WhatsApp, which is owned by Facebook, announced Friday that its more than 2 billion users will be able to fully encrypt their message backups.
WhatsApp’s proposal, which will be detailed in a white paper before being rolled out to iOS and Android users in the coming weeks, is to encrypt backups that users already send to Google Drive or Apple’s iCloud, making them inaccessible without an encryption key. WhatsApp users who choose to have their backups encrypted will be prompted to preserve a 64-digit encryption key or create a password that is related to the key
In a statement, Facebook CEO Mark Zuckerberg said, “WhatsApp is the first global messaging service at this scale to offer end-to-end encrypted messaging and backups, and getting there was a really hard technical challenge that required an entirely new framework for key storage and cloud storage across operating systems.”
WhatsApp will store the linked key in a physical hardware security module, or HSM, that is maintained by Facebook and unlocked only when the right password is provided in WhatsApp if someone generates a password tied to their account’s encryption key. For encrypting and decrypting digital keys, an HSM functions like a safe deposit box.
The HSM supplies the encryption key that decrypts the account’s backup that is kept on either Apple or Google’s servers once it is unlocked with its associated password in WhatsApp. Repeated password attempts will render a key stored in one of WhatsApp’s HSM vaults permanently unavailable. To protect against internet outages, the hardware is housed in Facebook-owned data centers throughout the world.
According to Will Cathcart, the head of WhatsApp, the system is designed to ensure that no one other than the account owner has access to a backup. The purpose of allowing individuals to set simpler passwords, he explained, is to make encrypted backups easier to access. WhatsApp will only be aware of the existence of a key in an HSM, not the key itself or the password used to unlock it.
WhatsApp’s move comes as governments around the world, including India, WhatsApp’s largest market, threaten to break the encryption system. “We anticipate to be chastised for this,” Cathcart predicted. “That isn’t something new for us… I am convinced that governments should encourage us to have more security rather than the opposite.”
WhatsApp’s disclosure means the service is going one step further than Apple, which encrypts iMessages but retains the keys to encrypted backups; this means Apple can help with recovery, but it may also be forced to hand over the keys to law authorities. Cathcart said WhatsApp has been working on encrypting backups for a couple of years, and while they are now opt-in, he hopes to “have this be the way it works for everyone” over time.