Vulnerable WhatsApp encryption revealed

Recent research conducted on WhatsApp, the instant messaging service now owned by Facebook, has suggested that there may be a security backdoor that would allow third parties to intercept and read messages. WhatsApp recently introduced end-to-end encryption in their messages, (this notification appears as an embedded message at the top of a new chat) which creates a unique encryption exchange between users to guarantee a safe connection and secure the contents of all messages. However, it has been discovered that this new feature also gives WhatsApp the ability to create new encryption keys for offline users which would force the sender to re-encrypt and resend the messages, all the while the recipient and sender would be unaware. This revelation goes against the statements issued by Facebook which have stated that end to end encryption is impenetrable.

Campaigners have argued that this represents a huge threat to freedom of speech, and are worried about who may use this information, particularly as WhatsApp has become popular with activists and diplomats who believe their messages are secure.

Whatsapp confirmed in a blog post last February that it had succeeded in having 1 billion users, thus making it one of the world's most popular social media messaging platforms.

As reported by The Guardian, further information can be found here.


New EU law on cookie banners

Most sites deliver cookies requests via a banner, either at the top or bottom of the entry webpage, but many users have found these banners to be intrusive and irritating. This, in turn, has led to calls from numerous web companies for the so called "cookie law" to be scrapped.

Although The Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR) covers the use of cookies, the "cookie law" is a piece of specific legislation that was introduced in 2011 by way of update to PECR. Cookies are the files that are downloaded from a device enabling companies to track the users' actions, which can be extremely beneficial to their future advertising and personalisation for that particular user.

Following the introduction of the "cookie law", the Information Commissioner's Office (ICO) introduced in May 2012; "Guidance on rules on use of cookies and similar technologies," which formalised the requirement for website operators to have cookie consent requests, in order to inform users that the website that they were on used cookies and to obtain their consent to have cookies placed on their machine.

A new European Commission proposal has suggested that web users might be able to set a general preference for the level of cookies that they consent to being stored on their systems, thus removing the need to accept cookies from multiple websites via banners.

However, a number of industry commentators have voiced concerns that the proposed approach might, ultimately, be no less intrusive if it means that users will have to go through the same set up process on every browsing device and app that they use.

It is hoped that the proposed changes will be introduced by May 2018 (as part of the e-Privacy Regulation updates), which coincides with the introduction of the General Data Protection Regulation (GDPR).

As reported by The BBC, more information is available here.

 New e-Privacy Regulation proposals

On 10 January 2017, the European Commission put forward its new proposals for EU Law on Privacy and Electronic Communications, with the aim of increasing protection of private data whilst, at the same time, promoting online business.

The proposed regulation will seek to harmonise the protection of personal data across the EU by ensuring that electronic communications providers, such as Facebook messenger, Whatsapp and iMessage, fall within the scope of the rules protecting user privacy.

Although user consent will be required in order for companies to collate the personal data that they receive from their users, the regulations would give companies greater scope to use their lawfully collected data.

Companies in breach of the proposed regulations would face stiff penalties of up to 4% of global turnover, the same as those that are soon to be introduced by the GDPR.

The Vice-President for the Digital Single Market, Andrus Ansip, commented:

"Our proposals will deliver the trust in the Digital Single Market that people expect. I want to ensure confidentiality of electronic communications and privacy. Our draft ePrivacy Regulation strikes the right balance: it provides a high level of protection for consumers, while allowing businesses to innovate."

AG will be releasing detailed guidance on the e-Privacy Regulations in due course.

Further information can be found on the European Commission site, here.