What that means is nobody – not the police, hackers, GCHQ, not even WhatsApp or its owner Facebook – can read the conversations between you and your contacts.
Given the sheer scale of the WhatsApp network this is obviously a major step forward for privacy, with a billion people around the world now secure from snooping. But prepare for a confrontation between WhatsApp and governments which will make the recent battle between Apple and the FBI over unlocking an iPhone look like a mild tiff.
Law enforcement agencies know that a system where they can get access to a suspect’s messages on presentation of a judge’s warrant to a telecoms provider is now broken. They may get the warrant – but WhatsApp will be able to shrug its shoulders and say we don’t have a key. You may suspect that someone is sending obscene images of children or planning a terror attack, but we can’t help you. The police and security agencies believe this makes their job a lot harder.
Many privacy campaigners argue that this is a price worth paying for secure communication, that any backdoor allowing the police access, in extremis, to messages would render that encryption system worthless. Social networks have been buzzing with people supporting the move, with few expressing a contrary view.
One person who does have reservations is Jim Gamble, a former senior police officer whose career spanned anti-terrorism operations and running CEOP, the child exploitation and online protection agency. He told me that when he opened his WhatsApp this morning he was initially pleased to see the message about encryption – “I thought that’s great. I support encryption.”
But then he began to worry about the implications for his former colleagues. In a tweet to me he wrote: “encryption is inevitable and can be a good thing but there must be an appropriately authorised means for law enforcement to access.”
The reaction on Twitter was immediate and hostile. One person said: “Insecure encryption is insecure to everyone. There is no ‘just for the government’ aspect.” Another responded with this: “Back door for one = back door for all.”
In a phone conversation Mr Gamble explained that his view was more subtle than anything which might be expressed in 140 characters. “This is really difficult, and I don’t have the answer.” But he said it was clear to him that WhatsApp would now be the “chosen network” for the kind of predators he used to pursue at CEOP.
He still felt that in the final analysis, with proper legal oversight, law enforcement should be able to ask a telecoms provider like WhatsApp to give access to the communications of a suspected terrorist or child abuser. And, to the argument that this wouldn’t be feasible without giving a backdoor to criminals too he pointed to the FBI’s unlocking of the San Bernardino iPhone: “Nothing’s impossible.”
The problem is that the Apple case involved hardware that was in the possession of the authorities. With end-to-end encryption we are talking about software to which the police or the company itself have no access. Unless WhatsApp and other companies are told simply to switch off the system for selected users, it’s hard to see a solution which would not damage everybody’s privacy.
WhatsApp told me that they recognise the important work of law enforcement in keeping people safe: “We have channels for law enforcement around the world to request information from WhatsApp, including in emergency situations,” a spokesman said.
Last year the Prime Minister made the case for a backdoor in encryption, asking “do we want to allow a means of communication between people which even in extremis, with a signed warrant from the home secretary personally, that we cannot read?” The answer, he made clear, was no, and you can be sure plenty of members of the public support that view. But the encryption genie is out of the bottle – and nobody has come up with a way of putting it back.
