What(sapp) took you so long?
At iPushPull we take our users’ privacy and security very seriously, so we were intrigued that two of the biggest news stories to break this week relate to just that. We think it’s great that everyone is suddenly talking about encryption. Whatsapp‘s plan to incorporate Open Whisper Systems‘ TextSecure protocol for end-to-end encryption is old news, announced way back in 2014. Perhaps the most surprising about this week’s headline-grabbing roll-out is that it took so long to get here. There are significant technical hurdles to overcome when it comes to retro-fitting encryption to an existing platform, but making that additional layer of security convenient for customers to use is and even bigger challenge. Whatsapp have done a great job; most of their billion or so users won’t even be be aware of it. In fact, it’s so seamlessly integrated they had to put a message in the app to let people know it’s there.
Whatsapp end-to-end encryption to Panama Papers
What’s really interesting about the Whatsapp story is that, not only is end-to-end encryption enabled by default, there is no way to opt out and turn it off. It’s a clear statement of intent from Whatsapp that they believe this is the new minimum benchmark for privacy and security.
At iPushPull we designed security from the outset and we always at the forefront of our considerations when designing and developing the platform. We’ve had end-to-end encryption since we started in 2014, but we don’t make it compulsory. We allow our users to enable it on a page-by-page basis, whenever they like, and adjust those settings as their privacy needs change. A new, more intuitive user interface is already in development which we hope will open encryption for spreadsheets to the masses in the same way Whatsapp has done for messages. Just as we strive to let our users take control of their content, we believe that they should have the tools to take control of the security of that content too.
This brings us neatly to the biggest news story of the week: The Panama Papers. Whatever you think about the morals of Mossack Fonseca and some of their customers (and as others have noted, there are genuine reasons for using the services they offer), there is no doubt that it represents a massive failure of corporate and data security. How many other corporations are at risk of a similar leak; how many of those corporations hold information about you?
No matter how seriously an organisation takes data security or how well they think it is implemented, it’s all for nothing if employees are circumventing it by, for example, emailing documents to clients or putting them in their personal cloud storage to work on at home.