> This is just plain wrong. I'm questioning that, because WhatsApp has to add a back-door for sure. And Doctorow knows that. This is because of Section 215 US Patriot Act – at least there is a legal back door, which can be (ab)used by US governmental agencies at any time.<p>Care to elaborate on that? Because I don't think there's any law right now, not even CALEA, that <i>demands</i> a backdoor in a chat application. That's not to say Whatasapp won't <i>willingly</i> add such a backdoor, but I don't think anything legal forces them to do it. FBI has been lobbying for the past few years to pass such as a law, though, which is for now unsuccessful, fortunately.<p>I'd say wait a year or so after Whatsapp enables this and for iOS, too. If we won't hear anything from the US, Saudi, Indian or Chinese governments about how angry they are at Whatsapp's new encryption, then we should start to become very suspicious about that encryption. Because this should make them <i>at least</i> as angry as full disk encryption made FBI. Heck, the Saudi gov was even pissed off at Whatsapp's HTTPS encryption.
"After 9/11, the US intelligence community became so excited by the possibilities of new technology and the innovations being made in the private sector, that in 1999 they set up their own venture capital fund"
From Wikipedia:<p><i>"FISA was modified by section 215 (Access to records and other items under the Foreign Intelligence Surveillance Act) to allow the Director of the FBI (or an official designated by the Director, so long as that official's rank is no lower than Assistant Special Agent in Charge) to apply for an order to produce materials that assist in an investigation undertaken to protect against international terrorism or clandestine intelligence activities. The act specifically gives an example to clarify what it means by "tangible things": it includes "books, records, papers, documents, and other items".</i><p>So yes, they have to provide access to the records they have, which is a big reason why end-to-end crypto is rolled out in the first place. If the records don't contain any decryption keys, the <i>content</i> of messages is safe. All other metadata (sender, receiver, timestamp, message size) is not, since it's needed for delivery.
Unless they open-source it, I do not consider WhatsApp secure. However, I still applaud them for integrating encryption. It is one step further in transforming our society such that everybody expects encryption to be easily available and on by default. It raises the standard in the eyes of the people even if this particular app is not really secure.
This does nothing to prove WhatsApp is insecure, in as much as I could write the same rambling article citing sources claiming WhatsApp IS secure.<p>I'm not sure if this article was posted for us to have a chuckle at, or as a serious thing.