WhatsApp’s encryption could make it a target of the Chinese government

WhatsApp founder Jan Koum
WhatsApp founder Jan Koum
Image: Reuters/Albert Gea
We may earn a commission from links on this page.

WhatsApp’s announcement April 5 that it will implement end-to-end encryption poses a major challenge for governments struggling to balance individual privacy with national security. The feature effectively makes one of the world’s largest chat apps a safe haven for anyone looking to hide communications from the authorities.

Authorities around the world are likely to take issue, but expect a lot of pushback from China, where the government has shown little tolerance for encryption, and even less tolerance for foreign social media apps.

Even before the announcement was made, the fact that WhatsApp remains unblocked and fully accessible within China is pretty amazing. While the app is no where near as popular as local WeChat, an estimated tens of millions of Chinese citizens are using it.

Beijing began blocking foreign social media in earnest in 2009 and has only gotten stricter. In the summer marking the 25th anniversary of the Tiananmen Square massacre, authorities cut off access to WhatsApp parent Facebook, Twitter, Flickr, YouTube, and Hotmail. Google followed one year later, after it shut down its China-facing search engine due rather than submit to Beijing’s censorship demands.

Since then, Line and KakaoTalk—chat apps similar to WhatsApp—were blocked in August 2014. In November, Facebook’s Instagram also got shut in China, despite its sizeable user base there.

WhatsApp, which launched in China in 2010, has already proven itself as a valuable tool for anti-Beijing activism—many of the leaders of Hong Kong’s Umbrella Movement organized protests through the app’s Group Chat feature. There was nothing then to stop Chinese users from joining these groups, and there’s nothing stopping them now either.

From a regulatory perspective, the Chinese government does not have clear rules indicating whether or not encryption is tolerated. According to a State Council order from 1999, companies that make ”products” with encryption must first get a license from the government. A list of relevant products included things like encryption-enabled fax machines and telephones—dated tools by today’s standards.

But from a practical perspective, the government’s tolerance for encryption can be assessed by an incident involving chat app Telegram last year. In July 2015, Chinese authorities detained a group Chinese human rights lawyers. State media reported that many of them were using Telegram, an encryption-enabled app to communicate with one another. Around that time, Telegram suffered a DDOS attack, rendering its app useless for people in in Asia Pacific.

Telegram has declined to name Chinese authorities as the attack’s culprit, specifying only that the attacks came from East Asia. But all signs point to the Chinese government. Around the time of the attack, Telegram’s URL was blocked, and the app continues to remain inaccessible from mainland China, even as it continues to operate with out failure elsewhere.

WhatsApp’s size globally bests Telegram tenfold. It has 1 billion monthly active users, compared to Telegram’s 100 million.

This shift to encryption could effectively include China’s activists into a protected network of 1 billion people.

If the Chinese government launches a DDoS attack against WhatsApp in the future, it may be felt by users from around the globe, as were similar attacks on Telegram and Github. A mere block on WhatsApp from China would be unsurprising. A DDoS attack from China’s Great Cannon would be a virtual shot heard around the world.