End-to-End Encryption in Messaging Services and National Security—Case of WhatsApp Messenger

The ubiquity of instant messaging services on mobile devices and their use of end-to-end encryption in safeguarding the privacy of their users have become a concern for some governments. WhatsApp messaging service has emerged as the most popular messaging app on mobile devices today. It uses end-to-end encryption which makes government and secret services efforts to combat organized crime, terrorists, and child pornographers technically impossible. Governments would like a “backdoor” into such apps, to use in accessing messages and have emphasized that they will only use the “backdoor” if there is a credible threat to national security. Users of WhatsApp have however, argued against a “backdoor”; they claim a “backdoor” would not only be an infringement of their privacy, but that hackers could also take advantage of it. In light of this security and privacy conflict between the end users of WhatsApp and government’s need to access messages in order to thwart potential terror attacks, this paper presents the advantages of maintaining E2EE in WhatsApp and why governments should not be allowed a “backdoor” to access users’ messages. This research presents the benefits encryption has on consumer security and privacy, and also on the challenges it poses to public safety and national security.


Introduction
The world is ever changing due to the advancement in the realm of science and technology, and these days it seems hard to escape the presence of technology in

Literature Review and Discussion
In light of this security and privacy conflict between the end users of WhatsApp and government's need to access messages in order to thwart potential terror attacks, this paper seeks to outline the advantages of maintaining E2EE in WhatsApp and why governments should not be allowed a "backdoor" to access users' messages.
Encryption is the scrambling of plaintext messages, turning it into unreadable code that can only be deciphered by those who have the secret key. End-to-End Encryption is one of the most commonly used technologies to secure and send information across the internet. Hardware embedded into phones and computers allows for the random locks and keys that make E2EE only work on the devices involved in the conversation. According to the [4], it is estimated that there were about 276 million internet users in the United States in 2014, and that number is predicted to rise. With this many users, the incentive for hackers to execute attacks and steal personal information increases.
According to a Javelin Strategy and Research Report in 2012, one in every four people who have a breach in their online data becomes a victim of identity theft as a result of that [5]. End-to-End Encryption provides an effective way to prevent these attacks, and if it had been implemented properly by Yahoo Inc., it could have prevented large-scale attacks like the one Yahoo suffered in 2016 and 2013, where almost 500 million, and more than 1 billion accounts were respectively compromised. Governments, and secret services on the other hand are asking encrypted messaging services like WhatsApp to allow them access to their users' data [6].
There is growing risk to public safety as organized crime, terrorists, and child pornographers are drawn to the use of E2EE apps like WhatsApp that are technically impossible to access. According to [7], a defendant in a serious felony case told another individual on a recorded jailhouse call that "end-to-end encryption is another gift from God". Criminal defendants across the United States are benefiting from E2EE while the safety of all other American communities is in peril. However, providing a backdoor would not only be a breach of privacy to WhatsApp users, but creating a way for the authorities to read encrypted messages would also make the system vulnerable to cyber-attacks from criminals and other hackers.
By implementing backdoors, it also means that the service is not truly end-to-end encrypted in the first place. Microsoft Corporation created a backdoor into its popular messaging app Skype, even though its user base knew that Skype was fully endowed with end-to-end encryption technology. However, in 2013 government whistleblower Edward Snowden revealed that the platform did in fact, have a backdoor. This revelation led to a protest of Skype users and an eventual loss of credibility of the application. According to [8], in a response by Senator Ron Wyden regarding the US government's position in seeking encryption backdoor, the senator said in July 2017 that, "the US government does not need the approval of its secret surveillance court to ask a tech company to build an encryption backdoor". The implication is that the government can use its legal authority to secretly ask a US-based company for technical assistance, such as building an encryption backdoor into a product, but can petition the Foreign Intelligence Surveillance Court (FISC) to compel the company if it refuses.
Reference [9], reported a design feature in WhatsApp messaging service that could potentially allow some encrypted messages to be read by unintended recipients. WhatsApp allows undelivered messages to be stored in their servers for up to 30 days before they are deleted. Reference [9] noted that the WhatsApp implementation of the security protocol used in its E2EE allows for the generation of secret keys between communicating parties in a WhatsApp conversation.

However, new keys get generated when a user gets a new phone or reinstalls
WhatsApp. Messages for the user which may have been waiting to be delivered while the user was offline are then re-encrypted and resent automatically by the sender, without the sender having had an opportunity to verify whether the recipient is the person intended to receive the message. A sender is notified after the event if the sender has opted to turn on a notification in settings, but not otherwise. "This re-encryption and resending of previously undelivered messages could potentially allow a third party to intercept and read a user's undelivered messages in a situation where, for example, they had stolen a user's sim card.
When the third party put the stolen sim card in another phone, they could then theoretically collect any messages that had not yet been delivered to the user in Journal of Information Security question." [9]. WhatsApp Inc. has since responded to this claim, saying that the feature in question is a design tradeoff, meant to prevent users from losing their messages if they switch phones or reinstall the app.

Conclusion
While a majority of countries would favor some kind of restriction on access to unrecoverable encryption, there is no global consensus, and the likely outcome is a hodgepodge of national policies. According to [10], "Our research suggests that the risk to public safety created by encryption has not reached the level that justifies restrictions or design mandates". Lewis  while ordinary users would lose the ability to send genuinely private messages [6]. Maintaining E2EE in WhatsApp without an encryption backdoor guarantees genuine privacy in conversations between individuals and group chats. Voice conversations through WhatsApp messenger feel more natural; users are assured that no one is eavesdropping on their conversations, and conversations thus tend to feels more like a face-to-face conversation.