Rediff.com« Back to articlePrint this article

Your WhatsApp messages are encrypted but are they safe?

October 10, 2020 10:50 IST

Apart from physical access to handsets, metadata and backups are two common ways in which private communications can be broken, says Devangshu Datta.

*IMAGE: WhatsApp messages are encrypted end-to-end. Photograph: Kind courtesy Anton/ Pexels.com
 

The uproar over leaked WhatsApp messages of some Bollywood actors may have a couple of unintended positive effects.

It has led to a focus on the concept of data privacy, and it may lead to questions being asked about overreach by investigative agencies.

WhatsApp messages are encrypted end-to-end, meaning they can only be read on the devices of sender and recipient (in the case of a group, on devices of all members).

The service provider cannot read the message; nor can anybody who intercepts it.

However, this doesn't necessarily make WhatsApp totally secure.

WhatsApp creates a backup for the last seven days of activity on the handset.

It also does backups on Google drive, by default, at specified intervals -- unless the user chooses "never" for backup.

A backup is convenient if you change handsets, but it can also be retrieved and read easily.

In addition, it is possible to retrieve a deleted WhatsApp message, given access to the handset.

WhatsApp servers also store metadata -- that is, records of messages and calls.

Hence, although the content is not available, it is possible to check every user's connections.

The police can, and do, build cases around metadata.

Apart from physical access to handsets, metadata and backups are two common ways in which private communications can be broken.

If you wish to strengthen WhatsApp privacy, delete existing WhatsApp backups and don't take WhatsApp backups on Google.

If you must, create a new Google account purely for WhatsApp backup and access that account for nothing else.

Government agencies can seize handsets and personal computers (PCs) of citizens, access their email accounts, etcetera, to collect data as evidence.

Apart from covert surveillance, in any police case or IT survey, handsets and hard drives of PCs are seized, "cloned" and searched for hidden, encrypted and deleted files.

But private citizens and private entities are not supposed to access or publish private data.

Nor is data and other material collected as potential evidence supposed to be released in public.

Such leaks may lead to evidence being tampered with and it may also cause prejudice against the accused persons, regardless of their guilt or innocence.

If the WhatsApp messages of the Bollywood actors in question are authentic, they may have been collected by the Narcotics Control Bureau and leaked to the news channels.

Or, they may have been acquired illegally by the channels.

Either way, legal liability rests on government officers or the channels concerned.

There is, however, a legal grey area here.

There is no specific legislation outlining illegalities in terms of breach of data privacy and punishments, although privacy is a fundamental right according to a 2017 Supreme Court judgment.

The draft data privacy protection legislation, which has not yet been passed, allows the government to secretly snoop on private citizens for a wide range of purposes.

And even though evidence and material are not supposed to be released, it is unlikely anybody will be punished for the leaks.

Remember the Nira Radia tapes?

Some 5,000-odd hours of wiretaps of many conversations were collected as evidence and leaked into public domain in 2010.

No government officer was ever called to account for that massive breach of privacy.

This leak is likely to be similar in terms of no official response.

*Kindly note the image has been posted only for representational purposes.

Feature Presentation: Ashish Narsale/ Rediff.com

Devangshu Datta
Source: source image