Can governments intercept end-to-end encrypted Whatsapp communication through lawful interception?

It's very unlikely that any government agency would crack the encryption. They would need the key. And the only way they could get that is if Whatsapp had a backdoor or weakness in their software which allowed for such a key to be extracted.

There is, as of today, no direct evidence that such a backdoor exists in Whatsapp. But, since Whatsapp is closed source, it also becomes difficult to make sure such a backdoor does not exist.

However, in terms of information security, what we are interested in is a risk assessment. Considering OP, government agencies are the parties we are being asked about. We should therefore asses that risk. Here is some relevant information regarding that:

Whatsapp's parent company, Facebook, has been shown to give the NSA direct, unilatateral access to their servers through something called the PRISM Program. While Facebook denies this, it has been proven by leaked documents. This does not, however, mean that the NSA can decrypt Whatsapp messages. I include this information in the risk assessment as an example of Whatsapp's owner's relationship to the NSA and privacy transparency in general.

In 2013, information was released regarding: (Source)

• NSA and GCHQ unlock encryption used to protect emails, banking and medical records

• $250m-a-year US program works covertly with tech companies to insert weaknesses into products

We can absolutely not prove that this large, covert program has in fact worked with Facebook to put such a "weakness" into Whatsapp. However, this information is nevertheless relevant to our risk assessment. If such a weakness was actually implemented, it could compromise the encryption key.

Though not absolutely identical, considerably similar things have indeed happened before. Here is one example regarding Skype, Microsoft and the NSA.

Conclusion: It is, at present, difficult to conclude one way or the other. Whatsapp's parent company (as well as other companies) have demonstrated in the past that they are willing to give the NSA unilateral access to user data. They have also shown a willingness to lie about it. Given this, it seems difficult to take companies under the control of Facebook at their word regarding this particular subject.

When we evaluate the degree of risk in regards to malware, a virus, being hacked, data loss, data theft, surveillance, etc, it is not only relevant if something is proven. It is also relevant if something is possible or even likely. While, in this particular case, there may not be sufficient grounds to say that the NSA gaining access to Whatsapp encryption keys is likely, it is definitely possible, given the history of these entities.

This is something people can take into consideration when evaluating such a situation.

Related reading:

New Snowden Documents Detail How NSA Can Bypass Common Internet Encryption (International Business Times)

Microsoft handed the NSA access to encrypted messages (The Guardian)

Revealed: how US and UK spy agencies defeat internet privacy and security (The Guardian)

PRISM (surveillance program) (Wikipedia)


You have asked one question, but I think that you are asking two:

  • can Whatsapp encrypted communications be captured, and
  • can Whatsapp encrypted communications be captured in "the clear"

To your first question, all communications can be captured by legal authorities. It's actually not that difficult, and there are multiple examples of this happening.

To your second, we can only use the stated facts in evidence, and speculate on the rest. Whatsapp states that they do not have access to the encryption keys, which would mean that they would not be able to hand those keys over to authorities. If true, then the answer to your second question, is "no".

We can speculate on the vulnerabilities on the key management process, or the truthfulness of Whatsapp's statements, but until we have evidence one way or another, we can assume that the statements are technically true.


In short:

  • Intercept encrypted communication: yes (attacker gains some metadata)
  • Decrypt content of intercepted encrypted communication: no (presumably)
  • Intercept not-yet-encrypted or already-decrypted communication at either end: yes (attacker would have to alter the client, but government agencies can force WhatsApp/Facebook or Google or Apple to push malicious app versions to their targets or their peers)

Tags:

Encryption

Whatsapp

Surveillance

Related

Why is it considered safe to install something as a non-root user in Linux environments? How can the nmap tool be used to evade a firewall/IDS? What are the disadvantages of using public key cryptography when encrypting files? How can I tell if a PDF file I was sent contains malware? I almost searched my password, but didn't press enter. Is my password at risk, because of autocomplete or anything else? Could keystroke timing improve security on a password? How do I remove my website from the malware database? Does FTPS (FTP+S) offer better security than SFTP on the server side? Can firewalls decrypt SSL packets? Advantages to killing sessions after 5 minutes? To what extent does formatting a disk (securely) remove its data? Is it safe to redirect to URL parameter without filtering?

Recent Posts