Be Careful What You Say
No matter how well-meaning the motivation, surrendering our privacy would paralyze us. ILLUSTRATION: ELENA LACEY; GETTY IMAGES
Encryption Has Never Been More Essential—or Threatened
As we communicate more digitally, governments encroach more on our privacy. End-to-end encryption cannot be taken for granted: by Will CathCart - Head of Whatsapp Via Wired Magazine.
FIVE YEARS AGO today, WhatsApp completed our roll out of end-to-end encryption, which provides people all over the world with the ability to communicate privately and securely. This was a technical achievement decades in the making, a vision first imagined by Stanford mathematicians Whit Diffie and Martin Hellman, who in 1975 developed the underlying cryptography we rely on today. In the past five years, WhatsApp has securely delivered over 100 trillion messages to over 2 billion users. During the height of the global pandemic lockdown, end-to-end encryption protected people’s most personal thoughts when it was impossible to come together in person. End-to-end encryption is now the way most messages are sent globally. Much as you might expect this technology to always secure our personal communications, we cannot take end-to-end encryption for granted. There remains serious pressure to take it away. Elected officials in Europe have recently called for companies to build ways to break into their own encryption. In India, regulators have published new rules for messaging services that would undermine people’s ability to have a private conversation. Brazil’s Supreme Court may soon decide whether the government can shut off encrypted messaging services, in a case that started after a Facebook executive was arrested for not providing police with messages we could not access. Any of these steps could alter the course of the internet at a time when people need strong security more than ever. Technical as encryption can be, it is really about something at the very core of how we live our lives today: Should people be able to have a private conversation when they are not together in person? I believe the answer must be yes. People speak to each other privately in person all the time. As human beings we’re wired to assume that when we’re talking to someone face to face, our conversation is private. We shouldn’t give that up. The lessons of the past five years make it absolutely clear that technology companies and governments must prioritize private and secure communication. End-to-end encryption helps solve a fundamental problem of how the internet evolved. While the WhatsApp you see on your phone or desktop looks simple, it’s the product of decades of investment. Chats and calls are automatically routed via a global network of data centers and traverse cell towers and mobile networks built by carriers using hardware of various designs. These real-time networks provide enormous benefits, but only if we can overcome the security challenges of relying on this patchwork of technology. The more interconnected we are, the more corporations, criminals, and authoritarian governments can find new ways to access what we write and say. The stakes are not just a matter of personal, financial, or reputational risk for the few. Given the reliance on global communication by nearly every economy on the planet, how technology is built impacts people everywhere in different ways. In many parts of the world, people live in fear that the real-time networks they rely on will be used by authoritarian governments to oppress them. Sadly, the same technology that makes it easier for dissidents to speak up also makes it easier for dictators to crack down. Saudi Arabia and many other countries rely on commercial digital espionage services to track, jail, and even kill journalists, including outside their own nation. They are receiving help from unaccountable foreign companies selling hacking services to governments on multiple continents without any regard for the consequences to people’s human rights. And of course one country has chosen to build its internet in a way that’s designed to eliminate privacy. The leading messaging service in China relies on automatic filters to censor conversations. Fearful of their phones, people try workarounds by chatting with emojis, GIFs, and innuendo.
Given the global nature of the internet, the decisions some countries make affect us all. Foreign powers have already stolen personal data tied to half of all Americans. In the last six months, we’ve seen devastating attacks on the servers of major companies and governments that continue to use unsecure email. The consequences of these attacks can play out over the course of a lifetime.
For most of human history, we have felt free to confide in one another about our families, our work, our hopes, and our fears. That sense of freedom comes from the knowledge that once our words left our lips, they weren’t recorded.
But if nothing online is private, and every conversation today is online, then no conversation is private. That would leave us with two choices: Either we communicate face-to-face, or we surrender any expectation that we’re alone.
That’s not a realistic way to live. We carry and check our phones from the moment we wake up to the moment we go to sleep. In an emergency, your phone is probably one of the first things you’d grab.
Just because we have vastly improved the technology that lets us communicate with people far away doesn’t mean our privacy should go away. Machines today might make it possible for someone else to see and hear what we’re doing and what we’ve said, but that doesn’t mean they should.
That’s what makes end-to-end encryption so valuable. As complex and advanced as it is, the idea behind it is thousands of years old. Early cryptography made it possible for people to communicate securely, but only if they had already exchanged a secret “key” ahead of time.
But that’s not practical in today’s world. Exchanging secret “keys” with everyone you know ahead of time and tracking those keys yourself would be tedious at best. Modern technology has made this seamless. The end-to-end encryption WhatsApp uses automatically exchanges the “key” directly on the sender’s and recipient’s physical devices and nowhere else. Every single message has its own separate lock and key.
It’s no surprise, then, that many technology companies have added end-to-end encryption, and that since the pandemic started, several more have scrambled to upgrade their systems to protect the growing volume of critical communication happening digitally. Knowing that you can communicate confidentially beyond the sound of your voice matters. It makes it possible for doctors to see patients remotely, helps militaries protect operational secrets, supports people building businesses, and protects journalists bringing important information to light. It also makes it possible for us to have the most private conversations with the people we care about, confident that we can speak our mind to the people closest to us without fear that someone is listening in. End-to-end encryption locks tech companies out of particularly sensitive information, and for good reason. In 2019, the Justice Department filed charges in a case where people connected to Saudi Arabia were allegedly spying on dissidents using internal access tools. With end-to-end encryption, even employees do not have the ability to access private messages, for any purpose. This has caused frustration with governments who want tech companies to provide private messages under legal process. Some governments are honestly trying to fight crime and looking to the dramatic increase in technology in our lives as a potential source of new evidence. Their criticism is that end-to-end encryption makes it harder for law enforcement to find evidence of a crime, and harder for companies to monitor people’s calls and messages to refer to law enforcement. But this is looking at a problem in isolation. It was never possible or easy to access most people’s private conversations when they were happening physically instead of digitally. We should not assume that just because technology makes something easier to do, we should do it. We intuitively understand this when we think of physical spaces. Some of the most tragic crimes happen in the privacy of people’s homes. That doesn’t mean we would let the government put a surveillance camera in every house with a remote-controlled on/off switch. For the same reason, we should not build a means to silently monitor billions of private conversations just because we could. The reason it was technically possible to wiretap a phone conversation was because listening in was as simple as physically placing clips on a wire. We’ve all seen that scene in the movie. But a digital version of this capability is far too dangerous. Building a way to see one message makes it possible to see them all. And with the right access and sophistication, a hacker or foreign adversary could do something that has never been possible in human history: steal every conversation at once across billions of people. That’s far too great a risk.
There are still ways of preventing or addressing harm without breaking encryption. WhatsApp, for example, can and does provide unencrypted account information to authorities, including metadata, to assist investigations when required by law. We made over 400,000 reports to child safety authorities last year and people have been prosecuted as a consequence. We respond quickly when people report illegal behavior. And by employing sophisticated techniques to analyze metadata, user reports, and other unencrypted information, we ban millions of dangerous accounts every year. We’re constantly getting better at our efforts.
We should also consider all the other digital information governments have access to and not look at an individual app in a silo. Even in a world where private conversations are secure, law enforcement has access to a dramatically increasing volume of information. The digital trails we all leave are so vast that law enforcement can even use warrants to figure out everyone who was in a certain place at a certain time. Breaking encryption would make us less safe for a simple reason: Every time you build a weakness into a security system, you create a magnet for intruders. This has been tried in the past and failed. An intentional weakness built into routing software provided by Juniper Networks, purportedly to advantage the US government, was later discovered and exploited by foreign powers. Governments are demanding companies build a special key to access private messages. But once the key to your messages is created, can you guarantee it won’t be copied? Are you confident that a hacker or a foreign spy won’t steal it, or that your government won’t lose it? Once that key opens a back door, how do you know a criminal won’t sneak inside? And even if a government keeps the key safe, should we trust them not to mishandle the messages we send? In recent years, even government agencies have fallen victim repeatedly to infiltration. In 2015 hackers from the Chinese military compromised the information of more than 22 million public servants. The sensitive data collected for background checks could be used to embarrass or blackmail US government officials. In June a data vendor for law enforcement officials, so-called “BlueLeaks,” spilled personal data of American citizens dating back to 1996, including people who never committed any crime. Given the stakes, governments should be demanding that technology companies provide people with the strongest security possible. In many ways, the pandemic accelerated the reality that in the years to come, our lives, livelihoods, and safety will rely on technology even more than they do today. Will we be able to have a private conversation, or will someone always be listening in? The choice we make will have lasting consequences for future generations. In the last century, Hannah Arendt helped us understand totalitarianism as the elimination of privacy by the state. I fear that if we abandon or weaken the tools that preserve our privacy and security, censorship will come not from above, but from within. Imagine if your government, or a foreign one, could see every transaction you made, or if your boss could see every text message you wrote or photo you sent. What if your friends could see every question you asked your doctor? That’s the greatest risk of all: No matter how well-meaning the motivation, surrendering our privacy would paralyze us. The power of technology is that it lets us connect at extraordinary speed and scale and democratizes information better than anything ever invented. But if we choose to erode our privacy and security, it will do the opposite. Instead of sharing our ideas, it will shut them down. Instead of bringing us closer together, it will keep us apart. Instead of giving everyone in the world a voice, it will silence us.