. Because it’s just easier that
way.
(Side note: Did you know that you’re searchable on Facebook
by phone number, which can undo a lot of the privacy settings you have
in place on your account?)
3. What about the money?
Right now, WhatsApp is not making any money; it has no
source of revenue. In the beginning, it tried monetizing the service
itself — for a very low fee. It has since scrapped that and is now
offering the messaging app for free, all features included.
It will probably open up the platform to brands in the near
future, but it has made clear that it won’t be to enable brands to
advertise to users. It will instead be to help users communicate with companies
more easily, without the hassle of having to call, send an email, or
fill out a contact form. Want to order a pizza? Send a WhatsApp to the
pizza place. Want to make a dinner reservation? Just WhatsApp the
restaurant. You get the point.
And while this might be a feature that the company could
monetize, will it inject enough cash into the business to keep it viable
in the long-run?
Which brings us back to Facebook and to wondering whether some of that ad money will make its way to WhatsApp.
All of this remains to be seen. WhatsApp is now in the
spotlight; everyone’s eyes are on the company, watching its every move,
putting its claims and its encryption to the test and waiting for its
next step.
Whatever happens next, there is no denying that what
WhatsApp did is not only a huge step forward for online privacy, but a
much needed challenge for every tech company out there. The company has
raised the bar for everyone else. It has done its part, and it is now
our turn to step up our game in protecting users’ privacy.
No comments:
Post a Comment