Even a simple hello note to your grandma, and the NSA is sure to be reading along. What many people long suspected turns out to be true: The full scope of government snooping is by now common knowledge – at the very latest since the disclosures by whistleblower Edward Snowden. But what can we do to stop it? Or will we ultimately need to revert to analog forms of communication? New encryption codes for messenger applications offer a ray of hope.
Spring 2014: Facebook buys WhatsApp, throwing the computer-savvy world into pandemonium. Privacy advocates call for a boycott of the "data octopus", while reports of security breaches in WhatsApp Messenger become legion and countless alternative services sprout up. Virtually overnight, downloads of a previously largely unknown Swiss app named Threema go up by a multiple.
All of us are looking for the right kind of protection for our private data and communications – protection from corporations and governments.
But all these new tools have one major hurdle to clear: "They have to pass the Greenwald test", as Edward Snowden put it at the South-by-Southwest Festival 2014, i.e. the encryption needs to hold up to whistleblower standards. Glenn Greenwald and Edward Snowden may not have shared all those NSA files using a messenger app, but rather highly encrypted e-mail systems, as Greenwald wrote in his book, "No Place to Hide". One thing their disclosures however made clear was the fact that U.S. intelligence services are monitoring everyone and everything – even the timeline alert reminding you of your grandma's impending 80th birthday.
By autumn 2014 WhatsApp was gearing up for a major enhancement. Since other services like Threema had long since decided in favor of end-to-end encryption, the new Facebook subsidiary was also eager to improve its battered image. According to its inventor, the TextSecure algorithm is capable of fulfilling the highest security standards – making it impossible for the NSA to read along. But will this solve all our problems? Only your intelligence agency knows for sure.
If anyone had asked him a year ago what the ideal way to promote data security was, one of his top suggestions might have been: "WhatsApp equipped with TextSecure encryption," reports Jürgen Schmidt, Editor-in-Chief of heise Security. People like Moxie Marlinspike have earned his respect over the past few years, he says. Who? Moxie Marlinspike, software developer from California, who has been working since 2010 to develop simple programs to encrypt private messages. His company, Open Whisper Systems, which developed TextSecure Messenger with the corresponding encryption, went together with WhatsApp six months ago and is now ensuring the security of the communications of some 600 million users worldwide. Great – say many, including Edward Snowden, who emphasizes the app's easy operation. But the majority of users still claim this is still not enough, since many questions remain unanswered.
Currently TextSecure can encrypt WhatsApp text messages, with images, videos and sound files to follow with the next update, according to the Open Whisper Systems blog. Threema has always offered end-to-end encryption, while numerous open-source apps for Facebook, WhatsApp et al. trumpet the safe protection of your files. This may all protect you from outside attacks. But who is going to protect us users from the messengers' providers themselves? After all, it is no secret that data translates into money. Which is why we all need to allow access to our smartphone contacts, location and other personal information – data which remain unencrypted. And who ever has the time or inclination to read all the providers' voluminous terms and conditions spelling out what you are actually consenting to, and which data the respective provider is actually allowed to access?
Data privacy advocates are consequently unlikely to be satisfied with new "charm campaigns" being launched by providers like WhatsApp, according to Süddeutsche Zeitung, which goes on to write that "anyone who praises encryption as an all-purpose weapon against criminal hackers and voracious intelligence agencies is forgetting the fact that an added danger lurks elsewhere – in Silicon Valley". So who exactly are the bad guys? Governments? Big corporations? It is easy for the user to lose track of things in the vast sea of data. Data security is at the top of the agenda at next year’s CeBIT. Visitors to the showground in Hannover will know a lot more after attending the show.