WhatsApp Encryption Hullabaloo

Earlier this week, ProPublica caught some flak for an article it published about WhatsApp’s message flagging processes. In summary, ProPublica argued that WhatsApp’s marketing promises about end-to-end encryption were misleading because messages are forwarded to contract moderators when users report a chat. That obviously does not require encryption to be broken or undermine the promises of it being “end-to-end”, but the muddy messaging travelled.

After publications as respected as the Daily Mail picked up the poor interpretation, ProPublica issued what it deemed an “update” but which some Twitter users demanded be called a “retraction” of the original article. I had not read the original story at that point — I have a day job, you know — so I had to wonder how significant the differences were. Using FileMerge, I compared the earliest version in the Wayback Machine to the latest.

I think ProPublica is accurate in calling this a clarification and not a retraction. Most of its original story remains intact, and the little that did change only emphasizes that the moderators only see and review messages that are reported. That detail was present in the original, but it was buried in a longer paragraph.

That is one of the problems with the story as a whole, in fact: it is, in the words of Ted Han, “trying to do too much”. Almost none of the story is about the encrypted contents of messages; instead, it is about their unencrypted metadata:

WhatsApp metadata was pivotal in the arrest and conviction of Natalie “May” Edwards, a former Treasury Department official with the Financial Crimes Enforcement Network, for leaking confidential banking reports about suspicious transactions to BuzzFeed News. The FBI’s criminal complaint detailed hundreds of messages between Edwards and a BuzzFeed reporter using an “encrypted application,” which interviews and court records confirmed was WhatsApp. “On or about August 1, 2018, within approximately six hours of the Edwards pen becoming operative — and the day after the July 2018 Buzzfeed article was published — the Edwards cellphone exchanged approximately 70 messages via the encrypted application with the Reporter-1 cellphone during an approximately 20-minute time span between 12:33 a.m. and 12:54 a.m.,” FBI Special Agent Emily Eckstut wrote in her October 2018 complaint. Edwards and the reporter used WhatsApp because Edwards believed the platform to be secure, according to a person familiar with the matter.

But that is just one of the many stories in this rather dense article. ProPublica’s reporters on this story — Peter Elkind, Jack Gillum, and Craig Silverman — seek to tie together: WhatsApp’s moderation practices, including detecting child exploitation; the company’s privacy policy changes since it was acquired by Facebook; Gen. Michael Hayden’s statement that the U.S. government “kill[s] people based on metadata”; Apple’s CSAM detection efforts; and Facebook’s attempts to improve the privacy of its other services while also expanding its WhatsApp business possibilities. That is a lot to cover in a single article and, predictably, nothing really sticks.

The strange thing is that there has long been a glaring privacy loophole in WhatsApp’s systems that these reporters could have touched on: chat backups are not encrypted. While an investigator with a search warrant may not be able to see the contents of WhatsApp messages from Facebook, they can absolutely gain access through Apple or Google. But that is changing soon with some news Facebook announced today.

Manish Singh and Zack Whittaker, TechCrunch:

In the “coming weeks,” users on WhatsApp will see an option to generate a 64-digit encryption key to lock their chat backups in the cloud. Users can store the encryption key offline or in a password manager of their choice, or they can create a password that backs up their encryption key in a cloud-based “backup key vault” that WhatsApp has developed. The cloud-stored encryption key can’t be used without the user’s password, which isn’t known by WhatsApp.

A reminder that iMessages may be end-to-end encrypted, but iCloud Backups contain the key to decrypt stored messages. A good rule of thumb remains that cloud storage should not be treated the same way you treat a local hard drive. If you have reason to be concerned that your cloud backups might be compromised — this does not have to be for illegal or nefarious reasons — use local backups only.