WhatsApp encryption guarantees your privacy

WhatsApp encryption is now complete and, when using an up-to-date version of WhatsApp, virtually guarantees your privacy with end-to-end encryption and forward secrecy.

WhatsApp_Logo_1Whether you realise it or not, WhatsApp encryption now guarantees your privacy. All you need to do is make sure you are running the latest version of the immensely popular chat app on your mobile device. WhatsApp’s founders published a blog post yesterday announcing the culmination of year and a half journey with Open Whisper Systems:

WhatsApp has always prioritized making your data and communication as secure as possible. And today, we’re proud to announce that we’ve completed a technological development that makes WhatsApp a leader in protecting your private communication: full end-to-end encryption. From now on when you and your contacts use the latest version of the app, every call you make, and every message, photo, video, file, and voice message you send, is end-to-end encrypted by default, including group chats.

WhatsApp encryption, in itself, isn’t new. Open Whisper System’s Moxie Marlinspike summarised the fruit of this journey in his blog post titled “WhatsApp’s Signal Protocol integration is now complete”:

As of today, the integration is fully complete. Users running the most recent versions of WhatsApp on any platform now get full end to end encryption for every message they send and every WhatsApp call they make when communicating with each other. This includes all the benefits of the Signal Protocol – a modern, open source, forward secure, strong encryption protocol for asynchronous messaging systems, designed to make end-to-end encrypted messaging as seamless as possible.

We are still in a transitionary phase at the moment. Conversations will only be encrypted if all the parties to a conversation are using an updated version of WhatsApp. When they are, though, the result is pretty impressive:

  • WhatsApp conversations (voice and text) are fully encrypted. This includes all the attachments. WhatsApp itself can’t decrypt the messages and its servers really only pass the encrypted messages between users.
  • Because WhatsApp uses different encryption keys for each session, older messages can’t be decrypted even if someone manages to seize a current encryption key (this is known as “forward secrecy”).
  • Once your conversations with contacts are encrypted, they remain encrypted and downgrading to an earlier version of WhatsApp won’t make your messages available in an unencrypted form.
  • For the time being, you can see which of your conversations are encrypted by looking to see whether your contact/s is/are using an updated version of the app. You will also be shown a message that indicates that your conversations with a contact are encrypted going forward.

One step for fully encrypted conversations

We have had encrypted messaging apps for a little while now. Apple’s Messages app and the popular Telegram app are encrypted to a degree although neither are encrypted end-to-end like WhatsApp, apparently.

Cade Metz wrote a fascinating article for Wired titled “Forget Apple vs. the FBI: WhatsApp Just Switched on Encryption for a Billion People” which gives a fair amount of background into this development. As he pointed out, the scale of this is remarkable when you consider just how big WhatsApp is:

More than a billion people trade messages, make phone calls, send photos, and swap videos using the service. This means that only Facebook itself runs a larger self-contained communications network.

One of the challenges implementing encrypted solutions is simplifying the process for users enough so the process itself isn’t a deterrent. This migration is literally as simply as updating your app and prompting your contacts to do likewise to ensure that your conversations are encrypted.

Why encrypted WhatsApp is a big deal

Encrypted WhatsApp messages about family dinner plans may not seem a high priority. Consider that WhatsApp is one of the biggest social and communications platforms on the planet used by friends, families, business people and activists, alike. Suddenly you can see the benefits of a service that easily implements strong encryption and protects conversations that are truly sensitive and could, literally, save lives.

The flip side is also true: terrorists and criminals could also use WhatsApp to hide their conversations and may well be doing that. Bear in mind, though, that WhatsApp isn’t the only encrypted communication solution. Publicly available solutions have been around for years and if the bad guys aren’t using WhatsApp, they have many other options available to them.

This is a more significant development for the rest of us because it means that we are less vulnerable to digital attacks by the bad guys. It also means that people who need an assurance of privacy can have it. As the WhatsApp team pointed out in their blog post:

We live in a world where more of our data is digitized than ever before. Every day we see stories about sensitive records being improperly accessed or stolen. And if nothing is done, more of people’s digital information and communication will be vulnerable to attack in the years to come. Fortunately, end-to-end encryption protects us from these vulnerabilities.

I know a few colleagues, lawyers, whose communications with their clients have been intercepted and compromised. They have had to seek out other solutions to protect their privileged conversations (one option has been the Signal app which was also developed by Open Whisper Systems). This development means they can simply stick with WhatsApp and be confident that their privileged conversations remain protected.

WhatsApp becoming fully encrypted is a big deal. It is also a smart move because it means that WhatsApp is simply unable to follow regulators’ directives to hand over users’ data. It places them beyond the fray and leaves governments to figure out how to deal with a substantial proportion of the planet’s population whose communications are protected from their interference. Or, as WhatsApp’s Koum and Acton put it:

Today more than a billion people are using WhatsApp to stay in touch with their friends and family all over the world. And now, every single one of those people can talk freely and securely on WhatsApp.

Image credit: Pixabay

Which contracts photographers should consider using

Which contracts your clients should sign

A photographer asked a great question about contracts recently:

I would like to redo my contracts. Would like to know what do you get clients to sign before a shoot?

Disclaimer: This note is a fairly broad overview of many of the major themes you, as a photographer, should think about and which contracts photographers should sign with their clients. It isn’t legal advice or even the best advice for all photographers. It should give you a more informed starting point for a further discussion with your lawyer.

There are two key documents that you should have. The first is a contract governing your services and the other is some sort of privacy statement.

Services contract

The services contract needs to cover a number of themes both for clarity and to make sure you address your common risks. I also refer to services contract provisions as “terms and conditions” in this note.

For starters, use clear, well defined terminology is really important. It may seem pedantic but clearly defining key terms is essential for a clear and intelligible contract which, in turn, is more likely to be enforced if you ever have to test it. Obviously the content of the contract is very important but a contract written in confusing language can be very difficult to understand and enforce effectively. You typically include this terminology in a glossary in your contract.

Your services contract must obviously deal with your services, how you will communicate them and what you will charge for them. Think about issues like scope creep (where your services change without necessarily agreeing on the changes specifically) and amending your pricing as your scope changes. The model I prefer is to use a standard set of terms and conditions that refer to a separate booking form (that can be an online form or a paper form that your client signs) instead of preparing a lengthy contract that contains all the variables such as client details, services required and pricing. The booking form model that refers to the terms and conditions is less intimidating even though the terms and conditions, themselves, will be fairly detailed to make sure you deal with all the important themes.

One issue which comes up frequently in photographers’ groups is a cancellation fee. The Consumer Protection Act enables clients to terminate advance bookings subject to reasonable cancellation fees. Define those in your contract and set cancellation periods which may attract varying fees. For example, you may agree that if the client cancels a shoot 3 months before, the client will pay Rx; 1 month before, the client will pay Ry and 2 weeks before, the client will pay Rz. This will depend on your booking lead times; whether you can replace that booking and other similar factors. You will also need to align these cancellation fees with the Consumer Protection Act’s mechanisms and intent.

As a photographer the licensing aspects of your work are critical. The Copyright Act generally recognises your clients as the owners of the copyright in your photos if they commission you to do the work and agree on a fee for that work. This is good for your clients because they have more control over your deliverables but you have to consider what you will need to do with the photos. Because, by default, you are not the copyright owner in this context, you are not entitled to share the photos as part of your portfolio, restrict what your clients can do with the photos and exercise much other control over the photos’ use.

The Copyright Act gives you a way to change this default position. You can agree with your client to opt-out of the default copyright ownership mechanism in your contract. It is pretty straightforward but you need to include that in your contract. You may also want to think about including a mechanism in your contract which enables you to withhold your deliverables if your client fails to pay you, for example. This would be a separate clause in your contract.

Other clauses you’d include in your contract would be –

  • fees and payment;
  • privacy (linked to the privacy statement which I discuss below);
  • dispute resolution;
  • breach and the consequences of a breach;
  • termination;
  • common no-variation and similar clauses; and
  • domicilium clauses which can be pretty useful for different situations.

Booking form

A booking form is a convenient way to sign a client. Here are a few things to include:

  • Client details (name, contact details, address details);
  • Shoot details (date, times, locations);
  • Fees due (linked to specific deliverables), including deposits due;
  • Your specific deliverables;
  • Cancellation fees (you can include these in your terms and conditions but including these in your booking form makes them more prominent and confusion less likely);
  • Your details;
  • Express confirmation that your client agrees with your terms and conditions and privacy statement;
  • Signature and date fields (the form these will take if you use online forms can vary).

Privacy statement

As a photographer you are dealing with a lot of personal information. Using personal information often requires permission from the people the personal information relates to and the way you obtain this permission is a privacy statement (also known as a privacy policy or data protection policy).

As a starting point integrate your privacy statement with your services contract so when the client agrees to the services contract, s/he also agrees to the privacy statement.

Broadly speaking, the privacy statement must deal with these broad themes:

  • what personal information you will collect and from which sources (for example, automatically through your website, personal information your client volunteers through your booking form or contact forms and so on);
  • what you will do with that personal information (remember to include adding photos to your portfolio or Facebook page for marketing purposes, for example);
  • under what circumstances you may disclose personal information to third parties (these third parties may include your vendors for printing; law enforcement and other legal authorities); and
  • where you store personal information and, broadly, measures you take to secure the data (this will often mean identifying your hosting provider, especially if you use foreign hosting providers and will be transferring personal information across borders).

You will probably include other people in your photos (especially if you do functions and have the usual group photos) who have not signed your contracts. You should require your clients to obtain permission from people they want included in these group photos to be included and their agreement with your data practices which are explained in your privacy statement. How you do this can vary. You can prepare releases for subjects to sign and have them sign in advance or on the day or you can prepare something for your clients to have these participants sign. This can be a cumbersome process so consider the process with the least friction and which still results in permission from these subjects to take photos of them and use those photos for different purposes.

This is more important if you intend publishing photos on public platforms (for example, Facebook). Simply taking photos, making prints and handing these to your client probably won’t require you to go to these lengths because a subject who poses for a photograph clearly consents to being photographed. You’ll need to use your discretion.

It is very important to be sensitive about photos of children. You are not permitted to take photos of children and share them without their parents’ advance permission so make sure you obtain clear consents when it comes to children.

Get it in writing

If you capture the terms of your agreement with your clients in writing, you take huge strides towards reducing the likelihood of confusion and disputes. A written contract can be printed on paper. It can also be digital and part of an email or published on a website. Find the best medium for you that strikes a balance between clearly conveying your contract terms and being relatively accessible and convenient for your clients.

I have prepared a service contract and privacy statement for photographers which I’ve since updated. These two versions should give you a fairly decent idea of what your contracts could look like.

Revisiting “front page of the newspaper” wisdom

I’ve been preparing for my presentation at the Advertising and Marketing Law Conference on 15 October and reading through some materials I’ll probably reference in my slides. One paragraph just stood out for me in Anil Dash’s article “What is Public?“:

The conventional wisdom is “Don’t publish anything on social media that you wouldn’t want to see on the front page of the newspaper.” But this is an absurd and impossible standard. The same tools are being used for person-to-person conversations and for making grand pronouncements to the world, often by the same person at different times. Would we say “Don’t write anything in a sealed letter that you don’t want to see on the front page of the newspaper” simply because the technology exists to read that letter without opening it?

I think the reason this stood out for me is because conventional wisdom is that you shouldn’t publish anything online that you wouldn’t want published on the front page of a newspaper or on a billboard at a busy intersection. It makes sense until you consider that we are using the same platforms to share things privately and publicly.

How many people use Twitter for personal sharing as if they and their Twitter friends are the only people who can see otherwise public updates? They certainly don’t intend for their tweets to be shared with everyone who uses Twitter (until they do) and although Twitter is very public (unless you lock down your profile) many of its users still have this illogical expectation that their tweets are not for public consumption.

If anything, this sort of issue highlights how complex privacy is in this digital age. We face a number of tough questions about how we use social media and what seemingly obvious notions like privacy really mean to us.

Privacy is contextual and social, less legal and technical

Privacy is more than a couple settings and a consent checkbox on a form somewhere. Privacy and publicity seem to be pretty straightforward concepts and, legally, they are treated fairly superficially and defined mechanically. A result of that is a similarly superficial treatment in conversations about privacy and publicity in social and commercial engagements which rarely touches on what privacy really means to us. This leaves us fundamentally confused and conflicted about privacy because we have a deeper sense of what privacy means to us but the typical conversation about privacy lacks the language to describe that deeper sense of it all.

Anil Dash and dana boyd recently published articles on Medium titled “What is Public?” and “What is Privacy?“, respectively, which dive deeper into what publicity and privacy mean to us. If you are interested in what privacy and publicity mean in modern times, you should read both articles carefully:

What Is Public? andWhat Is Privacy?

One of the paragraphs in Dash’s article that stood out for me was this one:

What if the public speech on Facebook and Twitter is more akin to a conversation happening between two people at a restaurant? Or two people speaking quietly at home, albeit near a window that happens to be open to the street? And if more than a billion people are active on various social networking applications each week, are we saying that there are now a billion public figures? When did we agree to let media redefine everyone who uses social networks as fair game, with no recourse and no framework for consent?

I agree more with boyd that privacy is more about social convention. I particularly like this extract from boyd’s article:

The very practice of privacy is all about control in a world in which we fully know that we never have control. Our friends might betray us, our spaces might be surveilled, our expectations might be shattered. But this is why achieving privacy is desirable. People want to be in public, but that doesn’t necessarily mean that they want to be public. There’s a huge difference between the two. As a result of the destabilization of social spaces, what’s shocking is how frequently teens have shifted from trying to restrict access to content to trying to restrict access to meaning. They get, at a gut level, that they can’t have control over who sees what’s said, but they hope to instead have control over how that information is interpreted. And thus, we see our collective imagination of what’s private colliding smack into the notion of public. They are less of a continuum and more of an entwined hairball, reshaping and influencing each other in significant ways.

I also think this next extract nicely captures why people become angry with brands and why reputational harm happens at an emotional level. If you represent a brand, you should read this a few times:

When powerful actors, be they companies or governmental agencies, use the excuse of something being “public” to defend their right to look, they systematically assert control over people in a way that fundamentally disenfranchises them. This is the very essence of power and the core of why concepts like “surveillance” matter. Surveillance isn’t simply the all-being all-looking eye. It’s a mechanism by which systems of power assert their power. And it is why people grow angry and distrustful. Why they throw fits over being experimented on. Why they cry privacy foul even when the content being discussed is, for all intents and purposes, public.

Privacy is contextual. Law is also a poor mechanism for protecting it because law tends to be mechanical (it has to be). What we need more is a better awareness of what privacy and publicity mean in a social context and where the line is.

Jeff Jarvis made a statement about privacy in This Week in Google 261 which really caught my attention:

Privacy is a responsibility. It is an ethic of knowing someone else’s information.


Photo credit: Lost in Translation by kris krüg, licensed CC BY-SA 2.0

Apple tells developers not to share health data with advertisers

According to The Guardian, Apple has imposed contractual restrictions on developers that prohibit them from sharing health data they may receive through an anticipated range of health-related apps which iOS 8 will usher in through a platform called HealthKit:

Its new rules clarify that developers who build apps that tap into HealthKit, of which Nike is rumoured to be one, can collect the data it holds.

But, they stated, the developers “must not sell an end-user’s health information collected through the HealthKit APIs to advertising platforms, data brokers or information resellers”. Although, the rules add that they could share their data with “third parties for medical research purposes” as long as they get users’ consent.

These sorts of apps have enormous potential to benefit consumers and, at the same time, they represent a profound risk to consumers because our most intimate personal information is being accessed. How developers and device manufacturers handle this data is bound to inform a new generation of privacy complaints and reputational harm case studies in the years to come.

Sharing more with Facebook to improve its value

This point in Kevin O’Keefe’s article titled “Facebook eliminating the junk in your News Feed” on Facebook “click bait” made an interesting point about using Facebook more to improve its value to you as a user:

All too lawyers and other professionals I speak with complain about all the junk they see on Facebook. Part of the reason is that they don’t use it enough to help Facebook know what they like. At the same, Facebook acknowledges they have a problem with “click bait.”

What interests me about this point is that we often think that sharing more with Facebook equates to even more junk in our News Feed because the more you share on Facebook, the more signals you send to the social network and these signals inform the ads and suggestions you receive (probably the same with Google).

Instead, what O’Keefe seems to be saying is that using Facebook more helps Facebook’s algorithms refine your experience with more relevant ads and suggestions:

Just as Google wants you to receive what you are looking for on a search or a news program wants to get you the most important news, Facebook wants you to receive what you consider the most important information and news.

Perhaps more importantly, it seems that using Facebook more actively also helps Facebook determine what to show you more of in your News Feed. This is helpful given that you don’t actually see everything your Facebook friends share in your general News Feed, only what Facebook’s algorithms think you want to see more of.

From a privacy perspective, this approach suggests that you should share more of your personal information for an improved and more relevant Facebook experience, not less. It isn’t an approach designed to restrict the use of your personal information as a strategy to better protect your privacy but rather intended to use more of your personal information in a way that adds more value to you, as well as Facebook.

It reminds me about Jeff Jarvis’ point a while ago about how brands that know more about you can present a more relevant experience of their services to you. Which would you prefer?

Facebook Messenger is not the privacy threat you should be concerned about

Many people are focused on the permissions they give Facebook when they install Facebook Messenger and are concerned that they are giving Facebook excessive access to their devices. This isn’t necessarily the case and this growing panic may be more a function of how Android permissions have to be obtained than a real privacy threat which many have read into those permissions.

Facebook _Messenger_iOS_6_RGB smallI found myself listening to a discussion on 94.7 this morning about Facebook Messenger. The breakfast team was talking about these permissions that have attracted so much attention as if installing Messenger instantly compromises users and leaves them exposed to all sorts of privacy invasions when microphones and cameras turn on at someone else’s behest.

The panic level rose a few more notches when the breakfast team received a call from an anonymous listener who told the team that part of his work involves remotely accessing people’s devices (presumably part of lawful investigations) and exploiting these sorts of permissions. It wouldn’t be unreasonable to draw the conclusion that giving Facebook these permissions to access your phone’s microphone, camera and other features somehow makes all of those features available to anyone wishing to exploit that level of access and spy on you.

Fortunately it isn’t as simple as that. Leaving aside the risk that Facebook, itself, grants access to your devices to 3rd parties without your knowledge or that its apps have vulnerabilities which are not patched and are exploited by unscrupulous 3rd parties, Facebook isn’t the threat. I spoke to Liron Segev, an IT Consultant and one of the first people I think about when I need some help with the technical aspects of IT security. He explained that the threats to consumers come from various sources and that poor security awareness on consumers’ part is a contributing factor.

To begin with, it is possible for a 3rd party developer to introduce apps to app stores that appear to have a particular functionality but, below the surface, these apps will scan installed apps on your device, attempt to impersonate or even supplant those apps and exploit the access permissions you gave to the legitimate app. These trojan apps would then take advantage of the sorts of permissions you grant Facebook Messenger to access your device microphone, camera and other features. Avoiding this risk largely comes down to only installing apps you trust and how well the app marketplace is regulated and protected from this sort of malware. More and more security experts recommend installing anti-virus software on your mobile devices to help protect you from these sorts of attacks.

A hidden threat few people outside the security industry are aware of comes from the mobile networks we use every day. Mobile networks have the technical ability to gather data from our devices and even remotely install applications without us being aware of this in order to use that data and access to our devices’ features for a variety of reasons ranging from network performance management to remote surveillance and law enforcement. On the one hand, there are good reasons for networks and governments to have the capability to monitor criminal threats (for example, the somewhat misunderstood capability Google has to monitor Gmail for child porn using an existing database of problematic images). We live in a world where the bad people use advanced encryption and digital tools to plan and conceal their activities. On the other hand, there is also scope for governments and companies to use these capabilities to spy on citizens, infringe their rights and exploit their personal information for profit. As I mentioned in my htxt.africa article “Much ado about Facebook Messenger privacy settings, but is it nothing?” –

Whether you use Messenger should be informed by the extent to which you trust Facebook, not by the very explicit and informative permissions Facebook seeks from you in order to use Messenger. If anything, Facebook is just proving that it has come to a long overdue realisation that there is no benefit in deceiving users.

It is possible that Facebook may turn on your phone’s camera and microphone while you are getting dressed in the morning but highly unlikely. What is more likely is that Facebook requires those permissions to enable Messenger to do what you want and expect it to do. That said, you can’t be complacent and install every app on your device that seems amusing. Take the time to satisfy yourself that the app is from a credible source and look into anti-malware software for your devices. As for mobile networks and governments, there is little you can do except reconsider your device choices if you are concerned about this. Segev pointed out that Blackberry devices are still secure options and Blackberry 10.x is a flexible option even if it isn’t popular media’s darling.

Wanting privacy shouldn’t be conflated with having something to hide

Memeburn has a good article titled Privacy is worth protecting, even if you have nothing to hide which is a great reminder that privacy isn’t about having something to hide. There are many valid reasons to insist that your right to privacy be respected:

The reason most often given for failing to consider digital privacy in our day-to-day lives is that, if we have nothing to hide, there’s no need to. Others, meanwhile, take the line of thinking proffered by those institutions caught eavesdropping and argue that monitoring metadata alone — information about, for example, which telephone number you called when and for how long, rather than the content of the call itself — doesn’t amount to an infringement of privacy.

Both of these arguments are fundamentally flawed. Wanting privacy shouldn’t be conflated with having something to hide. There are plenty of legitimate reasons for people to want to keep certain things private – from their religious or political affiliation to their sexual orientation or drunken photos they’d rather family or employers (current or potential) didn’t see. For political dissidents living under repressive regimes, meanwhile, privacy can be a matter of life or death.

Here are two other perspectives: