When looking at end-to-end encryption from a medical perspective and in relation to WhatsApp or iMessage, the answer is reasonably clear. Both WhatsApp and iMessage are services owned by US based companies. This becomes an issue of data sovereignty. Paraphrasing regulations, most countries state that patient data should not travel internationally if it can be accessed without knowledge by a foreign entity. We argue that foreign entities could access patient data sent via WhatsApp or iMessage. See the discussion below for details of how.
What is Public-Key Cryptography?
First of all, let's get a very simplistic understanding of "public-key cryptography". Imagine you have a letterbox and it has two keys. One key will let you drop letters into the slot, and one will let you take the letters out. The input key and the pickup key are different. You can't use the pickup key to drop letters in, and you can't use the input key to pick them up. That means that you can give the input key away to as many people as you like and all they can do is drop letters into the letterbox. Your letters are safe unless they find a copy of the pickup key or they find a weakness in the way your letterbox is designed.
In cryptography terms, your "public key" is the input key for the slot. You can share it with everyone, and anyone can encrypt a message for you. Once a message is encrypted, that public key can't be used to decrypt it - it only works in one direction. Once encrypted, the "private key" (or pick up key) is the only way to decrypt the message and make it readable. This is, of course, assuming there are no exploits (weakness in the letterbox design) and that the key can't be guessed using "brute force").
How Does End-To-End Encryptions Work?
So know you know the basics, here is how end-to-end encryptions works for iMessage, WhatsApp and a handful of other messaging services. Let's use WhatsApp as an example.
- When you start using WhatsApp, your phone creates a set of private and public keys.
- Your public key is sent to WhatsApp's servers, and your private key stays on your phone. WhatsApp never sees your private key.
- When someone else (let's call them Charlotte) starts a conversation with you, they get your public key from WhatsApp's server.
- Before they send a message to you, it is encrypted using your public key. This means that (theoretically) only you can decrypt it with the key on your phone.
- Charlotte's phone then sends the encrypted message to WhatsApp's server, which in turn, sends it to your phone.
- If Charlotte is sending the message to you and someone else (let's call them Stella) then the same process applies twice. Charlotte has your public key, and Stella's public key and her phone encrypts the message twice and sends two copies to WhatsApp's server.
It gets a little more complicated when you factor in sending images and other attachments. It is also complicated a little more when you factor in "signing" messages (which helps ensure no one modifies the message in transit) but these concepts are beyond the scope of what we need to understand here.
How Could End-To-End Encryption Be "Broken"?
So how could such a system ever be broken?
- A brute force attack. This involves getting a supercomputer to guess what the private key is and over and over until it gets it correct. This theoretically possible but unlikely to occur.
- WhatsApp could update their app and replace their encryption with a glaring security hole. Ultimately, you are relying on WhatsApp to do the right thing. You are putting your messages into a black box, and even if you know how the black box works, you have to trust that the black box is not changed.
- Facebook, an American company, owns WhatsApp. It is possible that they have been required, by court order, to encrypt each message sent with an extra public key (one for Charlotte, one for Stella, and one for Uncle Sam) and told they must keep quite about it. That would mean they, or the government, has the private key to decrypt the message. There is no way of knowing if this has happened or how likely it is. Let's just say "Snowden"!
- It is possible (more likely on Android) that a user contracts a virus on their phone and, the writer of the virus gets a copy of messages sent to them. If they managed to infect the phone of a gynaecologist, or a plastic surgeon, or any doctor for that matter, they could blackmail either the patient or the doctor into paying them money in exchange for not publishing sensitive content.
- Someone discovers a security hole in the way that WhatsApp have implemented their encryption. There are numerous stories of security vulnerabilities being found all the time.
- WhatsApp does not use passwords; instead, they reply sending a text message to you with a code to verify your account. There are many stories of "social engineering" where someone calls up the telco and convinces the customer service representative to reset their account password, thereby putting access to your mobile account into nefarious hands. From there they can control your WhatsApp account.
- People, in general, are terrible with passwords. They use the same password for all number of services. If one system gets hacked and a password is revealed, hackers try the same password on other systems. Similar to above, a hacker could gain access to your smartphone account and reset your WhatsApp account.
Any of the above scenarios is possible, with some more likely than others. There is a significant element of user responsibility in a few of the techniques above, but many of them could occur through no fault of the account holder. So, in summary, end-to-end encryption in messaging services is reasonably safe, but it is far from fail-safe.