January 20, 2017A lot has been said and debated about the Guardian’s claim that one of the largest consumer messaging networks has a built-in backdoor. To us at Wickr, two things are clear:
1. Enabling a billion consumers to have easy access to end-to-end encryption is a tremendous step forward for the global online community as a whole, and for WhatsApp/Signal teams in particular.
2. We do see the rationale behind the design choice. WhatsApp’s protocol for handling the key change is simply a trade-off between security and convenience. It is unfair to describe this as a backdoor.
There is no need to re-litigate the headline choice, but there is a need to push the industry and conversation forward. Encryption, being one of the core fundamentals of secure communications, is an important debate topic. More people have discussed, learned about and improved their understanding of key exchange because of the Guardian’s reporting, myself included. This is a good thing.
This debate, no doubt, has provided strong validation of our product roadmap and helped to reaffirm our assumptions and UI/UX choices across the Wickr product portfolio. Both Wickr Professional collaboration tools and Wickr Messenger err on the side of security, blocking communications with unverified user devices. If there are no verified devices to deliver a message to, the sender is warned of a failed delivery and is given a choice to either discard or resend. The delivery will only be successful if the recipient’s identity is properly validated. Wickr products are hardened against these risks to ensure that user messages cannot be obtained – there will not be a convenience trade-off. To this end, we have selected a market where customers must have uncompromised security and ephemerality.
While many of us did not need an event like this to motivate us build strong security, let’s hope that more and more product teams will now have a better understanding of how and why key exchange must be handled with caution and care. And also that design decisions must take into account potential attack vectors and the policy consequences of these decisions.
The concerns raised by Tobias Boelter and discussed among privacy advocates have also ignited an important discussion around our collective responsibility to anticipate and understand the consequences of increasingly sophisticated adversaries and unfolding policy developments.
Organizations will continue to be asked for access to encrypted user communications. either through public courts (creating a precedent) or secret proceedings. Systems that theoretically allow for data to be obtained will face a significant challenge in these scenarios. Clearly, the more companies understand the information security and policy landscape, the more thoughtful everyone’s security design and UI/UX solutions will be.
While no one can claim the right answers here, the issue is of particular concern to all focused on protecting user privacy. As the Apple case demonstrated last year, it matters greatly how global companies build technology and whether they possess the information or capability the governments are seeking. It has clearly showed that one local case has the potential to create a precedent and change the privacy balance not only in the US, but globally. For all of us.