As encryption sees broader deployment, the US government's struggle to maintain access to electronic communication lapsed unexpectedly last month when the FBI found a way to access the encrypted iPhone of one of the San Bernardino shooters.
That breakthrough, believed to be a vulnerability identified by a third party, prompted the Justice Department to abandon its legal effort to force Apple to create a modified version of iOS that would undo the company's security measures.
While it appears that the exploit provided to the FBI will allow the agency to access at least a few protected iPhones that have stymied investigations in various states, the tension between authorities and those offering privacy technology will only become more acute.
Sometime this week, Senators Richard Burr (R-N.C.) and Diane Feinstein (D-Calif.) are expected to release a draft of a bill that seeks to limit encryption.
But Facebook's WhatsApp, which is in use by 1 billion people, isn't waiting. The messaging service on Tuesday said it has enabled end-to-end encryption for messages and files sent through the service. Users of the most current version of WhatsApp Messenger on supported platforms -- Android, BlackBerry, iPhone, Nokia, and Windows Phone -- will be protected automatically. And WhatsApp, like Apple, will not have access to the keys necessary to decrypt its users' messages.
"From now on when you and your contacts use the latest version of the app, every call you make, and every message, photo, video, file, and voice message you send, is end-to-end encrypted by default, including group chats," company co-founders Brian Acton and Jan Koum said in a blog post.
The pair acknowledge the legitimate work of law enforcement to keep people safe, but note that "efforts to weaken encryption risk exposing people's information to abuse from cybercriminals, hackers, and rogue states."
Given the FBI's worries about being left in the dark by encryption, it's somewhat ironic that funding to develop the Signal Protocol came from the government-backed Open Technology Fund, as Christopher Soghoian, principal technologist at the ACLU, noted on Twitter.
WhatsApp's embrace of encryption was more than a year in the making. In November 2014, WhatsApp and secure communications firm Open Whisper Systems announced their intent to work together to integrate Open Whisper Systems' open source Signal Protocol (formerly TextSecure) encryption into WhatsApp. At the time, WhatsApp had some encryption support in its Android client.
WhatsApp is far from the first chat app to implement encryption. Apple's iMessage and FaceTime, Signal, Telegram, and Wickr are among the better known apps for secure communications.
Encryption should not be confused with a guarantee of security. It's one security feature among many that may not be adequately implemented. Apple's iMessage protocol, for example, is said to be "cryptographically broken," according to cryprographer Ian Miers.
WhatsApp may have its own deficiencies. Like some other popular secure messaging apps, it's not open source, which means its code can't be independently verified. Signal, which is open source, scores better than WhatsApp on the Electronic Frontier Foundation's Secure Messaging Scorecard. However, WhatsApp's integration of the Signal Protocol should improve its standing.
What makes WhatsApp's embrace of strong encryption noteworthy is its scale. Apple has sold over 821 million iPhones, not all of which are still in use. WhatsApp is used by over a billion monthly active users around the world, people who now have privacy by default.Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio