Meta CEO Mark Zuckerberg’s statement that the US intelligence agency American Central Intelligence Agency (CIA) can access WhatsApp messages is one of the biggest confessions in the field of technology. With this statement, MET CEO also corrected an illusion: What encryption does is ensure that the company that runs the service does not see it. Although some security measures such as end-to-end encryption are taken, such encryptions are of no importance.
Meta CEO Mark Zuckerberg’s assessments of how the US intelligence agency CIA can access individuals’ WhatsApp messages have been a subject of great debate in the media. Speaking to the Joe Rogan Experience on Saturday, Zuckerberg reminded us that intelligence agencies like the CIA can read WhatsApp messages by physically accessing individuals’ devices.
Zuckerberg said that while WhatsApp’s encryption prevents Meta servers from seeing the content of messages, this protection does not extend to data stored on a user’s device. “What encryption does is make sure that the company that runs the service doesn’t see it. If you’re using WhatsApp, there’s no point at which the Meta servers see the content of that message.”
According to the news in Euronews, there is almost no such thing as encryption. The following information was shared in the news.
While the META CEO’s words were covered with ambitious headlines such as “Zuckerberg’s big confession,” some media outlets made comments that the end-to-end encryption in WhatsApp did not work. However, it is already known that end-to-end encryption does not have a feature such as protecting messages in case of remote access to the phone. Cybersecurity experts have long said that people’s phones can be accessed and their messages read with spyware or similar tools.
Meta first started bringing end-to-end encryption to its popular messaging app in 2014. Today, this encryption feature is used when users chat with another person on the app.
WHAT IS WHATSAPP END-TO-END ENCRYPTION? The end-to-end encryption feature ensures that the content sent can only be read and listened to by the sender and the recipient, and that the messages are not kept on any other server. In this way, third parties, including WhatsApp, are prevented from accessing the content of the messages. This feature works roughly like this: A pair of keys are generated for each party messaging. The messages sent are encrypted, and this password can only be opened with the key in the recipient’s possession.
For a clearer understanding, let’s imagine two users named X and Y. X and Y are using an end-to-end encrypted app like WhatsApp while messaging. The keys that can encrypt and decrypt messages remain on both users’ devices. The app stores a key on X’s phone and a key on Y’s phone. X’s phone encrypts the message with the key, then forwards the encrypted message to Y’s phone. Y’s phone automatically activates the key and decrypts the message. Y can then see the content of the message. This entire process is automatic on WhatsApp. In other words, the user does not need to enable any settings to secure their messages. End-to-end encryption does not allow WhatsApp to hold any of the message or conversation content. This makes it impossible for governments and others to request and receive messages from specific people on WhatsApp.
On the other hand, the CIA and other intelligence agencies or hackers using spyware to remotely access phones has nothing to do with end-to-end encryption protocols. Because spyware directly accesses individuals’ devices and monitors their activities in this way. It’s a process similar to being able to see the WhatsApp messages of a passenger on the bus. Therefore, end-to-end encryption is not a protocol that can provide protection in this regard.
INTELLIGENCE ORGANIZATIONS CAN ACCESS THE PHONE Indeed, the CIA or other intelligence agencies can remotely access a person’s phone as part of a targeted and legally approved operation. However, this is a technically very complex, expensive and usually only applied to high-importance targets. A significant example of this was seen in the Pegasus Spyware Scandal developed by the Israeli company NSO Group. In 2021, a major cybersecurity and ethical violation incident emerged that revealed that the Pegasus spyware was used against journalists, human rights defenders, dissidents, politicians and others around the world.
