What ProPublica's investigation into WhatsApp left out

User reporting is good for privacy — and for encryption's future

Sep 08, 2021

Photo of WhatsApp message on a phone. Jamie Street / Unsplash — (Jamie Street / Unsplash)

One hurdle that we face when we have conversations about privacy and technology is that there’s often little agreement about what privacy actually means. The un-asked question in so many of these discussions is, privacy from who?

When we send a message to a friend using an app, for example, we almost always want it to remain private from the government. We probably want it to remain private from the people running the app, too. And, of course, we almost never want the message to remain private from the person we sent it to.

These scenarios all presuppose that we are sending a nice, legal message to our friend. But what if we aren’t? What if we are sending a death threat, or an incitement to violence, or images of child abuse? Should that message remain private from the platform, or from the government? Or should the person to whom we sent that message have some recourse?

These questions go all but un-asked in “How Facebook Undermines Privacy Protections for Its 2 Billion WhatsApp Users,” a lengthy new investigation in ProPublica The story by Peter Elkind, Jack Gillum, and Craig Silverman offers compelling details about the nuts and bolts of WhatsApp’s content review system, which employs more than 1,000 people and to review a mix of user reports and accounts flagged by automated systems. And it offers a valuable explanation of how WhatsApp metadata can be useful to law enforcement, including in a case in which a former Treasury Department official was convicted for leaking confidential banking reports to a journalist.

Richard Tofel, ProPublica’s president, told me that the impetus for the story was to draw attention to the way Facebook has marketed WhatsApp, which has often seemed to promise users near-total privacy while masking a system that in fact employs hundreds of people to review user reports.

“Facebook is trying to have it both ways,” Tofel said in an interview. “They're trying to market this thing as super double secret [privacy]. And then, in fact, it's not all that much different from Facebook's other vehicles. Except that there's less transparency about the way they’re mucking with it.”

At the same time, the story also seems to argue — if only by insinuation — that allowing people to report abuse or illegal content represents an affront to privacy, and a betrayal of the promise of WhatsApp’s end-to-end encryption. The authors write:

“Policing users while assuring them that their privacy is sacrosanct makes for an awkward mission at WhatsApp.”
“Deploying an army of content reviewers is just one of the ways that Facebook Inc. has compromised the privacy of WhatsApp users.”
“Like other social media and communications platforms, WhatsApp is caught between users who expect privacy and law enforcement entities that effectively demand the opposite: that WhatsApp turn over information that will help combat crime and online abuse. WhatsApp has responded to this dilemma by asserting that it’s no dilemma at all.”

The most interesting thing about these statements to me is who they leave out: the people who reported the messages to WhatsApp in the first place. ProPublica frames this story as being about privacy from the government and from Facebook. But what if you have been targeted for harassment or abuse on WhatsApp — from a former romantic partner, for example, or from a member of another ethnic group? What if reporting them to WhatsApp improved your privacy, by removing them from the network?

Or what if you are the victim of someone who is sharing nude images of you without your consent? If a mix of user reports and automated scanning could alert WhatsApp to the situation, and allow it to take action, wouldn’t that improve your privacy?

Tofel told me that the story’s position is simply that Facebook should do more to disclose the fact that messages can be reported and read by human reviewers. WhatsApp resists calling its content reviewers “moderators” because they only review violations of its terms of service or the law, rather than the more expansive community standards that moderators at Facebook and Instagram enforce. To Tofel and his team, that’s a distinction without a difference — and it’s suspect that WhatsApp would suggest that it is.

“The lack of transparency about it suggests they’re trying to hide it,” he said. “Why would I think that? Because they go to the trouble of disclosing it at Big Facebook and not at WhatsApp. So why is that?”

WhatsApp declined to comment on that, but spokesman Carl Woog told me that abuse reports are important “for preventing the worst abuse on the internet.”

II.

Let’s take ProPublica at its word that it really only wanted to talk about the way WhatsApp is marketed, rather than to suggest abuse reporting breaks end-to-end encryption (it doesn’t) or should be disabled (Tofel told me the story doesn’t take a position on that).

The question remains: should WhatsApp let users report abuse, including the contents of their messages with people they believe have violated the app’s terms of service?

To me, the answer is clearly yes.

One, if you are being targeted for abuse on a platform, I think that platform has some obligation to protect you — an obligation that goes beyond simply allowing you to block the phone number in question. When abuse is reported, it enables platforms to investigate attempts to further harass a victim — such as by seeing whether an abuser creates a new account using the same IP address — and shut them down. (If you want to know some of the costs of not doing this, see the entire history of Twitter before 2017 or so.)

Two, failing to build reporting tools all but ensures they will be used to commit preventable harms. Julie Cordua, CEO of the child safety tech nonprofit Thorn, has told me that child exploitation imagery is often shared on tech platforms precisely because perpetrators know that tech platforms aren’t looking for it. This explains why iMessage and Signal report so few cases of child exploitation to the authorities: they have so far declined to build reporting functionality.

And three, preserving end-to-end encryption over the long term is almost certainly going to require some compromises between tech platforms and the governments of countries in which they operate. In all the conversation about ProPublica’s story that I saw today, this is perhaps the point that was most overlooked.

Increasingly, services like WhatsApp face the threat that they will be compelled to police far more activity than they do today. As the story notes, India is currently trying to force WhatsApp and other services to trace the sender of any message if law enforcement officers request it, breaking end-to-end encryption globally. Republican senators have introduced similar legislation in the United States.

Over the long weekend, when Apple announced it would pause its recently announced efforts to detect child exploitation by analyzing photos on user devices, Australia’s “eSafety commissioner” announced she would pursue regulations that would force the company to build it anyway. (Apple paused its plans so that it could better assess the trade-offs between privacy and child safety, and have some overdue conversations with experts in the field. Australia isn’t having it. “Move fast and break things” is now a government position.)

What WhatsApp has done instead of all this to attempt finding a middle ground — enabling individual users who are experiencing abuse to report that to the platform, while offering limited cooperation with law enforcement when it is legally required to do so.

By taking this approach, WhatsApp has sought to ensure the long-term survival of end-to-end encryption for average consumers by offering a set of policies that most lawmakers may be able to live with. The vast majority of users get truly private communications; users experiencing abuse get help from the platform that is enabling it; and law enforcement gets limited tools to fight crime.

The solution comes with very real trade-offs. Unencrypted messaging apps, like Snapchat, may prove more useful to law enforcement officers investigating crimes. Apps with no abuse reporting tools, like Signal or iMessage, may prove better for activists, journalists, and dissidents.

But to insist that WhatsApp is just the latest in a series of Facebook privacy violations risks muddling some very important questions about the future of private communications in a world where authoritarianism is on the rise. And if abuse reports become seen as privacy violations the way these reporters suggest they ought to, it risks persuading platforms like iMessage that its current head-in-the-sand policy is the only viable approach.

I wish ProPublica had explored these questions in the depth that they deserve. “The conflict between privacy and security on encrypted platforms seems to be only intensifying,” the authors write. On that point, I quite agree. And the best thing people concerned about privacy can do is write about the trade-offs involved in that conflict with nuance, detail, and restraint.

The Ratio

Today in news that could change public perception of the big tech companies

⬇️ Trending down: Facebook apologized after its machine-learning systems put a “primates” label on a video of Black men. The company hired a civil rights chief this year; would love to see him do a full public post-mortem on what happened with this one. (Ryan Mac / New York Times)

Governing

⭐ Will the Texas anti-abortion law force tech platforms to snitch on their users? Issie Lapowsky explores the disturbing possibility at Protocol:

Tech platforms such as Facebook or Google have legal protection under Section 230 for content they host. But that doesn't mean they won't face excruciating decisions about whether to comply with subpoenas for user data — the sort of orders they comply with in lots of other legal cases today.
"This law could lead to an explosion of court requests for user data from tech companies that hold troves of it," said Evan Greer, director of the digital rights group Fight for the Future. "I could see it being abused by anti-abortion groups who could potentially use the discovery process in a civil lawsuit to demand sensitive information about people and organizations providing reproductive justice services and information."

Lyft and Uber pledged to cover legal fees for any drivers sued under Texas’ draconian new anti-abortion law. “The law allows people to prosecute rideshare drivers for transporting women to clinics to receive abortions, where they could be fined $10,000.” (Jessica Bursztynsky / CNBC)

GoDaddy terminated hosting for a site that promotes enforcement of the Texas abortion law for violating its privacy rules. The site was eventually reborn thanks to Epik, the provider of last resort for companies including Gab and Parler. (Jon Brodkin / Ars Technica)

Amazon denied a Reuters report that it would begin proactively moderating content on Amazon Web Services. “AWS Trust & Safety has no plans to change its policies or processes, and the team has always existed,” the company said. (Russell Brandom / The Verge)

How Instagram became the center of a violent drug war in Milwaukee. Alleged gang members are promoting their feud using Instagram stories, live broadcasts, and other tools, according to a court filing. (Joseph Cox / Vice)

TikTok removed more than 50 anti-vaccine videos after Vice found that they had collectively been viewed millions of times. They were able to evade content moderation by avoiding any text that mentions vaccines. (Sophia Smith Galer / Vice)

Google temporarily locked access to former Afghan government accounts amid fears they could be exploited by the Taliban. A source told Reuters that “the Taliban had asked him to preserve the data held on the servers of the ministry he used to work for.” (Raphael Satter / Reuters)

Industry

⭐ YouTube reported having more than 50 million premium subscribers. That number is up 20 million subscribers from last year; I simply can no longer imagine life without ad-free YouTube. (Mitchell Clark / The Verge)

A group of Apple employees published an open letter calling on CEO Tim Cook to improve the company’s record on diversity, inclusion, and equity. The letter comes amid two investigations by the National Labor Relations Board into reports of unfair labor practices. (Carrie Mihalcik / CNET)

Facebook’s collaboration with Ray-Ban appears to be dropping Thursday. Ray-Ban’s official website teased it; meanwhile, Facebook Reality Labs chief Andrew Bosworth appears to be posting videos taken by the glasses on Twitter. (Jamie Feltham / UploadVR.)

Amazon is building a relationship with farmers in India by offering them a mobile app that provides free alerts about soil conditions, pests, weather, and diseases. Access to the Indian produce supply chain is considered essential for building a grocery delivery business there. (Saritha Rai / Bloomberg)