Whatsapp, e2e encryption and the Government

When rumours and fake news get propagated by mischief mongers, the medium used for such propagation cannot evade responsibility and accountability. If they remain mute spectators they are liable to be treated as abettors and thereafter face consequent legal action.

via Whatsapp told to find more effective solutions

The demands to lift e2e encryption on Whatsapp and other platforms continue to increase. This is not a good thing. Whatsapp has issued a statement that they will preserve e2e encryption:

“We remain deeply committed to people’s privacy and security, which is why we will continue to maintain end-to-end encryption for all of our users,” the company said


This got me thinking what the actual brouhaha is about. The truth is: Facebook doesn’t have to stop the e2e encryption to actually determine / help the authorities from accessing the unencrypted content of Whatsapp messages. There are 2 key parts for the Government to get access to messages:

  • Metadata collected by Facebook (phone numbers, groups and phone numbers in groups)
  • Backups of Whatsapp messages to iCloud / Google Drive

Metadata from Whatsapp > Facebook: Facebook already collects metadata from Whatsapp messages. And knows which phone numbers communicate with whom and which phone numbers are members of groups. (Facebook also uses this to aggressively grow their own social graph in Whatsapp-popular countries like India.)

Backups of Whatsapp messages to online cloud: If you notice, Whatsapp has been aggressively pushing backup of messages recently. Apart from the user benefit of backing up Whatsapp messages, photos etc., it adds an interesting dynamic:

Whatsapp FAQ (Restoring your chat history)

Media and messages you back up aren’t protected by WhatsApp end-to-end encryption while in Google Drive.

On iOS

Media and messages you back up aren’t protected by WhatsApp end-to-end encryption while in iCloud.

So, the merits of e2e encryption is lost even if one of the folks in your group is backing up their content because the Government can easily request the metadata and then just look for backups of the content from any of the phone numbers associated with a group.

If you are really using Whatsapp for e2e encryption, beware of what’s promised. Try using Signal instead.