Just a few days after the ProPublica bombshell report that revealed that Facebook pays teams of contractors around the world to read through WhatsApp messages and moderate the content therein — reading and moderating their supposedly private messages, the Facebook-owned messaging service WhatsApp announced Friday that it will now let its more than 2 billion users fully encrypt the backups of their messages, in a way taking a significant step to put a lid on one of the tricky ways private communication between individuals on the app can be compromised.
WhatsApp has end-to-end encrypted chats between users for more than a decade. But users have had no option but to store their chat backup to their cloud — iCloud on iPhones and Google Drive on Android — in an unencrypted format. Tapping these unencrypted WhatsApp chat backups on Google and Apple servers is one of the widely known ways law enforcement agencies across the globe have for years been able to access WhatsApp chats of suspect individuals.
Now WhatsApp says it is patching this weak link in the system.
“WhatsApp is the first global messaging service at this scale to offer end-to-end encrypted messaging and backups, and getting there was a really hard technical challenge that required an entirely new framework for key storage and cloud storage across operating systems,” said Facebook’s chief executive Mark Zuckerberg in a post announcing the new feature.
If someone creates a password tied to their account’s encryption key, WhatsApp will store the associated key in a physical hardware security module, or HSM, that is maintained by Facebook and unlocked only when the correct password is entered in WhatsApp. An HSM acts like a safety deposit box for encrypting and decrypting digital keys.
Once unlocked with its associated password in WhatsApp, the HSM provides the encryption key that in turn decrypts the account’s backup that is stored on either Apple or Google’s servers. A key stored in one of WhatsApp’s HSM vaults will become permanently inaccessible if repeated password attempts are made. The hardware itself is located in data centers owned by Facebook around the world to protect from internet outages.
The system is designed to ensure that no one besides an account owner can gain access to a backup, the head of WhatsApp, Will Cathcart, reiterated. He said the goal of letting people create simpler passwords is to make encrypted backups more accessible. WhatsApp will only know that a key exists in a HSM, not the key itself or the associated password to unlock it.
The move by WhatsApp comes as governments around the world like India — WhatsApp’s largest market — are threatening to break the way that encryption works. “We expect to get criticized by some for this,” Cathcart said. “That’s not new for us … I believe strongly that governments should be pushing us to have more security and not do the opposite.”
WhatsApp’s announcement means the app is going a step further than Apple, which encrypts iMessages but still holds the keys to encrypted backups; that means Apple can assist with recovery, but also that it can be compelled to hand the keys over to law enforcement. Cathcart said WhatsApp has been working on making encrypted backups a reality for the past couple of years, and that while they are opt-in to start, he hopes, over time, to “have this be the way it works for everyone.”