Facebook and WhatsApp might be the next Apple in encryption fight

brazil whatsapp
Police in Brazil want messages from Facebook-owned mobile service WhatsApp. But WhatsApp says it can’t provide the information that’s requested because of its encryption technology.

Friction between tech companies and law enforcement over data access and encryption is heating up around the world.

Apple and the FBI are in a widely watched standoff, and a similar situation is unfolding in Brazil with WhatsApp, which is owned by Facebook (FB, Tech30).

At issue: Authorities in Brazil think information transmitted through WhatsApp could help in a criminal investigation into drug trafficking.

In Apple’s case, law enforcement wants to get into a suspect’s iPhone but can’t because it’s encrypted. In WhatsApp’s case, law enforcement wants to get into messages but can’t get past the app’s encryption.

But there’s a crucial difference: Apple (AAPL, Tech30) admits that it could help the FBI open the door if it built a new version of the iPhone’s operating system. WhatsApp says it can’t get in at all.

Brazilian law enforcement told CNN that it is looking for WhatsApp to provide suspects’ IP addresses, customer information, geo-location data and physical messages.

WhatsApp says it has been cooperating, but is not able to provide “the full extent of the information law enforcement is looking for.”

Related: Judge orders Facebook VP to be released from Brazilian jail

According to WhatsApp, messages that travel through its servers are jumbled up code — even the company can’t decrypt them.

The latest versions of the service encrypt messages on the sender’s device (some older versions of the app did not use encryption). The messages stay encrypted until the recipient’s device receives them. At that point, WhatsApp deletes the messages from its server. And the server also deletes unreceived messages after 30 days.

WhatsApp says it could theoretically retrieve encrypted messages when they’re on its server, but it doesn’t have the technical capability to translate them back into plain text.

“We’ve built encryption so no one — including WhatsApp — can decrypt messages,” a spokesman told CNNMoney.

According to Ajay Arora, CEO of security company Vera, the only way for WhatsApp to decrypt the messages would be to possess the physical, unlocked phones, which hold the keys to the encrypted messages.

“The encryption key is just randomly generated based on attributes of the device and tied to the device,” Arora told CNNMoney. “So to retrieve the encryption key you need to get access to the device.”

But if police had a suspect’s unlocked phone, they wouldn’t need WhatsApp’s help to see the messages — they could just look on the phone. So there’s really nothing that WhatsApp can do to help.

“WhatsApp cannot provide information we do not have,” a WhatsApp spokesman said in a statement.

Related: Tech companies standing up to government data requests

Tensions between law enforcement and tech companies may continue to escalate if more apps like WhatsApp adopt end-to-end encryption. (Signal and Telegram are popular apps that already have similar levels of privacy protections.) That’s because of what’s happening right now with Apple.

Not only has Apple refused to comply with a court order to break into the iPhone used by one of the San Bernardino shooters, the company also wants to build a phone that even it can’t break into.

If that’s the case, then governments around the world will have a hard time requesting data they think they might need.

After all, if the phone can’t be unlocked, then the data transmitted through the devices can’t be unlocked either.

— CNN’s Flora Charner, Shasta Darlington and Jose Pagliery contributed to this report.

comments powered by Disqus