End-to-end encryption of WhatsApp conversations saved in the cloud is coming. As, no doubt, the controversy over the inability to access data in the event of an investigation.
The subject has been on the table since this spring: WhatsApp will soon provide encryption for chat histories that are saved in the cloud, i.e. on iCloud or Google Drive. And not just any type of encryption: it is promised end-to-end encryption, that is to say that prohibits anyone from accessing the contents of this archive, except the person who originated it. .
Since the first clues spotted in March, neither WhatsApp nor its parent company Facebook had yet spoken. Obviously we had to wait for the communication from the big boss Mark Zuckerberg: indeed, the person concerned wrote on his personal page a short message on September 10 to confirm the arrival of end-to-end encryption on backups in the cloud – a backup which is optional.
” We’re adding another layer of privacy and security to WhatsApp: an end-to-end encryption option for the backups people choose to store in Google Drive or iCloud. “, He writes, before pointing out that WhatsApp is in fact becoming” the first global messaging service of this scale to offer end-to-end encrypted messaging and backups “.
Mark Zuckerberg’s speech is accompanied by the publication of a post, on Facebook’s engineering blog, detailing how WhatsApp is doing end-to-end encryption on iCloud and Google Drive. Coincidence of the calendar? It occurs a few days after the publication of an article critical of the investigative media ProPublica, on the encryption practiced by Whatsapp.
An article that could have wrongly given the impression that messages exchanged on Whatsapp could easily be viewed by company moderators. Remember that this is not the case: these are only bits of discussion that can be seen, but in very specific circumstances: only if a person legitimately appearing in the loop makes a report. In short, people exchanging messages and media on WhatsApp keep their conversations out of sight of WhatsApp. But if one of them denounces a message for moderation, because she believes that there is illegal activity (phishing, spam, apologia for terrorism, child pornography, etc.) for example, then moderation receives in clear extracts to rule on the facts.
Mark Zuckerberg did not comment on ProPublica’s post. Beyond the confusion over end-to-end encryption, the fact is that moderators can access chat tips, due to the reporting process, and WhatsApp is at the same time being singled out for the issue. significant metadata collection that takes place around conversations.
Instead, he highlighted in his post the level of complexity that teams faced with end-to-end encryption of backups: “ Achieving this was a very difficult technical challenge that required an entirely new framework for key storage and remote storage across various operating systems. – Android and iOS on the smartphone side, and maybe desktop OS too, like Windows or macOS.
There are two ways to protect the archive in the cloud. It arrives with a certain delay, insofar as end-to-end encryption has been operational by default on WhatsApp since 2016. Backups were kept out of the way, which was in fact a point of weakness in the security chain. , in case of violation of the associated iCloud or Google Drive account.
Upcoming controversy over data access?
End-to-end encryption in the cloud will undoubtedly receive a mixed reception, according to who comments: this measure will allow to add a layer of protection which will avoid, even in the event of fraudulent access to the account (which is not already not obvious, Google Drive and Apple already providing a high degree of security to their cloud), to preserve the privacy of messages.
It will also pose a legal and police issue: during investigations, Apple and Google are likely to deliver information from an account in the cloud. This has already been seen and is legally framed. However, in fact, WhatsApp archives will become unusable under this new regime. The FBI has often lamented that encryption stands in the way of its investigators.
In recent years, the issue of encryption has given rise to sometimes significant, even violent, oppositions between tech companies, associations for the defense of individual freedoms in the digital world, politicians and law enforcement – sometimes with cases going to court. Across the Atlantic, Apple has sometimes found itself facing the FBI on these potentially sensitive subjects because they relate to terrorism.
These subjects also raise fundamental questions: what balance must be struck between security and freedoms? Is it desirable to turn smartphones into real black boxes, impenetrable at all glances, including when the courts allow it? Should we invent secret backdoors? Is this acceptable as long as they could be found by people with very bad intentions? Etc.
The direction taken by WhatsApp and Facebook is clearly likely to put a coin back in the machine, just as other initiatives in this field have made the political, judicial and police authorities react, in the United States or elsewhere. The fact, however, that the police, precisely, also equip themselves with increasingly sophisticated tools to bypass encryption, shows that they are not helpless.
No doubt the white paper published by WhatsApp will be closely scrutinized to find out what to expect. For now, the happy medium chosen by WhatsApp is to make its end-to-end encryption in the cloud optional: it will therefore have to be activated voluntarily to have it. The deployment is expected in the coming weeks, indicates the messaging, without specific details on the deadline.