Skip to main content
banner image
venafi logo

UK Government Sanctions WhatsApp as Official Communication Tool in COVID-19 Crisis [Encryption Digest 36]

UK Government Sanctions WhatsApp as Official Communication Tool in COVID-19 Crisis [Encryption Digest 36]

WhatsApp sanctioned by UK government
April 10, 2020 | Katrina Dobieski

Encryption has been the biggest issue on the chopping block in the wake of the COVID-19 crisis. In the midst of it all, the British government uses WhatsApp to disseminate info about acceptable protocols and belies a rather tangled history with the app itself, and encryption at large. Journalists speak out as the Committee to Protect Journalists releases a fact sheet on why their job requires full data privacy, and how government backdoors could undermine the ability to reveal truth in the press. Heads up—both the EARN IT act (which limits consumer privacy) and the Privacy Bill of Rights Act (which protects consumer privacy) are both stuck in Congress. This might be the most defining coin toss of our era.


UK Government Sanctions WhatsApp as Official Communication Tool in COVID-19 Crisis

Who does the British government go to when they need to get the word out on coronavirus best practices? WhatsApp. Not a big deal, this should be a neutral play on a neutral platform. Parliament “goes to where the people are” and utilizes a popular messaging app to do so. However, does this government sanctioned use of a privately-owned platform hold more political significance than good will?

Facebook, and its subsidiary WhatsApp, have enjoyed an accommodating relationship with governments in the past. Russia and Iran are both notorious anti-encryption zones (Russia is underway on its new state sponsored internet) and deny apps like Telegram for failure to comply with government backdoor policies. WhatsApp, however, is allowed. The policies haven’t changed.

Two years ago, the Tories got into an embarrassing debacle when (trigger warning) Brexit-based chats leaked out from their private WhatsApp group. It was a mole, but the fact that they were using WhatsApp for sensitive party information raised some eyebrows. (After the leak, they were calling for Telegram).

And yet again in this third case, we see Britain’s legislative assembly turning to the Facebook owned app as an official outlet to warn their citizens. Other sanctioned sources include the BBC, Britain’s government owned news agency and responsibly in line with the state referendum.

All of this might seem like a lot of smoke, no fire, but when we peel below the surface and see what measures are being attacked in the international state responses to COVID-19, we may have reason to pause. Facial recognition is being employed “en masse” (to stop the spread), aggregated consumer data is being handed over carte blanche to the US government, and a bill that effectively eliminates encryption is under consideration while we’re all in quarantine.

As we lean a wary eye towards the backdoor attempts, surveillance policies and privacy infringements trailing behind state sponsored responses to COVID-19, it’s safe to say that “WhatsApp: the app that governments trust” might not be the best calling card.

Related Posts


Journalism Needs Encryption to Exist


Imagine this. You’re a journalist meeting a contact at an undisclosed location who’s going to give you a tip-off about a guy he knows in the Miami cartel. Just don’t give his name out. You publish the story, keep his anonymity, credit him as a hero—then find out he’s dead in the papers the next day. The cartel tracked him down because they cracked that semi-encrypted app you were using to communicate. Because there was a backdoor.

Granted, this is a worst-case-scenario, and “bad guys” can get caught via the same means. But is it enough to justify full vulnerability of anyone trying to communicate on the internet, just to let the government catch criminals a bit easier? There is already evidence to support that they can crack into encrypted technology if they need to. Why the need to do it en masse?

Journalists rely on the confidentiality of their sources to tell the truth. In many countries, that’s beside the point as journalists themselves are the targets. The Committee to Protect Journalists quotes,

“Nigerian police have used telecommunications surveillance to lure and arrest journalists; a separate October report documented the Nigerian military’s use of forensic technology to search journalists’ phones and computers for sources.”

And not only that; what about start-up tech? NDAs? Cracked Zoom calls and crashed Wikr chats and proprietary information that was meant to be kept safe, but now there’s no safe place to hide it? Encrypted backdoors do more than expose your email messages (though that’s bad enough). They can fundamentally leave every industry without a basis of trust upon which to operate. Run a small business? Only until you get hacked and someone makes off with your payment card data. Build private-sector spaceships? Only until a state-sponsored attacker hacks your code and fails the mission in flight. Pretty much anyone, anywhere – as the journalists above highlight – can be affected by government backdoors. There is no way to stop unwanted intruders. There’s no way to separate a "lawful access” from a hostile one.

Backdoors for one weakens encryption for all.



Related Posts


Like this blog? We think you will love this.
Featured Blog

Microsoft Backs Off Internet Office Macro Ban [Update]

Microsoft disabled macro years ago by default

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Katrina Dobieski
Katrina Dobieski

Katrina writes for Venafi's blog and helps optimize Venafi's online presence to advance awareness of Machine Identity Protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more