What should we do about encrypted messaging apps?
From WhatsApp to Telegram to Signal, the growth in use of end-to-end encryption messaging apps is soaring. But do their positives outweigh the risks of them being used by 'bad actors'?
When WhatsApp, Instagram and Facebook – along with its Messenger – all went down in October, it became apparent just how ingrained messaging apps have become in people’s everyday lives.
Many immediately took to Twitter (where else?) to express their frustrations at not being able to contact friends and family as normal. Others cited how critical such channels were to those in countries where free speech is undermined, or where communication infrastructure is lacking.
Late last year, on an earnings call, Facebook founder Mark Zuckerberg revealed how WhatsApp now delivers more than 100 billion messages a day across the globe, clearly demonstrating how free messaging platforms have left SMS and the simple phone call trailing in their wake.
This most recent outage, however, was also used by others to highlight the belief that some messaging routes might be more private and secure than others. Privacy advocate Edward Snowden, for example, suggested on Twitter that it was a “reminder that you and your friends should probably be using a more private, non-profit alternative”.
Snowdon cited Signal as one example. Describing the eponymous app on its website, Signal says: “We can’t read your messages or listen to your calls, and no one else can either. Privacy isn’t an optional mode — it’s just the way that Signal works.” Competitor Telegram is growing in popularity for similar reasons.
Andrew Whaley, senior technical director at Norwegian app security company Promon suggests the growth over time in the use of encrypted messaging apps has been determined by the richer functionality and privacy they offer to consumers and company teams.
“Apps like WhatsApp, Signal and Telegram all offer end-to-end encryption, which, for the many people wanting privacy, is a big bonus,” he says. “In some cases, this could be privacy from advertisers, while, for others, this might be privacy from the state. Either way, simple SMS or email is typically the less secure option.”
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
From regulation to whistleblowing
The shift to using end-to-end encrypted messaging apps has thrown up a broad range of controversies, as well as highlighted a range of benefits.
In some quarters, they are seen as having a negative impact on society with governments around the world regularly raising the idea of regulation. Most often states say there’s a dangerous lack of oversight on the private conversations being had; security services have long expressed concerns about those who may push hate speech or plan terror attacks via these channels.
Such apps have also recently been in the news amid claims they were used to spread anti-COVID-19 vaccine content or, in the case of the German elections, conspiracy theories.
On the opposite side of the argument, the strict privacy of these apps has been heralded as a way for whistle-blowers and journalists to communicate safely, ensuring important stories and scandals are uncovered. In countries where democracy is curtailed, they also offer a route for private and unmonitored discussions.
Others believe the encryption is also a much-needed tool to stop companies mining data from unencrypted message platforms, which is often then used, or sold, to influence advertising.
Robin Wilton, director of internet trust at the global non-profit Internet Society, says: “One of the main reasons these apps have grown in popularity comes down to the fact consumers have become savvier towards how their data is managed, and are therefore more aware of end-to-end encryption and its benefits.
“In addition, these apps are often free of charge and are as simple as SMS to use, while delivering enhanced privacy. Therefore, not only do users feel safer, but they also do not have to deal with the inconvenience of having to configure encryption into their applications.”
Building the future of encrypted messaging
Not everyone feels so positive towards these sorts of services, though. For Andersen Cheng, CEO at Post-Quantum, a firm of UK cryptographers, the risks related to such heavily encrypted apps actually led to him closing down a previous creation in 2014, described as “the world’s first and only ‘quantum-safe’ instant messaging system”.
He explains: “In the age of privacy, it was a much-needed win in a period where the misuse and monetisation of user data was widely agreed to be out of control. However, the reality proved vastly more complex when our application subsequently appeared on an Islamic State recommended technical tools list.
“We were getting healthy daily downloads as well, but the eventual decision to switch it off was relatively easy — we would not put profit before human lives.”
Cheng adds: “I firmly believe these privacy-preserving apps have a future but a middle ground must be reached between the two sides of the debate. On the one hand, we have privacy advocates arguing for full and unquestionable privacy for users. However, this makes it extremely difficult for the police and tech firms to monitor communications, detect child grooming and intercept child abuse imagery. It also makes it easier for terrorist organisations to operate undetected.”
On the other hand, Cheng argues government-sanctioned ‘backdoors’ in encryption aren’t the answer either, warning: “A backdoor for one is a backdoor for all, and anyone can walk through it, whether the intended government agency, a hacker, or a malicious nation.”
His suggestion is to have a pre-agreed ‘side door’, adding: “That allows you to split control and responsibility, and one you can only access if multiple parties like governments, private companies, privacy groups and preferably courts each provide their section of the key.”
Amandine Le Pape, co-founder of secure messaging app Element, which claims to be trusted by French, US and UK governments, is also against backdoors. Her aim was to create an open standard for communication that brought benefits to both sides, leading to Matrix – an open standard for decentralised, end-to-end encrypted communication. Element is a Matrix-based app, one of hundreds that now exist, with 38 million users in the network.
Le Pape states end-to-end encryption is “absolutely vital” to secure the modern digital world. “We need end-to-end encryption to protect the 99.9% of the population that are perfectly law-abiding people from the bad actors,” she adds.
However, from the technology providers’ side, she believes there is a need for responsible management and explains that by building a “first-class infrastructure … users (and room/community moderators and server admins) make up their own mind about who to trust, and what content to allow”.
She believes the future is “incredibly bright” but warns: “Backdoors are an absolute disaster. Don’t forget, ‘bad people’ have free and easy access to create their own end-to-end encrypted systems. They will not be using an encrypted system with a wide open backdoor. It only impacts the ‘good people’.”
Jonathan Weinberg is a freelance journalist and writer who specialises in technology and business, with a particular interest in the social and economic impact on the future of work and wider society. His passion is for telling stories that show how technology and digital improves our lives for the better, while keeping one eye on the emerging security and privacy dangers. A former national newspaper technology, gadgets and gaming editor for a decade, Jonathan has been bylined in national, consumer and trade publications across print and online, in the UK and the US.