Devs Ramp Up Security in Wake of FBI iPhone Unlock Fight

Well done, FBI. In its fight to kill encryption-based privacy and security, public awareness is on the rise, and now WhatsApp expanded its built-in encryption to all supported devices all the time. The end result is that everyone—honest people and criminals alike—have yet another way to keep their private conversations from snoopy friends, bad guys, and the government.

WhatsApp gives all users end-to-end encryptionWhatsApp gives all users end-to-end encryption

WhatsApp is a messaging app similar to Apple's own Messages that keeps conversations encrypted and private. The developers added end-to-end encryption for Android users in late 2014, but iPhone and iPad users weren't included in the WhatsApp privacy circle at the time. That changed this week with the announcement that all WhatsApp users, regardless of platform, now have end-to-end encryption available and active by default.

The change is great news for anyone who wants their conversations kept private when Apple's iMessage platform isn't an option, meaning chats with anyone who isn't using an Apple product. As of now, however, all WhatsApp users are on the same playing field. The company said in a blog post,

We've completed a technological development that makes WhatsApp a leader in protecting your private communication: full end-to-end encryption. From now on when you and your contacts use the latest version of the app, every call you make, and every message, photo, video, file, and voice message you send, is end-to-end encrypted by default, including group chats.

The announcement comes in the wake of the FBI's very public fight to try to force Apple to create a less secure version of iOS that bypasses the security measures blocking brute force attacks on lockscreen passcodes. Working around those security features would give the FBI, or anyone else who got their hands on the code, a relatively easy way to get at all the encrypted data on our iPhones and iPads, including photos, contacts, and chats.

The FBI was able to obtain a court order compelling Apple to create the software, but the company filed a motion to vacate the order along with a formal objection. Apple said the FBI was looking to set a precedent where the government could force companies to make tools to circumvent their own device security and encryption measures, and that there wasn't any legal authority to do so.

The San Bernardino fight was dropped when the FBI found an unnamed company with the ability to work around the iPhone's passcode. The DOJ and FBI are refusing to give Apple any details about the exploit, leaving potentially millions of iPhones susceptible should the technique leak.

Next up: Blocking the backdoors

Blocking the backdoors

According to FBI director James Comey, encryption without a backdoor keeps law enforcement from doing its job because criminals and terrorists can "go dark" and communicate undetected. While it's true some illegal activity is going undetected thanks to encryption, any backdoors or intentional security weaknesses companies build into their products will be available to anyone, and not just the government. The end result is that the very people and organizations the DOJ wants to protect us from would have access to our chats, credit card transactions, and more.

There also isn't any way to force people to use only the products and services with the backdoors the government wants. That's where apps like WhatsApp come in: they offer encryption outside of the products they're used on, and as such give people a way to stay encrypted regardless of the mandated backdoors those devices may have in place.

"Encryption is one of the most important tools governments, companies, and individuals have to promote safety and security in the new digital age," the WhatsApp team said. "Recently there has been a lot of discussion about encrypted services and the work of law enforcement. While we recognize the important work of law enforcement in keeping people safe, efforts to weaken encryption risk exposing people's information to abuse from cybercriminals, hackers, and rogue states."

WhatsApp enhanced its encryption, and more apps will do the sameWhatsApp enhanced its encryption, and more apps will do the same

The government could try to force WhatsApp to shut off its encryption, which is something that could be in the works soon. The WhatsApp developers don't have any way to encrypt individual chats, so the DOJ is considering seeking a court order forcing the company to shut it off, letting them collect data as part of a wire tap warrant.

Should the DOJ succeed, criminals, hackers, people trying to legitimately avoid government persecution, and average people who simply don't want their government snooping in their private lives would just move to another app that still offers full end-to-end encryption. The government would be no better off than it was before and the people they want to nab would still have their encryption, just from a different app.

Instead of getting its encryption work around, the FBI has raised awareness around encryption and privacy, and we'll likely see more companies beefing up the safeguards in their products. Apple has already confirmed it's continuing to pursue stronger security for the Mac, iPhone, and iPad. Google, Facebook, Amazon, Microsoft, and several other companies threw their support behind Apple in its fight with the FBI and are likely doing the same.

The DOJ, FBI, and even Congress may eventually force companies to cripple security features, but for every product that loses the protection and privacy encryption provides, another will pop up to take its place. Good luck with that, FBI.