WhatsApp has announced that it will encrypt all its 600m users' text messages by default, which is a serious stride forward for privacy - and one which will no doubt be criticised by spooks and police worldwide.
The rollout, announced today, was described by the app maker as the "largest deployment of end-to-end encryption ever.” The feature will, it's hoped, safeguard messages from eavesdroppers by encrypting chats between people.
There are limits to Facebook-owned WhatsApp's end-to-end encryption. So far, it only covers text messaging (as opposed to group messages or pictures), it only works on Android, and it remains open to potential man-in-the-middle attacks because there's no way to verify the identity of the person you're messaging.
"We have a ways to go until all mobile platforms are fully supported, but we are moving quickly towards a world where all WhatsApp users will get end-to-end encryption by default," it said.
WhatsApp is estimated to have 600 million monthly active users cranking out billions of messages every day.
The open-source TextSecure software allows two devices to exchange encryption and decryption keys in a way that an eavesdropper and the TextSecure servers cannot crack. Assuming WhatsApp uses the same system, and hasn't compromised it for the feds, WhatsApp can't decrypt messages in transit, and TextSecure encrypts data at rest. It uses Curve25519, AES256, and HMAC-SHA256 to protect chats over the wires.
The software also provides perfect forward secrecy by using new AES keys for each message: if an attacker is able to decrypt one text, past messages cannot be cracked using that unique key.
Apple's iMessage system, according to Cupertino [PDF, page 30], works along the same lines, except Apple manages a central database of public keys: every registered iThing and Mac has its own private-public key, with the public keys stored in the iCloud, and every message sent to someone is encrypted using the public keys for each of the recipient's devices.
This means a message sent to someone can be delivered simultaneously to each of the receiver's devices. If the feds were able to persuade Apple to silently and secretly create an extra public-private key pair for a target, with the g-men holding the private key to decrypt the chatter, well, that's another matter. Apple says it cannot decrypt messages because it doesn't hold users' private keys.
In the bigger scheme of things, simple and everyday messages and personal information wrapped up in hard-to-break encryption may soon become the norm. Up until now, encryption has either required extra effort or technical knowledge, use of a special service, or trusting third parties not to reveal your details even when faced with secret government orders.
Or to put it another way: when you are communicating with your mother or father over encrypted text, it's game over for crims and other miscreants, and a huge headache for the NSA and GCHQ.
US and UK government officials – and even the EU's top cop – accuse technology companies of hindering efforts against terrorism by encrypting data. With the head of the FBI demanding front-door access to encrypted phones, unbreakable encryption is not for the little people, in the authorities' eyes.
And yet Whisper Systems got $455,000 from the US government [PDF, page 17] to fund TextSecure development.
Speaking of money, the founder of WhatsApp, Jan Koum, announced yesterday that he had given $1m to the FreeBSD Foundation.
The Foundation "has helped millions of programmers pursue their passions and bring their ideas to life," he wrote on Facebook. The issue is personal for him: "I started using FreeBSD in the late 90s, when I didn’t have much money and was living in government housing. In a way, FreeBSD helped lift me out of poverty – one of the main reasons I got a job at Yahoo! is because they were using FreeBSD, and it was my operating system of choice. Years later, when Brian and I set out to build WhatsApp, we used FreeBSD to keep our servers running. We still do."
WhatsApp was bought for $19bn by Facebook, with the deal going through last month. ®
You may worry that there's a battery consumption issue, since the app will need to do extra computation on the phone itself to perform the encryption and decryption. But TextSecure is not known to be a power hog.
The chipsets used in today's smartphones and tablets often include electronics to perform encryption and decryption quickly in a power-efficient way, but it's not always supported: the crypto accelerators in Qualcomm's Snapdragon 805, for example, has no publicly available Android drivers, apparently. That processor is used in the Nexus 6 smartphone.