News has recently surfaced of Australian politicians, including the Prime Minister Malcolm Turnbull, that have been using the popular messaging app WhatsApp to communicate and potentially to share confidential and sensitive information. The app is a great way to connect and chat with friends and colleagues, but discussing issues concerning national security is something many Australian’s would question due to the security risk it poses.
Background
Turnbull’s special adviser on cybersecurity, Alastair MacGibbon, has revealed that he, along with Attorney General George Brandis and several other Cabinet ministers, have been communicating through the messaging platform. He reasoned that it was due to WhatsApp’s end-to-end encryption feature it was chosen as a way to communicate, as it provides more ‘privacy and security’ than other more conventional ways of communicating like phone calling, email and text messaging.
Despite the security concerns, Senator Brandis has assured a Senate estimates committee that the nature of the conversations have only been ‘extremely routine’ and never issues concerning national security.
What is the privacy concern?
WhatsApp has not been approved by the Australian Signals Directorate (ASD) for transmitting sensitive information as it is absent from their Evaluated Products List. Despite there being some merit to Senator Brandis’ claim, there are still a magnitude of reasons as to why disseminating sensitive information on a service such as WhatsApp would not be advisable.
They are owned by Facebook
Ever since Facebook acquired WhatsApp back in 2014, the relationship between the two services in regards to user information has become increasingly relaxed. Earlier this year it was announced that WhatsApp was changing its policy to be more accommodative for Facebook, as it will now share the data of its one billion users to its parent company. According to WhatsApp, the data retained will only be used for marketing and advertising purposes, but there are privacy concerns due to information still being made public from WhatsApp’s servers.
It no longer remains under Governmental control
Due to WhatsApp sharing user’s data with Facebook, as soon as a Cabinet minister potentially shares any sensitive information concerning national security on the app, it no longer remains within the Government’s control. Once this information is sent, there is the chance that it is forwarded to an unauthorised recipient, or if the device is lost, can be accessed as it is it saved locally within the app.
WhatsApp can be easily hacked
There has been a rise of programs that can hack into WhatsApp’s servers with the aim of monitoring the activity of users on the service. An example of this would be WhatSpy, which allows someone to track the messages of another user, and even change their security and account settings.
Another vulnerability of WhatsApp is it’s recent media access control (MAC) spoofing attacks, where a user can change unique phone identifiers allowing them to reroute confidential information to another phone or email address. If anything like this were to happen to our Governmental official’s if they have been sending sensitive information, it would be a serious breach of national security.
Conclusion
It is debatable to whether governmental officials should be using WhatsApp to communicate due to the privacy concerns listed above. The question then arises to what form of communication should Cabinet ministers use, as alternatives such as text messaging, email and phone calling all pose their own security risks. Apps like Telegram may be a more favourable alternative due to its advanced encryption technology and strict approach to privacy and security.
What are your thoughts on Cabinet ministers using WhatsApp as a means of communication? Let us know by tagging us #lawpath or @lawpath.