A growing list of prominent cryptographers and cybersecurity researchers published an open letter asking the Guardian to retract an article it published last week asserting that WhatsApp had a backdoor, making it unsafe to use.
The Guardian argued that design decisions by WhatsApp made to increase reliability for users meant that governments could potentially force the company to hand over messages. The decision was a deliberate one by WhatsApp’s designers and the issue has been known for months.
“Unfortunately, your story was the equivalent of putting “VACCINES KILL PEOPLE” in a blaring headline over a poorly contextualized piece,” wrote Zeynep Tufekci, an associate professor at the University of North Carolina at Chapel Hill who organized the open letter.
The 2,000 word letter, signed by academics and professionals across the security world, deftly explains the “trade off” made by cryptographers in favor of WhatsApp’s reliability, a point backed by the app’s over 1 billion users around the world. Reliability and ease of use is a key to WhatsApp’s wide popularity.
“You never should have reported on such a crucial issue without interviewing a wide range of experts,” the letter continues. “The vaccine metaphor is apt: you effectively ran a ‘vaccines can kill you’ story without interviewing doctors, and your defense seems to be, ‘but vaccines do kill people [through extremely rare side effects].’”
Tufekci and her long list of allies on this issue — no security expert has backed the Guardian decision to call WhatsApp backdoored and none were interviewed before it was published — point to concrete dangers posed by the story.
Your story has been reported widely around the world. For example, it was picked up by the Turkish media, including what remains of its dissident press. The story was carried in Turkey’s largest opposition newspaper, using your phrasing and paired with a statement by the head of Turkey’s internet administrative body–which oversees all the censorship and surveillance decisions–who quickly jumped to frame WhatsApp as unsafe. The message heard by activists, journalists and ordinary people around the world was clear: WhatsApp has a backdoor, it’s insecure, don’t use it.
Since the publication of this story, we’ve observed and heard from worried activists, journalists and ordinary people who use WhatsApp, who tell us that people are switching to SMS and Facebook Messenger, among other options–many services that are strictly less secure than WhatsApp.
The impact has been felt in the United States as well. Participants in the upcoming Women’s March on Washington, a large protest scheduled for Saturday, received emails instructing them to avoid WhatsApp, citing the Guardian’s article as proof that the app is flawed.
The Guardian, which has changed the original headline of the piece and edited some of the copy, will not retract the article, according to a comment provided to TechCrunch:
We ran a series of articles highlighting and discussing a verified vulnerability in WhatsApp and its potential implications. WhatsApp was approached prior to publication and we included its response in the story, as well as a follow up comment which was received post-publication. While we stand by our reporting we have amended the article’s use of the term ‘backdoor’ in line with the response and footnoted the articles to acknowledge this. We are aware of Zeynep Tufekci’s open letter and have offered her the chance to write a response for the Guardian. This offer remains open and we continue to welcome debate.