WhatsApp warns: it will not break your security for any government
WhatsApp is back in the news for an issue related to security, but in an unusual way, but by statements in which they refuse to weaken the security of the service. This is a threat that is not the first time it has hit the media, but in the United Kingdom it could materialize if a new reform goes ahead and it would not only affect WhatsApp: any encrypted communications software is likely to be harmed.
It all comes down to the new online security law being prepared by the United Kingdom, and which includes provisions to “weaken” the encryption of applications such as WhatsApp. The excuse, of course, is not to spy on its citizens, as they have always liked to do, always in pursuit of security, but to stop certain crimes that are committed under the cover of technology. To unnerve the staff, the example used has been the abuse of minors.
According to the authorities, much of the pedophile material that circulates on the Internet does so, in effect, through communications platforms with end-to-end encryption, the most powerful known. And, of course, only by “weakening” that encryption can this type of crime be combated, one of the most rejected in society. This being the case, who would not agree to collaborate with such a laudable initiative?
Anyone who has half a brain and knows about the desire for surveillance and control of governments around the world, as has been demonstrated since the Internet became popular. Since Edward Snowsen slapped them in the face with the PRISM scandal, nothing has ever been the same.
Responding to questions from the BBC regarding the new security law in the United Kingdom, Will Cathcart, CEO of WhatsApp, could not have been clearer about it: they will not reduce the security of the service to please any government. Or what is the same, they will not “weaken” the encryption to favor the intervention of the authorities. But for a simple reason, which is why I put the term in quotes: how do you plan to do it?
Of the parties pushing for it, and there are more apart from the government, none knows or dares to say how they would do it. Not to mention that it is not the first time that the governments of half the world have the same desire to break the encryption to spy on everything that moves. In this case, the stated intention would be to scan people’s private messages on WhatsApp for pedophile material, but how?
According to Cathcart’s declarations, it is understood that it would be a matter of implementing some method that would carry out this client-side scanning, the only one possible since only the sender and the sender can see the content of the conversation in end-to-end encrypted services. “Client-side scanning may not work in practice,” says Cathcart, without further details.
Until now, all the official initiatives that have taken place in this sense, that of breaking the encryption of communication tools, had revolved around introducing backdoors in the code and sharing them with governments, but, at least on paper , the developers have always refused due to the potential security risks that this implies (without going any further, the exploitation of these vulnerabilities by cybercriminals), let alone discovering the cake.
The complete response of the CEO of WhatsApp, however, is not at all optimistic for the users of the application and their rights: «yesIf we had to reduce the security of the world, to meet the requirements in one country, that… would be stupid to accept, making our product less desirable to 98% of our users due to the 2% requirementssays Cathcart, who says he is willing to exit the UK market before that happens.
Would they dare that much? What if the United States does the same? Would they also leave it aside? And Europe? Then it would no longer be 2% of the WhatsApp user base, but much more. Would all it takes to “weaken” WhatsApp encryption would be for more governments to claim it? It should be remembered that WhatsApp is owned by Facebook (Meta) and we already know how Mark Zuckerberg’s company spends it when it comes to respecting the privacy of its users, among other issues.