WhatsApp is rolling out a new update that will allow users to turn on end-to-end encryption (E2EE) for chat backups stored in the cloud. The company offers E2EE since 2016 but the feature was limited to WhatsApp chats, not backups.
WhatsApp was testing this feature back in July, as reported earlier.
What else do we know about this update?
Until now, WhatsApp did not provide a means for users to protect their messages when they backed them up to a third-party service such as Google Drive or iCloud.
The company now says it has created a new technology that ensures that communications sync across various devices while retaining end-to-end encryption. It goes on to say that the application will encrypt each message separately using the pairwise encryption session that it has established with each device. It will not save messages on the server once they have been delivered.
In 2018, the FBI had obtained a court order to examine the iCloud of former President Donald Trump’s campaign manager Paul Manafort. With the new update, users can choose to opt-in to encrypt backups. The decryption of the messages will require the use of an encryption key. Only users can access that manually or through a password verification system.
Further, WhatsApp has security measures in place to make accounts inaccessible after a certain number of failed password attempts. In the coming weeks, backup encryption will be available on both iOS and Android devices.
The Debate on End-To-End Encryption
WhatsApp is already facing criticism from governments all over for its policies around encryption. The Indian government introduced the new intermediary rules which require WhatsApp to trace the originator of a message. On the contrary, the company says is impossible to trace messages without breaking end-to-end encryption on its service. Consequently, WhatsApp is contesting the issue in courts now.
Up until now, investigating authorities have relied on backups to dig information for investigative purposes, but encrypting the backup could bring a new problem to the table.
Other E2EE services, such as Protonmail, also made news recently. Protonmail shared a climate activist’s IP logs with the French police. On the other hand, a German court ordered Tunota, a German encrypted email service provider, to monitor messages of accounts implicated in a blackmail case.