The Bangkok bombers reportedly never met in person—they planned the attack on WhatsApp

Sketches of a suspect affiliated with the bombing posted in Myanmar.
Sketches of a suspect affiliated with the bombing posted in Myanmar.
Image: Soe Zeya Tun
We may earn a commission from links on this page.

Governments and civilians in the US, UK, and elsewhere are engaged in a debate over how to balance privacy with national security, especially when it comes to encrypted chat apps. The terrorist attacks in Bangkok might add more ammunition to the hawkish camp’s arsenal.

According to Thai media outlet The Nation, the instigators coordinated the bombing through WhatsApp, and never actually met in person. While the exact culprits’ exact whereabouts as they planned the attack remain unknown, at least one detained suspect hails from China, and is of the Uighur ethnic minority located in the country’s northwest, the Bangkok Post reports.

This would not be the first time that WhatsApp has allegedly been used to coordinate terror. Earlier in June, Belgian authorities detained 16 people allegedly affiliated with jihadist groups in Chechnya and Syria. According to the BBC, domestic police tracked down the suspects by working with the US to monitor messages exchanged on WhatsApp. WhatsApp was also shut down in the Indian state of Gujarat last month after deadly riots there.

Chat apps are generally more difficult to trace than text messages and phone calls, which the US National Security Agency collected by the hundreds of millions in its global sweep. This is due to a combination of legal and technical complications. WhatsApp is probably the world’s most ubiquitous chat app, but it’s far from the most private.

Apple’s iMessage, for example and other lesser-known apps, employ what’s known as end-to-end encryption—a method of communication that renders messages viewable only to the sender and receiver. WhatsApp started implementing end-to-end encryption in November 2014, but the rollout remains partial—according an engineer responsible for the project, bringing the tech to such a massive, scattered user base requires significant time. This means that governments and hackers can intercept messages relatively easily, as long as they are targeting users unaffected by the encryption.

Despite these issues, the app’s very popularity—it is used by 900 million people every month, globally—means that it is almost inevitable that it would be involved in some sort of coordinated, public event. We’ve reached out to WhatsApp to ask for more information about their encryption and privacy policies but have yet to hear back.

The arrests in Belgium highlight how state authorities, at least in public, tend to frame security and privacy as a trade-off. If Thai authorities had been on the watch for terrorist activity, the hawks might argue, they could have tracked down the instigators before they acted.

Of course, many average citizens and tech firms are balking at handing over their and their customers information. Apple and Microsoft have been fighting government pressures to hand over user data, or in some cases, cease to implement end-to-end encryption, the New York Times reports.

The WhatsApp connection also points to a puzzling quirk in China’s ever-puzzling internet. Despite being a foreign social app owned by Facebook, WhatsApp remains completely usable from China, readily available in China’s app stores and works without a hitch, while messengers like Japan’s Line and Korea’s KakaoTalk have been swatted. If these terrorist attacks were in fact conducted by Chinese users, WhatsApp could face similar fate.