WhatsApp CEO on the Controversial German Law Proposals "What the Government Is Asking for Would Weaken Security for All"

Is WhatsApp reading along as you write messages and saving your chats? In an interview, company CEO Will Cathcart explains what happens with user data and why he is concerned about proposed changes to German surveillance laws.
Interview Conducted By Max Hoppenstedt und Judith Horchert
WhatsApp CEO Will Cathcart: "We cannot read your messages, we cannot listen to your calls."

WhatsApp CEO Will Cathcart: "We cannot read your messages, we cannot listen to your calls."

Foto: Getty Images, Privat / DER SPIEGEL

DER SPIEGEL: Mr. Cathcart, when people in Germany have talked about WhatsApp in the last two months, it has been about deleting it and switching to rival apps. What went wrong?

Cathcart: When we announced new features in January, it was only about making it easier for businesses to communicate with WhatsApp users. This apparently caused confusion and concern. There were worries that we could change the privacy of people’s personal conversations. But we absolutely do not.

DER SPIEGEL: Soon after you announced your new privacy policies, chain letters started circulating on WhatsApp. People recommended other messenger apps like Signal, Threema or Telegram and said WhatsApp would read phone books and misuse the contacts.

Cathcart: There is a lot of incorrect or inaccurate information. That’s why we have delayed the update and send additional information to users directly in WhatsApp. Let me be very clear: We cannot read your messages, we cannot listen to your calls. When you send your location over WhatsApp, we do not know where you are.

"Call it a back door, a front door or assisted hacking – all of that would endanger the privacy of billions of people globally."

DER SPIEGEL: But you do save data about your users like the device ID, the phone model, the WhatsApp user name, the phone book and thereby also the numbers of all their contacts, right?

Cathcart: It’s true that we do have some information about how people use WhatsApp and that we do know, for example, the device ID. We collect this only to secure our services and protect from attacks. When you use WhatsApp and allow access to your phone book, we only see the phone numbers, not the name.

DER SPIEGEL: Do you share these numbers with your parent company Facebook?

Cathcart: No, we don’t. The updated privacy policies will actually not change anything globally in our ability to share data with Facebook.

DER SPIEGEL: Perhaps it adds to the confusion that your terms of services are 11 pages long and your privacy guidelines are 20 pages long. Couldn’t they be easier?

Cathcart: We want to give clear information to people, and that also means there has to be some explaining. Because of the amount of feedback from users we even published additional information.

"The messenger Telegram has a copy of your messages, because they don’t encrypt chats by default like we do."

DER SPIEGEL: Apple has recently introduced privacy labels that resemble nutritional labels about what kind of data an app collects and what it doesn’t. Why don’t you do something similar?

Cathcart: I love the idea of transparency behind Apple’s nutrition labels. However, we found them to kind of be confusing in this case, because all these different apps decide themselves what information they are submitting. The messenger Telegram has a copy of your messages, because they don’t encrypt chats by default like we do. But I can’t tell that from the information in the AppStore. So, I think we should be careful not to simplify everything to a degree that it doesn't convey the reality of what's going on.

DER SPIEGEL: How many people left WhatsApp after you announced the update?

Cathcart: We don’t publish user numbers in detail, but I can tell you that WhatsApp is still growing. Also in the last two months.

DER SPIEGEL: Messenger apps are less regulated than social media companies or other digital businesses. A new German law, if passed, would mean that WhatsApp would have to hand over account data to law enforcement. Do you hand over data about your customers to government agencies?

Cathcart: Yes. We obviously scrutinize every request that comes in against the legal process required and human rights standards. Subject to the proper legal process in Germany, we can hand over, for example, the IP address, user name or profile photo of a suspect. However, I am worried by another surveillance law that Germany plans to pass that could force messenger apps and email providers to actively help government agencies to smuggle malware onto the devices of their customers. (Ed's: Cathcart is referring to a change to the Verfassungsschutzrecht law.)

DER SPIEGEL: The government says it needs this technology to read messages from terrorists at a point before they are encrypted on their phone. What’s wrong with that?

Cathcart: We absolutely think there should be some cooperation with law enforcement. But what the government is asking for here would weaken the security for all of our users. The way our encryption works is that even we cannot read your messages. We don’t have the key to decrypt them.

DER SPIEGEL: So you don’t want to be build a back door into WhatsApp?

Cathcart: Call it a back door, a front door or assisted hacking – all of that would endanger the privacy of billions of people globally. You cannot build such access for some governments without giving hackers and bad actors globally the chance to access the private messages.

DER SPIEGEL: To some people it may come as a bit of surprise that a company that is part of Facebook is so rigorously arguing for privacy.

Cathcart: I think it’s more surprising that laws like these are coming out of Germany, which has a good reputation and track record on data protection. I would like to see the government pass laws that would strengthen encryption and not weaken it.

DER SPIEGEL: Under Germany's leadership, the European Union has drafted a plan that would enable encryption to be broken in certain individual cases. This would only work if companies like yours were to cooperate. Has German Interior Minister Horst Seehofer already called you to talk about the issue?

Cathcart: No, we haven’t gotten a call. But we will forever be committed to end-to-end encryption – that will not change. Messages can only be decrypted privately on a person’s device, nowhere else. Since we introduced end-to-end encryption almost five years ago, we have been very clear on this topic. These plans from the German government would violate Article 10 of the German constitution, which guarantees the privacy of people’s communication, digitally as well as in the real world.

DER SPIEGEL 10/2021

The article you are reading originally appeared in German in issue 11/2021 (March 13, 2021) of DER SPIEGEL.

SPIEGEL International

DER SPIEGEL: Some governments are buying spyware from companies that can target individual users. You have alleged that one of those vendors, NSO Group, has developed software to spy on WhatsApp users. What was this program capable of?

Cathcart: Products like that one are scary. They can turn on the camera on a phone remotely, they can track your location. These tools are being sold to governments, that don’t use them for legitimate purposes, but to spy on human rights defenders, journalists and dissidents.

DER SPIEGEL: How do you plan to protect from attacks like that in the future?

Cathcart: When we heard of the vulnerability, we obviously fixed it immediately. And we sued NSO Group, because we are convinced that their behavior is out of control. Often times, these companies are exploiting vulnerabilities of the phones directly. Governments should make sure that these vulnerabilities are getting patched – they shouldn’t want to use them themselves.

DER SPIEGEL: Did the pandemic change what your users are doing on WhatsApp?

Cathcart: Yes, we are seeing much more video calls. WhatsApp for Desktop is also increasingly used. And we are seeing that WhatsApp business, our product for companies, is used more often. When people can’t go to stores or when they don’t want to wait on the phone, it can be a good way to speak directly with companies.

DER SPIEGEL: The pandemic has also led to an infodemic. A lot of misleading information about the virus is shared on social media and directly in messenger apps. For example, one WhatsApp chain letter alleged that RNA vaccines manipulate genes. What do you do to counter dangerous misinformation like that?

Cathcart: We don’t want WhatsApp to be a platform for spreading information to large groups of people. We want it to be a place to communicate privately.

DER SPIEGEL: How can you make sure of that?

Cathcart: Messages that are highly forwarded can only be forwarded to one chat since last spring. That led to a drop in 70 percent of these messages. More recently, we are additionally showing you a link to the Google search on those messages, to let you check the facts directly.

DER SPIEGEL: Digital platforms have increasingly been facing antitrust lawsuits in recent months. WhatsApp has a dominant position in the messenger market, but there haven’t been any antitrust cases in this area year. Do you fear that could change?

Cathcart: As the head of WhatsApp, I feel that we have tremendous competition. There are many messengers that people obviously also like to download and try out. I am sure that if we don’t do a good job, our users will switch quickly.

"Our goal is to make sending money globally as easy as sending a message on WhatsApp."

DER SPIEGEL: Using the messenger program WeChat, I can already pay in shops across China. When will I be able to pay using WhatsApp?

Cathcart: In India we are already offering the option to pay with rupees, and we are planning something similar in Brazil. When you could be able to pay with WhatsApp in Germany, I can’t say yet.

DER SPIEGEL: Are you still working on your own digital currency?

Cathcart: Yes. Together with the Diem Association, Facebook is working on Diem, a so-called "stable coin.” The project became publicly known under the name of Libra. We would love to integrate such a digital coin into WhatsApp. Our goal is to make sending money globally as easy as sending a message on WhatsApp. But we are not there yet.

Mehr lesen über
Die Wiedergabe wurde unterbrochen.