WhatsApp encryption: What is it, how does it work and why is the government so worried about it?

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

Home Secretary Amber Rudd has criticised WhatsApp’s use of encryption to protects its users’ communications, in the wake of the Westminster terror attack.

It has emerged that the attacker, Khalid Masood, sent a WhatsApp message moments before launching his assault, and Ms Rudd accused the Facebook-owned app of providing terrorists with a place to “hide”.

In the government’s line of fire is end-to-end encryption, a security technique designed to keep users’ data private, which Ms Rudd described as “completely unacceptable” while speaking on the BBC’s Andrew Marr Show.

WhatsApp added end-to-end encryption to all of its messages in April 2016, enabling it by default on all conversations.

“From now on when you and your contacts use the latest version of the app, every call you make, and every message, photo, video, file, and voice message you send, is end-to-end encrypted by default, including group chats,” it said at the time.

“The idea is simple: when you send a message, the only person who can read it is the person or group chat that you send that message to. No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us.”

Encryption works by jumbling content so heavily that it can’t be deciphered by anyone other than the sender and the recipient. This makes the government nervous.

“It used to be that people would steam open envelopes, or just listen in on phones, when they wanted to find out what people were doing, legally, through warranty,” said Ms Rudd, apparently unaware of WhatsApp’s security practices.

“But in this situation we need to make sure our intelligence services have the ability to get into situations like encrypted WhatsApp,”

WhatsApp doesn’t store users’ messages or files once they’ve been delivered, deleting them from its servers as soon as they’ve gone through.

“Many messaging apps only encrypt messages between you and them, but WhatsApp's end-to-end encryption ensures only you and the person you're communicating with can read what is sent, and nobody in between, not even WhatsApp,” explains the app.

“This is because your messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read them. For added protection, every message you send has its own unique lock and key.”

It’s also worth noting that WhatsApp is just one of many services offering encryption. It’s also vital to banks, allowing us to securely manage our finances online, and is used by government websites too.

Ms Rudd appeared to have altered her stance on encryption by the time she appeared on Sky’s Sophy Ridge on Sunday.

“End-to-end encryption has a place,” she said. “Cybersecurity is really important and getting it wrong costs the economy and costs people money, so I support end-to-end encryption.”

However, she went on to hint at plans to ask technology companies to create backdoors for the government to access communications data whenever they wanted to.

“We also need to have a system whereby when the police have an investigation, where the security services have put forward a warrant signed off by the Home Secretary, we can get that information when a terrorist is involved,” she continued.

After being told that such an arrangement would be incompatible with end-to-end encryption, Ms Rudd added, “You can have a system whereby they can build it so that we can have access to it when it is absolutely necessary.”

It’s a troubling proposal. As technology industry figureheads have explained repeatedly, backdoors don’t only open communications data to government agencies, but cybercriminals too.

Tim Cook branded backdoors as “the software equivalent of cancer” while speaking to ABC News last year, as Apple resisted FBI orders to unlock an iPhone used by the San Bernardino shooter.

“We have no sympathy for terrorists,” he said. “In my view they left their rights when they decided to do awful things… We’re not protecting their privacy, we’re protecting the rights… and public safety of everyone else.

“[Creating software to access data locked on the iPhone] exposes everyone else. Developing that software, it’s so powerful it has the capability to unlock other iPhones. That is the issue.”

The analogy being widely shared by pro-encryption web users is that of a simple door lock. Though they enable criminals to hide from authorities, getting rid of them would expose millions more innocent people to danger.

“A master key to turn 100 million locks, even if in the possession of a person you trust, could be stolen,” continued Mr Cook. “You can imagine the target on that piece. I’m not saying [that] the government would abuse it, but there are lots of bad guys in the world.”