Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

WhatsApp Adds Additional Layer of Security With End-to-End Encryption for Chat Backups

Friday, September 24, 2021

Categories: ASCF News Cyber Security

Comments: 0

Source: https://www.cpomagazine.com/data-privacy/whatsapp-adds-additional-layer-of-security-with-end-to-end-encryption-for-chat-backups/

Photo: CPO Magazine

A feature that WhatsApp began testing in early July is set to roll out to all users “in the coming weeks,” according to a company spokesperson. Chat backups will now be protected with encryption, as the service’s messages have since 2016.

The feature will likely debut with the next app update, but there is no timetable for that as of yet. When it rolls out, users will be able to opt in to creating a 64-bit encryption key for protecting chat backups that can either be stored manually or accessed server-side with a password.

WhatsApp encryption slated to cover chat backups with next app update
WhatsApp became popular as a top privacy-focused messaging app due to its strong encryption, and end-to-end encryption has been applied by default to all messages since 2016. This is not currently the case with chat backups, however, which are stored in Google Drive or iCloud (depending on the device) without an encryption option.

The forthcoming update will change that, but will require users to opt in. The app will present users with a choice of how to handle the 64-bit encryption key that will be generated to protect chat backups: it can either be stored locally, or stored in the cloud and protected with a separate password (different from the one used to log in to the app). Chat backups will be encrypted locally on the device before being sent on to iCloud or Google Drive for storage, which means that a subpoena served to Apple or Google will not be of much use for those files.

WhatsApp and Google Drive/iCloud will not be able to view or access chat backups once encryption is enabled, but users that opt to store their key locally will need to be careful not to lose it. If the encryption key is lost, access to the chat backups is also permanently lost. If users opt for password protection instead, there is more flexibility but also the small risk of a breach exposing login credentials at some point. Still, the password situation would be a significant improvement from the complete lack of encryption in this area at present.

WhatsApp also recently announced that it will support syncing multiple devices (up to four) through a phone, which would allow continued use of the service on those devices if the phone app is not available for some reason. Encryption will not be available for chat backups on these synced devices; any chat sessions off of the smartphone app will apparently remain unencrypted if they are backed up.

Encryption loophole shut off for law enforcement
The move threatens to shut off one of law enforcement’s favorite sources of encryption workarounds. WhatsApp automatically backs up chats to the local device every day, and less sophisticated users that download it often follow prompts that set up regular Google Drive or iCloud backups. These users may not be aware that unencrypted backups of messages are regularly made; one needs to go into the “Settings” menu in WhatsApp to turn off the backups to cloud services or reduce the frequency once they are enabled.

The move will also likely give WhatsApp an edge of market appeal for the convenience-focused casual user that does not necessarily care about law enforcement access to messages. The app’s chief rivals in the privacy and security space, Telegram and Signal, do not automatically back up chats. Encrypted chat backups can be enabled in Signal, but require a 30-character passphrase to restore.

Global rollout of end-to-encryption for chat backups
Another interesting feature of this update is that WhatsApp says it is rolling it out globally, even in markets where local laws either forbid end-to-end encryption or require that the government have backdoor access to it. WhatsApp was banned in China for this reason in 2017, with the CCP demanding that Facebook provide backdoor access and the power to moderate messages. The messaging app nevertheless has about two million users in the country, who continue to access it (and Facebook) via VPN.

WhatsApp is banned in several other countries for similar reasons, including the United Arab Emirates and Qatar. Some countries, such as Iran, have had temporary bans on WhatsApp in the past that might be reinstated once easy access to stored messages is gone. Iran quickly banned the privacy-focused Signal when WhatsApp users began migrating to it en masse after WhatsApp changed its privacy policy (to expand data sharing with Facebook) earlier this year.

Though WhatsApp’s end-to-end encryption is strong and widely praised as a means of privacy protection when messaging, this story highlights that there are some limitations to it and some of these remain unaddressed. WhatsApp allows message recipients to flag encrypted messages after they are decrypted, which allows the company’s moderators to review them for potential violations of platform rules. There are also widespread rumors that Facebook is looking to develop AI that can infer something of the content of encrypted messages so that relevant advertisements can be served alongside them.

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.

Search