The Guardian apologizes for flawed reporting on WhatsApp encryption

Thanks to “misinterpretations, mistakes and misunderstandings at several stages of the reporting and editing process,” The Guardian published a story that dramatically overinflated the potential impact of a security flaw in the popular WhatsApp messaging application — and after half a year of investigating, the British news agency has finally put out a mea culpa.

Security concerns were under the microscope in December 2016, when the social media giant was accused of misleading European regulators in advance of its $22 billion acquisition of the messaging app, while WhatsApp users were displeased to find that their information was being shared with Facebook. That relationship grew more complicated after a report from the Guardian in early January, which detailed the discovery in WhatsApp of “a security backdoor that can be used to allow Facebook and others to intercept and read encrypted messages.” But was that report accurate? A group of security researchers penned an open letter a week later asking the Guardian to retract its story, calling it “the equivalent of putting ‘VACCINES KILL PEOPLE’ in a blaring headline over a poorly contextualized piece.”

The crux of the debate: WhatsApp told users last April that it had implemented end-to-end encryption for all messages sent through its platform, but the Guardian’s report suggested that the app neglected to mention a caveat: Facebook can intercept your messages. And if Facebook can do it, then so too can a government agency.

On Wednesday, six months after the controversial Guardian report, the news agency acknowledged flaws in its reporting, admitting that it was wrong to make such claims.

“The Guardian ought to have responded more effectively to the strong criticism the article generated from well-credentialed experts in the arcane field of developing and adapting end-to-end encryption for a large-scale messaging service,” wrote Paul Chadwick, the Guardian’s fourth readers’ editor (a quirky British title for a reader advocate).

The alleged backdoor was brought to light by Tobias Boelter, a cryptography and security researcher at the University of California, Berkeley. “If WhatsApp is asked by a government agency to disclose its messaging records, it can effectively grant access due to the change in keys,” he told the Guardian at the time.

whatsapp business app phone feature

The supposed backdoor, the Guardian had explained, had to do with WhatsApp’s encryption, which depends upon a generated set of unique security keys, using the Signal protocol. These keys are traded and verified between users to ensure that their messages are protected.

However, WhatsApp apparently could generate new encryption keys for offline users without the prior knowledge of either the sender or receiver, and then have the sender re-encrypt messages with new keys to resend them. This process would essentially let WhatsApp intercept and read messages.

Boelter’s findings were further verified by Steffen Tor Jensen, head of information security and digital countersurveillance at the European-Bahraini Organisation for Human Rights. He noted at the time that “WhatsApp can effectively continue flipping the security keys when devices are offline and resending the message, without letting users know of the change till after it has been made, providing an extremely insecure platform.”

WhatsApp was indignant from the start, telling Digital Trends via email in January:

The Guardian posted a story this morning claiming that an intentional design decision in WhatsApp that prevents people from losing millions of messages is a “backdoor” allowing governments to force WhatsApp to decrypt message streams. This claim is false.

WhatsApp does not give governments a “backdoor” into its systems and would fight any government request to create a backdoor. The design decision referenced in the Guardian story prevents millions of messages from being lost, and WhatsApp offers people security notifications to alert them to potential security risks.  WhatsApp published a technical white paper on its encryption design, and has been transparent about the government requests it receives, publishing data about those requests in the Facebook Government Requests Report.

A group of security experts corroborated WhatsApp’s story shortly thereafter. Zeynep Tufekci took the charge on the open letter, which insists, “The behavior described in your article is not a backdoor in WhatsApp. This is the overwhelming consensus of the cryptography and security community,” as it is of Tufekci’s cosigners.

Moreover, the security experts criticized the lack of outside sources cited by the Guardian. “If you had contacted independent security researchers, many of whom, including the EFF, have written pieces calling your story irresponsible, they could have explained the issue to you and suggested how to report it responsibly,” the letter reads. “Your story notably lacks quotes, responses, or explanations by security experts in the field. Instead, it hinges on the claims of a single well-meaning graduate student.”

The Guardian issued its initial response in late January:

We ran a series of articles highlighting and discussing a verified vulnerability in WhatsApp and its potential implications.  WhatsApp was approached prior to publication and we included its response in the story, as well as a follow up comment which was received post-publication. While we stand by our reporting we have amended the article’s use of the term ‘backdoor’ in line with the response and footnoted the articles to acknowledge this. We are aware of Zeynep Tufekci’s open letter and have offered her the chance to write a response for the Guardian. This offer remains open and we continue to welcome debate.

The original article has been amended with the conclusions of the Guardian’s comprehensive review. The news agency also took the opportunity to highlight the strength of its journalism, following up its apology with a request for contributions. “The Guardian’s independent, investigative journalism takes a lot of time, money and hard work to produce,” the article notes.

Update: Added The Guardian’s official retraction in June.


Apple loses battle to use Intel modems in Germany in latest clash with Qualcomm

Apple is following the Federal Trade Commission's lead and has sued Qualcomm for a massive $1 billion in the U.S., $145 million in China, and also in the U.K., claiming the company charged onerous royalties for its patented tech.
Movies & TV

J.J. Abrams wraps production on Star Wars: Episode IX with a heartfelt message

Star Wars: The Force Awakens director J.J. Abrams has wrapped production on Star Wars: Episode IX, which he directed and co-wrote. Here's everything we know about the movie before it premieres in December 2019.
Social Media

Instagram test reveals direct messages may be coming to browsers

Instagram for the web has always been a minimalist affair compared to the feature-rich smartphone app, but in the last few years that's started to change. The latest news is that Instagram is considering adding direct messages.

Blockchain does way more than power Bitcoin. Here's how it works

What is a blockchain? It was once merely an academic idea and today it's the backbone of the cryptographic industry, helping to send billions of dollars worth of digital assets all over the world.
Social Media

Twitter boss again teases the idea of a button to edits tweets

Twitter CEO Jack Dorsey has suggested the company is still looking at options for allowing people to edit tweets. Ideas include a function that gives you up to 30 seconds to recall a tweet before it goes live on the service.
Social Media

‘Instagram egg’ embarks on a new adventure as man behind it is unmasked

The Instagram egg made global headlines recently after it became the most-liked post on the photo-sharing app. The person behind the account has now been revealed, as has his reason for choosing an egg for the stunt.
Social Media

Periscope tool adds guests to feeds so streamers can become talk show hosts

Periscope users can now invite viewers to chime into the conversation with more than just the comment tool. By enabling the option to add guests, livestreamers can add guests to the conversation, in audio format only.

Crouching, climbing, and creeping, the perfect Instagram shot knows no bounds

Just how far will you go for the perfect Instagram? A recent survey shows just how willing Instagram users -- and Instagram husbands -- are to climb, lie down, embarrass themselves or let their food go cold for the perfect shot.
Social Media

Facebook’s long-promised ‘unsend’ feature arrives. Here’s how to use it

Send a message to the wrong person? Messenger now gives you 10 minutes to take it back. After an update beginning to roll out today, users can now retract messages if they act within the first 10 minutes after sending the message.
Social Media

YouTube boss admits even her own kids gave the ‘Rewind’ video a thumbs down

YouTube's 2018 Rewind video went down like a lead balloon at the end of last year, becoming the most disliked video in its history. And now YouTube's CEO has admitted that even her own kids thought it was pretty darn awful.
Social Media

Snapchat finally recovers from its redesign — so here comes an Android update

Snapchat's drop in users after launching a controversial redesign has finally stagnated. During the fourth quarter and 2018 earnings report, Snapchat shared that the company is rolling out an Android update designed to increase performance.
Social Media

Skype’s new ‘blur background’ feature could help keep you from blushing

Skype's latest feature for desktop lets you blur your background during video calls. The idea is that it keeps you as the focus instead of distracting others with whatever embarrassing things you might have on show behind you.
Social Media

Twitter users are declining but more people are seeing ads every day

Twitter's end-of-the-year report for 2018 is a mix of good and bad news. The good news is that more users are seeing adds daily, the metric the company will focus on moving forward. But the bad news is that monthly active users are…

Switch up your Reddit routine with these interesting, inspiring, and zany subs

So you've just joined the wonderful world of Reddit and want to explore it. With so many subreddits, however, navigating the "front page of the internet" can be daunting. Here are some of the best subreddits to get you started.