Skip to main content

Why interception of WhatsApp and Facebook Messenger isn't just flawed, it's dangerous

(Image credit: Image Credit: Methodshop / Pixabay)

There have been a number of articles in the press recently on how the UK government has agreed with social media platforms like Whatsapp and Facebook to share user's encrypted messages with police. While it's true that GCHQ and various civil servants have been trying to push for interception capabilities on these platforms for a while now, despite the headlines, nothing has actually been agreed. This is down to two main problems: that encryption doesn't work that way, and that the proposal is dangerous for users and providers.

To understand these core issues, let's have a look at how encryption works on popular social media platforms, and then how the proposed intercept capabilities would change things.

How end-to end encryption works

Let's look at Whatsapp as an example, at a simplified, high level. When you first load up Whatsapp, it generates some keys on your phone to manage the encryption. The two most important are your public key, and private key. Your private key is used to create your public key, and your public key is what you share with other people.

When I add you as a contact, Whatsapp saves a copy of your public key. Similarly, when you add me as a contact, you get a copy of my public key.

When I want to send you a message, I encrypt the message with your public key. When you recieve this message, you use your private key to decrypt it.

Similarly, when you send me a message, you encrypt it with my public key, and I encrypt the message with my private key. 

There's some more complexity going on under the covers, but this is fundamentally how Whatsapp, and other social media platforms that use public key cryptography, work.

This is called end-to-end encryption, because no matter which servers transmit our communication, it remains encrypted between the end points - you and me. Only we can decrypt our conversation.

Why any sort of interception is currently impossible - by design

Officials from GCHQ have spoken of "virtual crocodile clips", as if encrypted communications function just like our old phone lines, and can be easily "tapped". The reality is that only the people involved in a conversation can decrypt the messages. This isn't a choice, or a whim from the social media platforms - this is the core design principle of these protocols to ensure safe and secure communications.

As you can see from this Whatsapp example, because only the two people talking to each other can encrypt and decrypt the messages, no-one else can read them. This has always been a huge selling point to users of the system - they get to control their data, and their communications. The users choose who to share their data with, and who to talk to, and - by design - this can't be subverted by the platform.

How the proposed interception breaks things

There are two main proposals to allow interception of encrypted messages that are being pushed by governments and intelligence agencies.

The first breaks the encryption and communication protocols. It requires the social media platform to keep their own, "master" encryption keys. Instead of encrypting messages with just the recipient's public key, each message is also encrypted with the platform's master key. In the case of Whatsapp, this would mean Facebook would store and manage master keys, and could decrypt your messages at will.

This is actually how consumer BBM worked, with all BBM communications routed through Blackberry's operation centre in Canada. Blackberry encrypted everything with global encryption keys alongside user's public keys, allowing them to decrypt messages on behalf of law enforcement as required. BBM Enterprise, on the other hand, ran from your own organisation's servers, with your own encryption keys, and so couldn't be decrypted by Blackberry or anyone else outside your organisation.

For any end-to-end encryption platform that hasn't been designed this way from the start, though, this breaks things at a fundamental level. There is a large cost involved in the level of work to rewrite any platform to support this sort of interception, and companies - quite rightly - are refusing to foot the bill. Why should they rewrite something that works, and is successful?

The second proposal is to have a "ghost user" be part of every conversation. This means that every encrypted conversation would actually be a group chat, comprised of you, me, and the extra "ghost user". This ghost user would be managed by either the platform owner, or else an intelligence agency. Exactly who hasn't been clearly defined yet, mostly because neither agencies like GCHQ, nor platform owners like Facebook, want to foot the enormous costs for running a system like this.

Both of these proposals break the core security of the platform: firstly, by exposing a "back door" into all conversations, and secondly, by removing the trust users have in the platform.

Any backdoor or third party access to a system will be found out and exploited. We have had dozens of examples over the years, but perhaps the most relevant was in 2004, involving Vodafone's network in Greece. As with all telephony companies, Vodafone used telephone exchanges which supported "lawful interception": i.e. the ability to intercept communications when requested by law enforcement.

The trouble is, once these capabilities are built in to a system, as soon as someone else finds out how to use them, they get all the interception capabilities that law enforcement have. This is exactly what happened in Greece: attackers managed to get access and install rogue wiretaps, and were able to listen in on conversations involving politicians and defence staff.

First Blackberry, and then Apple, have been able to make it a unique selling point of their platforms that they are private and secure. Privacy and security are important issues that consumers care about. Any company that is exposed to be intercepting their user's communications will be committing business suicide - user's will lose faith in the platform, and there will be no shortage of vendors lining up to take advantage.

These aren't new issues - ever since Phil Zimmerman released PGP in 1991, governments across the globe have been complaining that secure, encrypted communications will stop law enforcement from doing their jobs, and will encourage a rise in terrorism and organised crime. Almost thirty years on, and although we're still having the same conversations, it doesn't look like the argument will be resolved any time soon.

Tom Kranz, Cybersecurity consultant