WhatsApp just announced end-to-end encryption for their 1 billion + users. Their massive user base overshadow Apple’s own iMessage network on Apple’s own devices alone. It would also seem that they are taking a page out of Apple’s own playbook by offering end-to-end encryption. WhatsApp’s parent company, Facebook, is also a huge player in the smartphone world but their track record on security and privacy is spotty at best. You would think that full encryption would secure WhatsApp as the new iMessage alternative for security-minded folks, but it won’t.
A Much Simpler Time
Since 1994, law enforcement has happily enjoyed broad data collecting benefits from CALEA which compels telecommunications giants such as AT&T and Verizon to provide data when proper warrants are presented. This includes private metadata such as timestamps, location and even content from these same communications. User data has never been fully secure from the likes of FBI and NSA. But every U.S. Telecom carrier combined is still a fraction of total WhatsApp users. Even China Telecom, the world’s largest single carrier has less subscribers than WhatsApp and 1/2 of that which Facebook currently commands. These are not traditional telecom companies but actually more valuable. In terms of sheer data collection, Facebook is far more valuable for intercepting terrorist communiques than any telecom company in the world. This is because our mobile devices are more supercomputer than telephone these days. The days of wiretapping and listening into conversations of suspected criminals are no longer relevant. We know agencies like the NSA scan thousands of phones in a single sweep but what are they looking for exactly?
It’s All About That MetaData
WhatsApp doesn’t care much about the content of their user messages and the same holds true for the Feds. Sure, when law enforcement thinks they’ve got their man, they begin to build a case against them by gathering any data they can. This includes metadata as well as the content of their digital conversations. But when the FBI went on the offensive against Apple last month, they weren’t expecting to find much in the way of incriminating texts. What they were hoping to gain were unknown correspondences, locations and contacts of suspects that the terrorist might have left on that iPhone 5c. That is what metadata offers to ongoing federal investigations and why they are so hellbent on making tech companies cooperate. On the other side of the argument you have privacy advocates and tech companies themselves that do not want authorities to have such overreaching power. And in an effort to stay as neutral as possible, tech companies go one further by employing encryption that they themselves cannot break and hand over to law enforcement. This is precisely where Apple is and where they want to stay but what about WhatsApp and their parent company Facebook.
Metadata Is Also Big Business
It’s no secret that companies like Facebook and Google make the bulk of their revenues by advertising user data back to their own users in the form of products and services. Without the ability to collect and filter that user data, these mega-companies would go out of business tomorrow. Thus, they have no desire to encrypt all of their user data – they need access to it. Companies like Apple sell hardware and gain no significant revenue stream from their customers’ data. They are in the business of selling phones and computers to customers that expect private and secure data transactions. This expectation continues through Apple’s services such as iMessage. Apple hasn’t released any hard numbers on users but with over 1 billion iOS devices sold, that number of iMessage users cannot be too far behind. Facebook offers a completely different set of value propositions to their customers in the form of data mining. Sure they offer optional PGP (stands for “Pretty Good Privacy”) encryption for notifications but Facebook Messenger does not offer end-to-end encryption and that service boasts 800 million users alone. And since they mine plenty of user data from their core Facebook and Messenger apps, they might never offer end-to-end encryption. So where does that leave WhatsApp?
“Facebook is trying to position themselves as an Apple but so long as they continue to mine data and put user privacy second, they will always be Facebook and that includes their acquisitions such as WhatsApp.”
WhatsApp vs. iMessage
Since Facebook owns WhatsApp, some would liken their end-to-end encryption to Apple’s iMessage which does the same. But this misses the fact that Facebook and Apple hold two very different corporate visions. Both companies have and will continue to work with law enforcement when legal court warrants are presented but only Apple offers guarantees that data on their phones stays on their phones because they cannot access it themselves. And while Facebook does not have access to encrypted data through WhatsApp users, they most certainly have direct access to Facebook user data – many being the very same users of WhatsApp. Facebook is trying to position themselves as an Apple but so long as they continue to mine data and put user privacy second, they will always be Facebook and that includes their acquisitions such as WhatsApp. With so little transparency and clarity on user data policies, what can we do to keep our data private?
Privacy Tips In An Age Of Data Sharing
For starters, always choose a device and operating system that offers end-to-end encryption. Apple devices talking to other Apple devices do this best. Android also offers end-to-end encryption but it’s only software based due to so many different device makers, carrier concessions and implementations. Of course WhatsApp and iMessage offer full encryption but if you use Facebook for email, be sure to enable optional PGP encryption. Better still, use apps like Signal and Telegram. These app makers utilize end-to-end encryption, are available on all major platforms and have a vested interest in keeping the government out of our private business. And even when using encrypted WhatsApp services, users can still be spied upon with tools such as mSpy which sends reports on calls, texts, browsing, and events from WhatsApp. All a hacker has to do is physically have access to your smart phone or computer for a few minutes to install this spy app so stay on top of all your installed apps.
There will never be 100% security and privacy on any device that connects to the Internet but if you are vigilant to update to latest security patches, use encryption where available and be mindful of data privacy policies, you can expect a reasonable amount of data protection for anything you do.
Scott Schober presents at cybersecurity and wireless security conferences for banking, insurance, transportation, construction, telecommunications and law enforcement industries. He has overseen the development of dozens of wireless test, security, safety and cybersecurity products used to enforce a “no cell phone policy” in correctional, law enforcement, and secured government facilities. Scott regularly appears on network news programs including Fox, Bloomberg, Good Morning America, CNN, MSNBC, NPR and many more. He is the author of 'Senior Cyber', 'Cybersecurity is Everybody's Business' and 'Hacked Again', the “original hacker’s dictionary for small business owners” - Forbes Magazine.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nunc dictum aliquet justo sit amet consectetur. In tempor lobortis ante vitae ornare. Praesent feugiat magna at tempor consequat. Aenean in iaculis libero, aliquam imperdiet mi.
Leave a Reply