Friday, Apr 19, 2024 | Last Update : 08:06 AM IST
WhatsApp's encryption can be broken
The UK government recently passed the Investigatory Powers Act, forcing tech companies to hand over web histories to them.
WhatsApp, with over one billion daily users, is among the most popular mobile messaging service in the market. The company also prides itself for the security that it offers to those 1 billion users. Through the use of a security protocol by Open Whispers System, WhatsApp earlier this year implemented end-to-end encryption to all the chats taking place on its platform.
WHATSAPP'S END-TO-END ENCRYPTION
However, this has led to public disagreements between tech-companies and governments. In UK specifically, an increasing number of politicians have proposed a ban of such technologies, or even forcing the companies to install “backdoors” that would give the government access to the messages any time they want.
UK GOVERNMENT'S INVESTIGATORY POWERS ACT
A couple of months ago, the UK government passed the Investigatory Powers Act law, that — among other things — forces tech giants to hand their web histories over and even eliminate encryption upon request. Services like WhatsApp are obviously under the bus.
To add to this, privacy advocacy group called Open Rights Group (ORG) released a leaked copy of the draft technical capability notices paper that details how all communications companies will be forced to break their encryption. Furthermore, they will be legally required to create a backdoor for the authorities upon request.
In other words, services like WhatsApp will be forced to break their encryption rules, and even “modify” them to enable intercept and metadata collection. “These powers could be directed at companies like WhatsApp to limit their encryption,” Jim Killock, ORG’s executive director said in a statement.
“The regulations would make the demands that Amber Rudd made to attack end-to-end encryption in reality. But if the powers are exercised, this will be done in secret,” he added.
All the companies or platforms with over 10,000 UK users must “provide and maintain the capability to disclose, where practicable, the content of communications or secondary data in an intelligible form to remove electronic protection applied by or on behalf of the telecommunications operator to the communications or data,” the document read.
"The powers would also limit the ability of companies to develop stronger security and encryption," ORG said in a statement. "They could be forced to run future development plans past the Government."
