WhatsApp Encryption Shows Value Of Metadata

Posted on Nov 22, 2014 by Rick Falkvinge

WhatsApp starts encrypting all conversations end-to-end. Would Facebook really allow WhatsApp to throw away the business value in a 19-billion acquisition? Of course it wouldn’t. This demonstrates that the snoop value was in the metadata all along: the knowledge of who talks to whom, when, how, and how often. Not in the actual words communicated.

The big news in privacy this week was that WhatsApp, the phone messaging company that was bought out by Facebook, adds end-to-end encryption to its conversations in order to prevent government spooks from listening in to our private conversations. This move tells us an enormous amount about what kind of privacy is overlooked.

WHen we consider privacy, we tend to think in terms of what we communicate, not necessarily how we communicate it. Consider the so-called Data Retention laws, now struck down as illegal, which mandated logging of every aspect of our communciations – except the actual contents. Just the so-called metadata: when, where, how, to whom, for how long.

But as many have argued, the metadata is not exempt from privacy. Studies from Germany showed early that people were already refraining from making phonecalls that could conceivably be used against them in the future, when the existence of those phonecalls was logged: calls to drug helplines, suicide hotlines, even psychologists and marriage counseling.

Going beyond the superficial surface, it is obvious that this so-called “metadata” is sensitive. Spy agencies argue that they will never know what you talked about. And sure. You placed a phonecall from the top of the Golden Gate bridge, while stationary, to a suicide hotline. Would a spy agency need to hear the conversation to draw conclusions about its contents? Or if you called a phone sex line at 4:05 am on a Saturday night, speaking for 18 minutes – is it really a waterproof argument that the agencies can’t possibly know anything about the contents of that conversation?

This is why the end-to-end encryption of WhatsApp is so interesting. On the surface, it provides privacy against snooping and wiretapping. But Facebook, one of the most privacy-invasive environments we know, just purchased WhatsApp for a jaw-dropping 19 billion dollars, with a B. Would you really believe that Facebook would allow WhatsApp to remove the business benefits of that enormous purchase just months after closing the deal?

No. No, of course they wouldn’t. So where’s the value?

It’s in knowing who communicates with whom, how, when, from where, and how often. In the metadata. Apparently, that’s much more sensitive – or useful, depending on your perspective – than the actual contents of the correspondence. That’s what Facebook paid 19 billion dollars to obtain; not the actual messages (because Facebook just literally threw them away).

And now that we know that Facebook paid 19 billion dollars just to obtain that metadata, maybe we should be a little bit more critical at governmental agencies both demanding to know it at gunpoint and excusing it as no big deal at the same time.

Privacy remains your own responsibility.