WhatsApp to let users store encrypted backups to cloud

WhatsApp announced it will allow users of the popular Facebook-owned messaging service to store end-to-end encrypted backup copies of their messages to the cloud, adding a new layer of protection from prying eyes.

Facebook CEO Mark Zuckerberg revealed the new feature Friday. A whitepaper released by WhatsApp, which his social networking company bought for billions in 2014, said it will become available to users later in 2021.

WhatsApp already uses end-to-end encryption to secure messages exchanged by its users, effectively making that data indecipherable to anybody besides the intended recipient and sender, including the company itself.

Currently, WhatsApp users can store copies of their data with third-party online storage lockers, but those messages and media are not protected with end-to-end encryption. That is now set to change soon, however.

“We’re adding another layer of privacy and security to WhatsApp: an end-to-end encryption option for the backups people choose to store in Google Drive or iCloud,” Mr. Zuckerberg announced from his Facebook page.

WhatsApp is the first global messaging service at this scale to offer end-to-end encrypted messaging and backups, and getting there was a really hard technical challenge that required an entirely new framework for key storage and cloud storage across operating systems,” Mr. Zuckerberg added.

End-to-end encryption safeguards data from unauthorized third-parties by essentially making it difficult to impossible to decipher without knowing a digital key held by the sender or recipient.

The whitepaper released by WhatsApp explained that soon users will be able to create backup copies of their data from their devices that are encrypted using a locally generated key and then uploaded to the cloud.

“The key to encrypt the backup is secured with a user-provided password. The password is unknown to WhatsApp, the user’s mobile device cloud partners or any third party,” reads a portion of the technical document.

“Because the backups are encrypted with a key not known to Google or Apple, the cloud provider is incapable of reading them,” reads another excerpt.

The new feature is likely to irk authorities who have previously relied on serving subpoenas to cloud providers in order to procure unencrypted copies of WhatsApp communications potentially otherwise unobtainable.

In one noteworthy example, a main figure in the federal investigation into Russian interference in the 2016 U.S. presidential election was accused of witness tampering after the government saw his WhatsApp messages.

Paul Manafort, the one-time chairman of former President Donald Trump’s successful 2016 campaign, was on house arrest in 2018 awaiting trial for fraud charges when the government was able to glean his WhatsApp data.

In a court filing that February, the U.S. Department of Justice cited several WhatsApp messages that showed Manafort had recently used the service to contact two unidentified associates regarding foreign lobbying.

While the messages sent by Manafort were end-to-end encrypted, he stored an unencrypted backup copy of his data on his iCloud account, which the Justice Department was able to legally access with a court order.

Both people contacted by Manafort over WhatsApp – and therefore able to decipher his end-to-end encrypted communications – also provided his messages to the government, the Justice Department explained previously.

WhatsApp currently boasts more than 2 billion users spanning over 180 countries. All messages, calls, video chats and media sent on WhatsApp have been end-to-end encrypted since 2016, according to the company.

“Our primary focus is on protecting people’s messages,” said Will Cathcart, the head of WhatsApp. “Of course, whenever technologists advance security, some will argue that offering more privacy is bad if it makes it harder for governments to access that information,” he added.

In a series of posts made from his verified account on the social media service Twitter, Mr. Cathcart stated WhatsApp‘s stance on security and acknowledged some of the conflicting views expressed by others.  

“We believe free societies need the best security to protect people. Billions of people now have sensitive digital information — like their private messages — and that information is at an increasing risk of being stolen by hackers, criminals, and even hostile states themselves,” said Mr. Carthart.

“By far the main feedback we hear is that they want WhatsApp and others to collect even less data and offer even more privacy,” he continued. “Yet we’re far from a consensus on this. Some governments continue to suggest using their powers to require companies to offer weaker security. We think that’s backwards: we should demand more security from companies for people’s sensitive information, not less.”

Sign up for Daily Newsletters

View original article

Scroll to Top