WhatsApp's encryption job is done -- says the billion-user messaging app team. It was helped by Open Whisper Systems, the crypto-heads behind the Signal system, which is what WhatsApp's app now uses for its end-to-end wonderousness.
[Developing story. Updated 8:59 am PT with more comment]
OWS is of course the merry gang run by the be-dreadlocked Moxie Marlinspike, and it's funded with a couple of million dollars of your taxes, via the delicate hand of Hillary while she was at State.
So the guvmint can't spy on WhatsApp communications, yet it stumped up the cash to enable it? That must hurt.
What’s the craic? Cade Metz wants us to Forget Apple vs. the FBI:
WhatsApp, an online messaging service...owned by tech giant Facebook...has grown into one of the world’s most important applications. ... The enigmatic founders...Brian Acton and Jan Koum, together with a...cryptographer who goes by...Moxie Marlinspike, revealed that [they] added end-to-end encryption to [everything] on its service.
All messages, phone calls, photos, and videos. ... On any phone that runs...the latest version of...the app, from iPhones to Android phones to Windows phones to old school Nokia flip phones.
Not even WhatsApp’s employees can read the data. [So] WhatsApp has no way of complying with a court order demanding access. ... The FBI and the Justice Department declined to comment. ... “We’re somewhat lucky here...where we hope that the checks and balances hold out for...decades to come. But in a lot of countries you don’t have these checks and balances,” says Koum. ... “Maybe you want to trust the government, but...you don’t know where things are going...in the future.”
Koum grew up in the Ukraine under Soviet rule...so he has some intimate familiarity with the challenges. [But] it was Acton who first launched an effort to add encryption to WhatsApp. ... “This is something our users wanted.”
It took a team of only 15...to bring encryption to the company’s one billion users. [It's] a new form of asymmetrical resistance to authority.
A billion users is a lot, right? Cyrus Farivar figures it's the most widely used end-to-end crypto tool:
WhatsApp uses the Signal protocol...created by Moxie Marlinspike’s Open Whisper Systems. ... Specifically, WhatsApp uses Curve25519.
[It] is largely thanks to American tax dollars. ... Open Whisper Systems has received a total of $2.25 million from...an umbrella group whose primary funder is the United States government.
Isn't it ironic? Don't you think? Moxie Marlinspike reports the Signal Protocol integration is now complete:
Our goal is to make private communication simple. ... The integration is fully complete...across all WhatsApp clients. This includes...Android, iPhone, Windows Phone, Nokia S40, Nokia S60, Blackberry, and BB10.
Signal [is] a modern, open source, forward secure, strong encryption protocol. ... Once a client recognizes a contact as being fully e2e capable, it will not permit transmitting plaintext. ... This prevents the server or a network attacker from being able to perform a downgrade attack.
It's a free ride. Tim Cushing already paid—WhatsApp Finishes Rolling Out End-To-End Encryption:
More good news on the secure communications front. ... The Justice Department can't be pleased [but] it will likely have more of an impact in other nations [with] fewer privacy-related rights.
[And] agencies are often prone to expanding government power and weakening citizens' rights. ... It might help to keep in mind that people chatted for hundreds of years...and criminals were somehow still arrested and punished.
So we can stop using Signal now? No: It's the good advice from the ACLU's Christopher Soghoian:
Way to go WhatsApp, but I'm not ready to give up Signal. I fear that many of my WhatsApp friends have enabled unencrypted cloud backups.
Bi-partisan legislation...funded WhatsApp's encryption. ... US taxpayers have spent $2.25 mil to develop [it]. An amazing return on our investment. ... Our elected officials in Congress who authorized [it] did us all a favor. Thank you.
Update: But some writers have turned up the hype machine to "eleven". David Meyer, for example, who calls it a Landmark Event:
The news...is nothing short of seismic. ... Before Edward Snowden...few “normal” people were interested in [crypto]. Soon, over a billion of them will be using [it] without even trying.
This marks an enormous victory that few would have predicted. ... Generally speaking, good end-to-end encryption...is a pain to use.
An important factor...is the pedigree of...Moxie Marlinspike. ... The tech is state-of-the-art and uses...“forward secrecy”...so if an attacker steals the key, they cannot decrypt earlier conversations. ... The code is open-source and has been audited.
Government funding...from the same Open Technology Fund that threw cash at Tor. ... This fund came out of a policy, pushed by...Hillary Clinton. ... The same Hillary Clinton who recently called for a “Manhattan-like project” to break encryption.
You have been reading IT Blogwatch by Richi Jennings, who curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Catch the key commentary from around the Web every morning. Hatemail may be directed to @RiCHi or firstname.lastname@example.org.
Opinions expressed may not represent those of Computerworld. Ask your doctor before reading. Your mileage may vary. E&OE.