Facebook-owned messaging platform WhatsApp has introduced end-to-end encryption for backups of chats that its users take on cloud services such as Google Drive or Apple’s iCloud. The move is being looked at as a step towards closing a loophole that allowed user chats to be outside the purview of encryption and could therefore be accessed by a third-party, affecting the user’s privacy. WhatsApp said it has been working on bringing this feature out for years and it will be rolled out by the end of this year.
What is the need for backups to be end-to-end encrypted?
Many users of WhatsApp take backups of their chats, which include text messages, photos, videos and documents shared on the messaging platform. “The content of message chats is valuable to WhatsApp users and WhatsApp offers an in-app backup feature to protect the content in the event a user’s device is lost or stolen; and to enable the transfer of their chat history to a new device,” WhatsApp has noted in a security white-paper on encrypted backups. While WhatsApp’s chat service is end-to-end encrypted, it depended on cloud partners like Google Drive or iCloud to store backups of WhatsApp data. The company had said earlier that once the chats were uploaded to Google Drive or iCloud, they were out of the encryption channel and weren’t private anymore. In several cases, armed with a warrant, law enforcement agencies across the world have been able to gain access to WhatsApp chats through backups stored on these cloud services.
What does a user need to do to encrypt the backups of their WhatsApp chats?
Once the service is rolled out later this year, users will get an option to turn on encryption for their backups. There will always be an option to not backup the chats to ensure that the chats never go out of WhatsApp’s infrastructure. Once a user decides to encrypt the backup, a 64-digit key will be generated — this key will be necessary for the backup to be restored at a later point in time. Here, the user will have two options — either they can store the 64-digit key themselves for safe keeping or use WhatsApp’s new Hardware Security Module-based Backup Key Vault to store their key with a password they can create. It is essential to note that in case the password, the 64-digit key or the device through which the key was generated is lost before the encrypted chat backup is decrypted, the user will lose access to the backup. The encryption of the backup will happen before it is uploaded to one of the two cloud services and will stay there as an encrypted file that will be accessible only with the use of the 64-digit key. When someone wants to retrieve their backups, they enter their password, which is encrypted and then verified by the Backup Key Vault. Once the password is verified, the Backup Key Vault will send the encryption key back to the WhatsApp client. With the key in hand, the WhatsApp client can then decrypt the backups. Alternatively, if a user has chosen to use the 64-digit key alone, they will have to manually enter the key themselves to decrypt and access their backups.
How does this work?
In its security white-paper, WhatsApp has compared the system to a safe deposit vault offered by banks, where one key to a vault is provided to the customer to ensure that no one from the bank can alone open the vault without access to the key given to the customer. “With the introduction of end-to-end encrypted backups, WhatsApp has created an HSM (Hardware Security Module) based Backup Key Vault to securely store per-user encryption keys for user backups in tamper-resistant storage, thus ensuring stronger security of users’ message history,” the company said. The HSM-based vault is a digital equivalent of a physical vault, sitting in one of WhatsApp’s servers, containing the key to the encrypted backup. To ensure resilience, WhatsApp said it will deploy this vault in five data centre sites.
A pertinent point to note is that the encryption for backups is being provided only for online cloud services. “Currently, end-to-end encrypted backups are only supported on a user’s primary device In addition, we recommend that users who opt in to end- to-end encrypted backups also deselect WhatsApp from the apps that are included in their device-level backups We will inform users of the need to do this when they set up their end-to-end encrypted backup in WhatsApp,” the company noted.
What could be the impact of this feature?
In a series of tweets, announcing the new feature, Head of WhatsApp at Facebook Will Cathcart said: “Of course, whenever technologists advance security, some will argue that offering more privacy is bad if it makes it harder for governments to access that information. We believe free societies need the best security to protect people. Billions of people now have sensitive digital information — like their private messages — and that information is at an increasing risk of being stolen by hackers, criminals, and even hostile states themselves”. Governments across the globe, including in India, have been seeking a backdoor into encrypted messaging services such as WhatsApp. In the Information Technology Rules announced earlier this year, the Indian government mandated significant social media intermediaries (those with more than 50 lakh users) to trace the originator of a message that is deemed unlawful. The ability to encrypt the backups could elicit a pushback from governments. “…we’re far from a consensus on this. Some governments continue to suggest using their powers to require companies to offer weaker security. We think that’s backwards: we should demand more security from companies for people’s sensitive information, not less,” Cathcart wrote.