Zuckerberg let CIA see WhatsApp message

Did Zuckerberg REALLY say CIA can read your WhatsApp messages?

It is now spreading on X that Mark Zuckerberg ‘confessed’ on Joe Rogan’s show that the CIA can read your WhatsApp messages. As this news article reported,

CIA Can Read Your WhatsApp Messages, Zuckerberg Reveals

Meta CEO Mark Zuckerberg has confirmed that U.S. authorities, including the CIA, can access WhatsApp messages despite the platform’s robust end-to-end encryption. 

The problem with this headline (and social media posts) is that it gives people the WRONG idea that he had revealed this new information: There exists a backdoor in WhatsApp that allows authorities to read EVERYONE’s WhatsApp messages.

No!

This was not what Mark Zuckerberg meant. What he said was in fact, old news. Mark Zuckerberg revealed nothing that the world already knows. He was merely explaining the nuances of end-to-end encryption (E2EE).

It applies to all encrypted messaging apps

First, the privacy issue he brought up applies to all messaging apps. It is not just WhatsApp that is affected. So, bear that in mind as you read this article.

End-to-end encryption is still secure

As I wrote in my most popular article, Which is the most secure messaging app? Signal, WhatsApp, Telegram, ProtonMail, iMessage, etc?,

This means that before your message leaves your device/computer, it is encrypted with a key that only you and your recipient know. Then you send that encrypted message to the server with a layer of transport security. Once your encrypted message arrives at the messaging server, whoever controls the server still cannot read your message because it is encrypted. Then the server forwards the encrypted message to your recipient. Your recipient can read your message because both of you have engaged in a cryptographic protocol to ensure that he/she has the decryption keys to read your message.

To put it simply, with E2EE, the messaging server receives and forwards gibberish to its users.

As Mark Zuckerberg told Joe Rogan,

The thing that encryption does that’s really good is it makes it so that the company that’s running the service doesn’t see it. 

He was not revealing anything new.

How authorities can read your encrypted messages?

As I wrote in my book, Easy Guide to Cybersecurity & Privacy, I mentioned these 2 fundamental laws of cybersecurity:

If a bad guy can alter the operating system on your computer, it’s not your computer anymore.

If a bad guy can persuade you to run his program on your computer, it’s not solely your computer anymore.

What Mark Zuckerberg told Joe Rogan was an example of when the fundamental laws of cybersecurity are violated. As the news article reported,

Zuckerberg went on to highlight that law enforcement agencies like the CIA do not need to intercept messages in transit because they can directly access data on the device. He mentioned spyware tools like Pegasus, which can be covertly installed on phones to access a wide range of data, including encrypted messages, photos, and call logs. Once installed, spyware can bypass encryption and give authorities unfettered access to the user’s phone without their knowledge.

In other words, the authorities do not need any backdoor to WhatsApp or any other secure messaging apps. All they need is to compromise your device. Once your device is compromised, it is game over for your privacy.

Zuckerberg mentioned “Pegasus”, which is also a topic that we mentioned on this website.

Can authorities read EVERYONE’s encrypted messages?

If authorities can only read your encrypted messages by compromising your device, it implies one thing: it cannot read everyone’s encrypted messages. In other words, they cannot conduct mass surveillance on everyone’s encrypted message content. They can, however, conduct surveillance on specific people’s encrypted message content by compromising specific people’s devices.

What is the privacy problem that is unique to WhatsApp?

However, there is a privacy issue that only WhatsApp has.

As we wrote in my article, Which is the most secure messaging app? Signal, WhatsApp, Telegram, ProtonMail, iMessage, etc?,

Basically, anything that is not the content of your encrypted messages will be hoovered up by [Meta]’s powerful data collection machine. In contrast, Signal wants to collect as little information about you as possible.

In other words, WhatsApp collects the metadata of your usage of the app. For example,

  • Who do you send and receive messages to?
  • Who are your contacts?
  • Which group are you a member of?

And make no mistake: WhatsApp shares your metadata with the authorities! This is revealed in the reality TV show in Australia, Hunted, where the ‘authorities’ tracked the ‘fugitives’ by requesting metadata from WhatsApp.

Mass surveillance on WhatsApp?

Since Meta shares their users’ metadata with the authorities, it is certainly possible that authorities can conduct mass surveillance on everyone’s WhatsApp metadata. Big data analysis on everyone’s WhatsApp metadata can then help inform authorities which specific person to conduct surveillance on.


DON'T GET HACKED!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from iSecurityGuru

Subscribe now to keep reading and get access to the full archive.

Continue reading