On 20 July 2016, a court in Brazil temporarily blocked access to WhatsApp on the basis that its owner, Facebook, had shown “total disrespect for Brazilian laws”. Hours later, the decision was overturned by Brazil’s Supreme Court for being “scarcely reasonable or proportional”.
Communicating through online services other than email and SMS is on the rise, and for many people, it is now the norm.WhatsApp, owned by Facebook Inc, is a service used by 1 billion people worldwide, with 2.4 million users in Australia. Facebook itself has 1.65 billion users, with more than 900 million users on its own Messenger service.
This month’s ban on WhatsApp marks the third time such a ban has occurred in Brazil – the longest being in place for 72 hours. This most recent ban arose from Facebook’s refusal to provide chat logs from WhatsApp related to a criminal investigation. Facebook declined to provide the requested chat logs because it claimed not to have access to WhatsApp users’ messages.
WhatsApp's end-to-end encryption ensures that only its customer and the person its customer is communicating with can read a message. Nobody in between, not even WhatsApp, can access that message. End-to-end encryption means that encrypted communications are only decipherable when viewed on the recipient’s device. Therefore, only those with access to the recipient’s device can see the message in readable form.
End-to-end encryption is now the only way to communicate using WhatsApp – that is, you cannot opt in or out. WhatsApp describes its service in its Privacy Notice as follows:
Users type their messages, which are sent via data service to our servers, and routed to the intended recipient (who must also be a WhatsApp user), if that recipient is online. If the recipient is not online, the undelivered message is held in WhatsApp’s server until it can be delivered. If the message is undelivered for thirty (30) days, the undelivered message is deleted from our servers. Once a message has been delivered, it no longer resides on our servers. The contents of any delivered messages are not kept or retained by WhatsApp — the only records of the content of any delivered messages reside directly on the sender’s and recipient’s mobile devices (and which may be deleted at the user’s option)…
Files that are sent through the WhatsApp Service will reside on our servers after delivery for a short period of time, but are deleted and stripped of any identifiable information within a short period of time in accordance with our general retention policies.
In July 2016, it was reported that Facebook began testing end-to-end encryption on Messenger and will be rolling out the encryption technology soon. It is possible that other online messaging services will also implement end-to-end encryption as a default on their services. If this is the way the market is moving, it may be that free email service providers start to do the same.
From an Australian perspective, the use of end-to-end encryption represents a real risk for preserving, obtaining and presenting evidence of communications.
Ordinarily, where it is suspected that evidence in digital form existed but has not been discovered by a party, it is possible to obtain that evidence by obtaining a court order for production against a third party who holds that information. For example, in the case of email accounts, a subpoena may be issued to the service provider for all emails kept on its servers for a particular email address.
Legislative reforms aimed at WhatsApp and other encrypted messaging services are being debated overseas, primarily in the context of national security issues. It remains to be seen how Australian courts will respond to the rise of these services and their impact on the evidentiary process. We will watch any such developments with keen interest.