The news that Facebook’s(FB) WhatsApp now supports encryption across all its apps is nothing short of seismic.
There have always been those who were keen on using encrypted communications — politicians trying to avoid the gaze of their rivals and foreign spies, corporate executives trying to protect their trade secrets, activists trying to organize opposition to oppressive regimes and, yes, criminals trying to evade law enforcement.
But, in the big picture, these are fringe cases. Before Edward Snowden told the world about the extent of state surveillance in 2013, few “normal” people were interested in adding heavy protections to their communications. Soon, over a billion of them will be using this facility without even trying.
Get Data Sheet, Fortune’s technology newsletter.
For privacy advocates, this marks an enormous victory that few would have predicted would come so soon after Snowden’s revelations.
The problem was this: Generally speaking, good end-to-end encryption, where users rather than service providers hold the keys, is a pain to use. Most people don’t adopt technologies that aren’t easy to use.
Encrypted email has been around for decades, and once it is set up, it’s not that tricky. But setting it up requires a degree of technical knowledge that most people do not have.
Recently, encrypted-messaging apps have made the process of protected communications much simpler. However, none of them has the immense reach of WhatsApp, and security experts are suspicious of the quality of the technology in some of them, or the fact that some default (Telegram) or occasionally switch (iMessage) to non-encrypted modes.
I respect @durov, but Ptacek is right: @telegram's defaults are dangerous. Without a major update, it's unsafe. https://t.co/pbBt2rHr5x
— Edward Snowden (@Snowden) December 19, 2015
An important factor in WhatsApp’s encryption push is the pedigree of the people behind the technology. The outfit is called Open Whisper Systems and it’s led by a very highly regarded cryptographer who uses the name “Moxie Marlinspike” and was once a key member of Twitter’s(TWTR) security team (Twitter bought an earlier company of his, Whisper Systems, to beef up its own security).
Open Whisper Systems created an app called Signal that provides encrypted text messaging and voice calls (functions that were originally marketed on Android as TextSecure and RedPhone respectively). It is this technology that is now incorporated into WhatsApp, across all its mobile platforms — iPhone(AAPL), Android(GOOG), Windows Phone(MSFT), Nokia(NOK) S40, Nokia S60, Blackberry(BBRY) and BB10.
The tech is state-of-the-art and uses clever tricks such as “forward secrecy” — each conversation uses a new key, so if an attacker steals the key, they cannot decrypt earlier conversations (a big problem with encrypted email). The code is open-source and has been audited. Users can even verify the security of their conversations by comparing their “security codes”. Snowden himself promotes it.
All of this is now coming to a billion people’s pockets without them having to do anything about it. They don’t have to choose it — they already use WhatsApp, and this is just what the latest upgrade contains. The system will default to encryption and, once they have an encrypted conversation with someone over WhatsApp, it won’t ever fall back to non-encrypted mode.
Users don’t need to consider the arguments about having “nothing to hide” and the balance between national security and privacy. They don’t need to turn to specialists with expensive secure handsets, like Silent Circle and Blackphone. This is now simply what their communications app of choice does.
For more on the debate, watch:
For Facebook/WhatsApp, it’s a timely move. Rivals such as Telegram, which now has 100 million users, have been gaining popularity because of their overt focus on security.
WhatsApp has been offering Signal’s encryption technology to its Android users since late 2014, but on other platforms it was just regular old WhatsApp, with its biggest selling point being the fact that everyone you knew was already on it. Now there’s much less reason to look elsewhere.
Interestingly, Marlinspike and his team got U.S. government funding for the development of their technology, from the same Open Technology Fund that threw cash at Tor, the anonymization tool. This fund came out of a policy, pushed by erstwhile secretary of state Hillary Clinton, to help pro-freedom activists across the world communicate without the authorities listening in.
https://twitter.com/csoghoian/status/717406545651372032
Ironically, this is the same Hillary Clinton who recently called for a “Manhattan-like project” to break encryption, to make sure the authorities can listen in.
You can’t have trustworthy and breakable encryption at the same time and, now that the world’s biggest messaging platform has opted for trustworthiness, the debate has shifted yet again.
There is still scope for spies and criminals to bypass encryption by hacking into phones and seeing what people are typing, but that’s a different matter. High-grade encryption is now the norm in app-based mobile communications, and it would be very difficult to stuff that genie back in the bottle.
