ArticlePDF Available

End-to-End Encryption in Messaging Services and National Security—Case of WhatsApp Messenger

DOI:10.4236/jis.2018.91008
Authors:
Robert E. Endeley
Robert E. Endeley
Robert E. Endeley
  • This person is not on ResearchGate, or hasn't claimed this research yet.
Download full-text PDF
Read full-text
Download citation
Available via license: CC BY 4.0
Content may be subject to copyright.
Journal of Information Security, 2018, 9, 95-99
http://www.scirp.org/journal/jis
ISSN Online: 2153-1242
ISSN Print: 2153-1234
DOI:
10.4236/jis.2018.91008 Jan. 23, 2018 95 Journal of Information Security
End-to-End Encryption in Messaging Services
and National SecurityCase of WhatsApp
Messenger
Robert E. Endeley
Capitol Technology University, Laurel, MD, USA
Abstract
The ubiquity of instant messaging services on mobile devices and their use of
end-to-end encryption in safeguarding the privacy of their users have
become
a concern for some governments. WhatsApp messaging service has emerged
as the most popular messaging app on mobile devices today. It uses end-to-
end
encryption which makes government and secret services efforts to combat o
r-
ganized crime, terrorists, and child pornographers technically impossible.
Governments would like a “backdoor” into such apps, to use
in accessing
messages and have emphasized that they will only use the “backdoor” if there
is a credible threat to national security. Users of WhatsApp have however, a
r-
gued against a “backdoor”; they claim a “backdoor” would not only be an i
n-
fringement of their privacy, but that hackers could also take advantage of it. In
light of this security and privacy conflict between the end users o
f WhatsApp
and government’s need to access messages in order to thwart potential terror
attacks, this paper presents the a
dvantages of maintaining E2EE in WhatsApp
and why governments should not be allowed a “backdoor” to access users’
messages. This research presents the benefits encryption has on consumer s
e-
curity and privacy, and also on the challenges it poses to public safety and n
a-
tional security.
Keywords
Instant Messaging, WhatsApp, End-to-End Encryption, National Security,
Privacy
1. Introduction
The world is ever changing due to the advancement in the realm of science and
technology, and these days it seems hard to escape the presence of technology in
How to cite this paper:
Endeley, R.
E.
(201
8) End-to-End Encryption in Messag-
ing Services and National Security
Case of
WhatsApp Messenger
.
Journal of Inform
a-
tion Security
,
9
, 95-99.
https://doi.org/10.4236/jis.2018.91008
Received:
December 22, 2017
Accepted:
January 20, 2018
Published:
January 23, 2018
Copyright © 201
8 by author and
Scientific
Research Publishing Inc.
This work is licensed under the Creative
Commons Attribution
International
License (CC BY
4.0).
http://creativecommons.org/licenses/by/4.0/
Open Access
R. E. Endeley
DOI:
10.4236/jis.2018.91008 96 Journal of Information Security
our daily lives. Since Smartphones became popular, many messaging services
have been launched. WhatsApp, which has more than 1.3 billion users in over
180 countries today, is a free messaging service owned by Facebook Inc., and has
become more popular than others [1].
In 2009, Brian Acton and Jan Koum created WhatsApp purposely to make
communication and the distribution of multimedia messaging easier and faster
[2]. WhatsApp works with internet connectivity and helps its users to stay in
touch with friends and relatives on their contact list. Apart from making its users
get, and stay connected with each other, it also helps them to create groups, send
images, videos, documents and audios [3].
As more and more people use WhatsApp as a means of communication, the
importance of securing its users’ business or private communications has be-
come more imperative. Users of the app expect a reasonable amount of privacy
for all their communications. To meet this expectation, WhatsApp in 2014 in-
troduced End-to-End Encryption (E2EE) technology. This allows for data be-
tween communicating parties to be secure, free from eavesdropping, and hard to
crack. This technology offers peace of mind to end users because their data are
safe in transit, and third parties or even WhatsApp itself cannot access them;
thus messages can only be decrypted by the recipient. While E2EE guarantees
integrity, security, and privacy, it however, eliminates government surveillance
and its ability to keep the country safe by intercepting terrorist communications.
2. Literature Review and Discussion
In light of this security and privacy conflict between the end users of WhatsApp
and government’s need to access messages in order to thwart potential terror at-
tacks, this paper seeks to outline the advantages of maintaining E2EE in
WhatsApp and why governments should not be allowed a “backdoor” to access
users’ messages.
Encryption is the scrambling of plaintext messages, turning it into unreadable
code that can only be deciphered by those who have the secret key. End-to-End
Encryption is one of the most commonly used technologies to secure and send
information across the internet. Hardware embedded into phones and comput-
ers allows for the random locks and keys that make E2EE only work on the de-
vices involved in the conversation. According to the [4], it is estimated that there
were about 276 million internet users in the United States in 2014, and that
number is predicted to rise. With this many users, the incentive for hackers to
execute attacks and steal personal information increases.
According to a Javelin Strategy and Research Report in 2012, one in every four
people who have a breach in their online data becomes a victim of identity theft
as a result of that [5]. End-to-End Encryption provides an effective way to pre-
vent these attacks, and if it had been implemented properly by Yahoo Inc., it
could have prevented large-scale attacks like the one Yahoo suffered in 2016 and
2013, where almost 500 million, and more than 1 billion accounts were respec-
tively compromised.
R. E. Endeley
DOI:
10.4236/jis.2018.91008 97 Journal of Information Security
Governments, and secret services on the other hand are asking encrypted
messaging services like WhatsApp to allow them access to their users’ data [6].
There is growing risk to public safety as organized crime, terrorists, and child
pornographers are drawn to the use of E2EE apps like WhatsApp that are tech-
nically impossible to access. According to [7], a defendant in a serious felony
case told another individual on a recorded jailhouse call that “end-to-end en-
cryption is another gift from God”. Criminal defendants across the United States
are benefiting from E2EE while the safety of all other American communities is
in peril. However, providing a backdoor would not only be a breach of privacy to
WhatsApp users, but creating a way for the authorities to read encrypted mes-
sages would also make the system vulnerable to cyber-attacks from criminals
and other hackers.
By implementing backdoors, it also means that the service is not truly
end-to-end encrypted in the first place. Microsoft Corporation created a back-
door into its popular messaging app Skype, even though its user base knew that
Skype was fully endowed with end-to-end encryption technology. However, in
2013 government whistleblower Edward Snowden revealed that the platform did
in fact, have a backdoor. This revelation led to a protest of Skype users and an
eventual loss of credibility of the application. According to [8], in a response by
Senator Ron Wyden regarding the US government’s position in seeking encryp-
tion backdoor, the senator said in July 2017 that, “the US government does not
need the approval of its secret surveillance court to ask a tech company to build
an encryption backdoor. The implication is that the government can use its le-
gal authority to secretly ask a US-based company for technical assistance, such as
building an encryption backdoor into a product, but can petition the Foreign
Intelligence Surveillance Court (FISC) to compel the company if it refuses.
Reference [9], reported a design feature in WhatsApp messaging service that
could potentially allow some encrypted messages to be read by unintended reci-
pients. WhatsApp allows undelivered messages to be stored in their servers for
up to 30 days before they are deleted. Reference [9] noted that the WhatsApp
implementation of the security protocol used in its E2EE allows for the genera-
tion of secret keys between communicating parties in a WhatsApp conversation.
However, new keys get generated when a user gets a new phone or reinstalls
WhatsApp. Messages for the user which may have been waiting to be delivered
while the user was offline are then re-encrypted and resent automatically by the
sender, without the sender having had an opportunity to verify whether the reci-
pient is the person intended to receive the message. A sender is notified after the
event if the sender has opted to turn on a notification in settings, but not other-
wise. “This re-encryption and resending of previously undelivered messages
could potentially allow a third party to intercept and read a user’s undelivered
messages in a situation where, for example, they had stolen a user’s sim card.
When the third party put the stolen sim card in another phone, they could then
theoretically collect any messages that had not yet been delivered to the user in
R. E. Endeley
DOI:
10.4236/jis.2018.91008 98 Journal of Information Security
question.” [9]. WhatsApp Inc. has since responded to this claim, saying that the
feature in question is a design tradeoff, meant to prevent users from losing their
messages if they switch phones or reinstall the app.
3. Conclusion
While a majority of countries would favor some kind of restriction on access to
unrecoverable encryption, there is no global consensus, and the likely outcome is
a hodgepodge of national policies. According to [10], “Our research suggests
that the risk to public safety created by encryption has not reached the level that
justifies restrictions or design mandates. Lewis
et al.
further went on to say,
“The encryption issue that law enforcement faces, while frustrating, is currently
manageable”. Communications privacy is a key element of human rights in the
digital era, and developments affecting it ought to be reported. Ultimately, re-
moving WhatsApp E2EE would not be the solution, as criminals could create
their own, similar software that would allow them to communicate securely,
while ordinary users would lose the ability to send genuinely private messages
[6]. Maintaining E2EE in WhatsApp without an encryption backdoor guarantees
genuine privacy in conversations between individuals and group chats. Voice
conversations through WhatsApp messenger feel more natural; users are assured
that no one is eavesdropping on their conversations, and conversations thus
tend to feels more like a face-to-face conversation.
References
[1] Yeboah, J. and Ewur, G. (2014) The Impact of WhatsApp Messenger Usage on Stu-
dents Performance in Tertiary Institutions in Ghana.
Journal of Education and
Practice
, 5, 157-164.
[2] Sarker, G.R. (2015) Impact of WhatsApp Messenger on the University Level Stu-
dents: A Sociological Study.
International Journal of Natural and Social Sciences
, 2,
118-125.
[3] Jisha, K. and Jebakumar (2014) A Trend Setter in Mobile Communication among
Chennai Youth.
IOSR Journal of Humanities and Social Science
(
IOSR-JHSS
), 19,
01-06.
[4] Central Intelligence Agency (2017) The World Factbook. Country Comparison, In-
ternet Users.
https://www.cia.gov/library/publications/the-world-factbook/rankorder/2153rank.h
tml
[5] Pascual, A. (2013) Data Breaches Becoming a Treasure Trove for Fraudsters, 2013
Identity Fraud Report.
https://www.javelinstrategy.com/coverage-area/2013-identity-fraud-report-data-bre
aches-becoming-treasure-trove-fraudsters
[6] Michalas, A. (2017) How WhatsApp Encryption Works—And Why There Shouldnt
Be a Backdoor. The Conversation.
https://theconversation.com/how-whatsapp-encryption-works-and-why-there-shou
ldnt-be-a-backdoor-75266
[7] District Attorney New York County (2005) Going Dar: Encryption, Technology and
the Balance between Public Safety and Privacy. District Attorney New York County,
R. E. Endeley
DOI:
10.4236/jis.2018.91008 99 Journal of Information Security
Washington DC.
[8] Whittaker, Z. (2017) US Says It Doesn’t Need Secret Court’s Approval to Ask for
Encryption Backdoors.
http://www.zdnet.com/article/us-says-it-does-not-need-courts-to-approve-encrypti
on-backdoors
[9] Ganguly, M. (2017) WhatsApp Design Feature Means Some Encrypted Messages
Could Be Read by Third Party.
https://www.theguardian.com/technology/2017/jan/13/whatsapp-design-feature-en
crypted-messages
[10] Lewis, J., Zheng, D. and Carter, W. (2017) The Effect of Encryption on Lawful
Access to Communications and Data. Center for Strategic & International Studies.
A Report of the CSIS Technology Policy Program.
... The research team excluded all participants who did not sign the consent form that presented the study agreement, or anyone who was not fulfilling the other inclusion criteria The WhatsApp mobile application was used to communicate throughout the study because it is one of the most common messaging methods used in Saudi Arabia and is widely accepted. WhatsApp also has end-to-end encryption for maintaining participants' confidentiality [15]. The sample size was calculated using RCT with two independent samples, continuous outcomes, and a two-tailed hypothesis formula [16]: ...
The effects of social media (Snapchat) interventions on the knowledge of oral health during pregnancy among pregnant women in Saudi Arabia
Article
Full-text available
Background: There is growing interest in using social media to improve pregnant women's well-being. This study aimed to evaluate the effects of social media (Snapchat) dissemination of health-promoting interventions on knowledge of oral health during pregnancy among pregnant women in Saudi Arabia. Materials and methods: Using a single-blinded parallel group randomized controlled trial design, 68 volunteers were assigned to either a study group (SG) or a control group (CG). The SG received information about oral health during pregnancy via Snapchat, while the CG received the same information using WhatsApp. The participants were assessed three times: T1 prior to the intervention, T2 immediately following the intervention, and T3 as a follow-up 1 month later. Results: A total of 63 participants completed the study in the SG or CG. According to paired t-test, total knowledge scores in the SG and CG increased significantly from T1 to T2 (p < 0.001) and from T1 to T3 (p < 0.001), but there was no significant change from T2 to T3 in either the SG or CG (p = 0.699 and p = 0.111, respectively). Using t-test, no significant differences were found between the SG and CG at T2 (p = 0.263) or T3 (p = 0.622). Also using t-test, no significant differences were found in the scores of the SG and CG from T2 to T1 (p = 0.720), T3 to T2 (p = 0.339), or T3 to T1 (p = 0.969). Conclusions: Using social media (e.g., Snapchat and WhatsApp) as a health-promoting intervention is a promising method for improving women's knowledge about oral health during pregnancy for short term. However, further studies are needed to compare social media with conventional standard lecturing methods. also, to assess the longevity of the impact (short or long term).
View
... End-to-End Encryption is one of the most commonly used technologies to secure and send information across the internet. Hardware embedded into phones and computers allows for the random locks and keys that make International Journal of Communication Networks and Information Security (IJCNIS) Vol. 13, No. 3, December 2021 E2EE only work on the devices involved in the conversation [8]. ...
Preventing data leakage by securing chat session with randomized session ID
Article
  • Apr 2022
Messaging applications have become one of the largest and most popular smartphone applications. It includes the capacity for the users to communicate between themselves via text messages, photos and files. It is necessary to safeguard all messages. Privacy is one of the biggest issues which most individuals in the world of instant messaging ignore. Although several instant messaging applications offer varying security for users, the weaknesses and danger of data assault are increasing. Not just business discussions, our data must also be safeguarded during everyday discussions since data is very sensitive for everybody, and data protection is very crucial to prevent undesired loss of information. To address these types of weaknesses and hazards associated with data attacks, we require an encrypted messaging protocol and also hide IP address method for a safe interaction. This paper's goal is to protect conversations from targeted attacker by securing the communication between user and hide IP address from unauthorized access.
View
... Furthermore, in the process of audio and video transmission, we protect the privacy of MRCS participants by E2EE (End to End Encryption) [22], which is one of the most reliable methods to ensure the security of data exchange in the field of information security. We implement the application encryption class and encryption function based on WebRTC API. ...
View
... But the users of WhatsApp don't want the "backdoor" of their messages. The authors of paper [4] presented the advantages of E2EE in the messaging app and stated why Government shouldn't interfere in the privacy of user. ...
Chat Application Using Homomorphic Encryption
Article
Full-text available
  • Dec 2022
Chat applications nowadays have evolved into one of the most significant and widely used applications on smart devices. They are capable of sending and receiving messages, documents, and images with zero cost to any part of the world. All the messages should be protected. All the chat applications today are used to send messages quickly and securely. The actuality of the situation is that the messages sent are not as secure as they claim to be. So, to bridge this gap, in this paper Homomorphic Encryption is used to secure the messages further while also not reducing the speed of the transaction. This paper aims to implement a Chat application using Homomorphic Encryption which adds a layer of security over end-to-end encryption.
View
Social Media Influence on Personal Security among the Youth in Nairobi City County, Kenya
Article
Full-text available
  • Feb 2023
This study examined positive uses of social media that include warning and preventing individuals from violence resulting from negative uses of social media and user victimisation. The study was guided by Space transition theory which states that criminals are more likely to commit crimes in cyberspace more than in physical space due to anonymity and identity flexibility. The objective of the study was to determine the forms of social media use among the youths in Nairobi County. The target population were members of the Professional Criminologists Association of Kenya (PCAK). Purposive sampling was used to select 155 youth respondents from a population of 15000 youths and 145 law enforcement informant interviewees drawn from 2,000 law enforcement officers in PCAK in Nairobi County. Piloting of the questionnaire was disseminated among 30 PCAK youths Nakuru chapter. The research instruments were verified by the supervisor for content validity. Statistical Packages for Social Sciences, SPSS and Microsoft Excel software were used in data entry and descriptive statistics were used to analyse the data. Qualitative data were analysed using content analysis, coding, classification, and text inferencing. This study was significant to academic research, criminal justice practitioners and the private sector to assist in goal formulation and achievement of cyber security. The results of this research showed that the form of social media that youth mostly prefer +are WhatsApp over other social media platforms. The most preferred social media platforms by both genders were found to be WhatsApp and Twitter. It was recommended that future research could focus on the modern methods of social media as technology is dynamic. This will give direction on the contemporary forms of social media and their relationship to personal security; this, in turn, improves the security settings suitable for the users
View
Analysis and Implementation of 3-D Transpositional Cipher Algorithm Based on Rubik’s Cube Mechanism
Article
  • Jan 2023
The algorithms that are used for encrypting the text information for security purpose are referred as encryption algorithms. They are widely employed for the application on data transmission over networks. This is seen as a necessary part of data transmission since confidentiality and data privacy are important factors. Different encryption algorithms have different complexities, speeds of execution, and degrees of security. The Advanced Encryption Standard (AES) is one of the algorithms acknowledged by the U.S. government and other major organizations. The AES algorithm guarantees high security since there is no known public attack that can crack it. The Blowfish algorithm on the other hand is very fast but less secure. The encryption algorithms in the average zone of these two algorithms are highly useful for the transmission of general information among people. Such an algorithm also guarantees a good amount of speed as well as more security. Non-conventional algorithms such as transpositional cipher based on Rubik’s Cube mechanism can be seen as a viable option to use in common applications. These algorithms can be further deepened with the help of more complex key generation parts that can be done to enhance the security of the data. This paper focuses on analytically evaluating if this algorithm can be treated as a viable replacement in an application compared to other algorithms. Moreover, this research covers some pros and cons noted while evaluating.
View
View
View
Implementation of E2EE Using Python
Chapter
  • Sep 2022
The need for cyber security is felt now more than ever. In an era of constant mass surveillance, illegal spying and cyber-attacks, it is extremely important to have a secure means of communication which cannot be intercepted. Several new protocols were introduced such as HTTPS to encrypt the connection between the client and the server. This made sure that no third person can read the data being transmitted to and from the client. This model of encryption had one major flaw: the server itself. Every message that was encrypted by the sender was decrypted at the server, encrypted again and sent to the receiver. Thus the server can read all the messages. The users of such chatting services had to trust the owners of the services with their privacy. Even if the owners were not involved in shady data deals, they still had the risk of their servers getting hacked or being pressured by the government to reveal the data of their users. All these issues paved the way for a new type of implementation of encryption known as end-to-end encryption often abbreviated as E2EE. The message to be sent is encrypted by the sender and is sent to the server which relays it to the receiver as it is. Since the keys used to encrypt and decrypt the data are available only to the users, the server cannot read the messages sent through it. This model quickly gained popularity and was implemented by many messaging applications, the most notable being WhatsApp, Signal, Telegram, and Wire. In this project, we are going to implement E2EE using Python. For encryption, we intend to use the AES algorithm. AES stands for advanced encryption standard which was introduced in 2001 by the NITS (U.S.A.). It was developed by Vincent Rijmen and Joan Daemen in response to the earlier broken algorithm DES. AES is a symmetric key encryption algorithm meaning that the same key is used for encryption as well as decryption of the messages. This algorithm has three key lengths—128,192 and 256 bits, whereas a single block size of 128 bits. The version we are going to implement is 128 bits key size.KeywordsEnd-to-end encryptionAESPythonLibrariesDES
View
Anonymity Technologies in Investigative Journalism: A Tool for Inspiring Trust in Sources
Article
Investigative journalism, like other sectors of social life, has undergone significant changes due to globalization, technological progress, and the Western world’s turn to neoliberalism. This context has facilitated the emergence of new practices within the profession, particularly new modes of communication between journalists and their confidential sources. This qualitative study focuses on the meaning journalists attribute to the use of these technologies in their relationships with their sources. Anonymity tools are being used to build the professional identity of investigative journalism (both collectively and individually) and therefore constitute a resource in the power relationship between journalists and their sources, a relationship that is not fundamentally changed by their use.
View
View
The Impact of WhatsApp Messenger Usage on Students Performance in Tertiary Institutions in Ghana
  • Jan 2014
  • 157-164
  • J Yeboah
  • G Ewur
Yeboah, J. and Ewur, G. (2014) The Impact of WhatsApp Messenger Usage on Students Performance in Tertiary Institutions in Ghana. Journal of Education and Practice, 5, 157-164.
Impact of WhatsApp Messenger on the University Level Students: A Sociological Study
  • Jan 2015
  • 118-125
  • G R Sarker
Sarker, G.R. (2015) Impact of WhatsApp Messenger on the University Level Students: A Sociological Study. International Journal of Natural and Social Sciences, 2, 118-125.
The World Factbook. Country Comparison, Internet Users
  • Jan 2017
Central Intelligence Agency (2017) The World Factbook. Country Comparison, Internet Users.
Data Breaches Becoming a Treasure Trove for Fraudsters
  • Jan 2013
  • A Pascual
Pascual, A. (2013) Data Breaches Becoming a Treasure Trove for Fraudsters, 2013 Identity Fraud Report.
How WhatsApp Encryption Works-And Why There Shouldn't Be a Backdoor. The Conversation
  • Jan 2017
  • A Michalas
Michalas, A. (2017) How WhatsApp Encryption Works-And Why There Shouldn't Be a Backdoor. The Conversation. https://theconversation.com/how-whatsapp-encryption-works-and-why-there-shou ldnt-be-a-backdoor-75266
Going Dar: Encryption, Technology and the Balance between Public Safety and Privacy. District Attorney New York County
  • Jan 2005
District Attorney New York County (2005) Going Dar: Encryption, Technology and the Balance between Public Safety and Privacy. District Attorney New York County, R. E. Endeley DOI: 10.4236/jis.2018.91008 99 Journal of Information Security Washington DC.
US Says It Doesn't Need Secret Court's Approval to Ask for Encryption Backdoors
  • Jan 2017
  • Z Whittaker
Whittaker, Z. (2017) US Says It Doesn't Need Secret Court's Approval to Ask for Encryption Backdoors.
WhatsApp Design Feature Means Some Encrypted Messages Could Be Read by Third Party
  • Jan 2017
  • M Ganguly
Ganguly, M. (2017) WhatsApp Design Feature Means Some Encrypted Messages Could Be Read by Third Party.
The Effect of Encryption on Lawful Access to Communications and Data
  • Jan 2017
  • J Lewis
  • D Zheng
  • W Carter
Lewis, J., Zheng, D. and Carter, W. (2017) The Effect of Encryption on Lawful Access to Communications and Data. Center for Strategic & International Studies. A Report of the CSIS Technology Policy Program.