With the wave of smartphones, came communication apps. These apps often bundle many existing types of communication such as text messaging, group chats, video, etc. in to one application that was designed with privacy in mind. There are dozens of messaging/communication applications on the market however WhatsApp, Signal and Telegram are some of the most popular for the privacy conscious user.
There are millions of people using these messaging apps today. Some users are using them for their rich feature set while others are using them to avoid detection by Law Enforcement. Criminals have been using these apps in many ways from setting up a drug deal to plotting terrorist attacks.
After the terrorist attack in London last week, police determined that the terrorist was using WhatsApp shortly before he carried out his attack. Due to built-in security features of WhatsApp, the contents of the communication were deleted from their servers. What they have available to them via a subpoena is similar to what you would see on a phone bill. The date/time, sender/recipient, etc. This will at least give detectives the ability to determine who he was communicating during the days leading up to the attack.
Following this attack, there is a big push by the UK government for developers of these applications to supply a method for investigators to remove the security so they can access the contents of the message on future cases. In some of theses applications it is easier said than done as they would need to totally redesign their infrastructure. Plus they would likely lose many of their users which would ultimately hit the companies bottom line.
In today’s world of big data, security vs. privacy often comes up. Should the developers of a communication application design a solution that logs every conversation of every user to assist in the investigation of a high profile crimes? Or should they design the application that deletes the communication once it is delivered to ensure privacy of the millions of users? Do you lean towards security or privacy?