The Expert's View with Jeremy Kirk

Encryption & Key Management , Governance & Risk Management , Next-Generation Technologies & Secure Development

Facebook Keeps Losing the Privacy Advocates Who Can Save It

WhatsApp Founder Jan Koum Is the Latest to Announce His Exit
Facebook Keeps Losing the Privacy Advocates Who Can Save It
WhatsApp founder Jan Koum. (Photo: Dan Taylor, via Flickr/CC)

Jan Koum, the co-founder of the Facebook-owned WhatsApp messenger, is "feeling emotional."

See Also: How to Take the Complexity Out of Cybersecurity

Koum says he's leaving the company to have a break from technology and more time for collecting rare, air-cooled Porsches and playing ultimate Frisbee. Of course, those are luxuries that Koum can afford to indulge.

WhatsApp co-founder Jan Koum's Facebook post on Monday.

Koum and his WhatsApp co-founder, Brian Acton, sold the messaging app to Facebook four years ago for $19 billion. While Facebook's acquisition of WhatsApp mystified some, the app now counts an estimated 1.5 billion users per month, making it one of the most-used software products in the world.

But the Washington Post reports that Koum's exit has been propelled by Facebook's attempts to tap into data collected by WhatsApp and allegedly weaken its encryption.

In response to Koum's post, Facebook CEO Mark Zuckerberg writes: "I'm grateful for everything you've taught me, including about encryption and its ability to take power from centralized systems and put it back in people's hands. Those values will always be at the heart of WhatsApp."

Serial Deniers

Koum's move follows a stir caused by Acton - his WhatsApp co-founder - voicing support for the "Delete Facebook" movement. Acton's impetus: the revelations that voter-profiling firm Cambridge Analytica obtained details on up to 87 million of Facebook's users without their knowledge or consent (see Facebook: 87M Accounts May Have Been Sent To Cambridge Analytica).

Acton departed Facebook last September.

The departures are bad news for everyone. Perhaps we should all feel emotional and go play ultimate Frisbee. The executives' senior positions in Facebook made them some of the few people who could potentially turn around the social networking site's views toward user data.

Koum's upcoming departure follows the planned departure in August of Facebook Chief Security Officer Alex Stamos, who has reportedly demurred over Facebook's handling of Russian disinformation and trolling campaigns (see Probes Begin as Facebook Slammed by Data Leak Blowback).

The departures are bad news for everyone. Perhaps we should all feel emotional and go play ultimate Frisbee. The executives' senior positions in Facebook made them some of the few individuals who could potentially turn around the social networking site's views toward user data.

Koum was a Facebook board member. Now, there are only two board members with operational control: Zuckerberg and COO Sheryl Sandberg. Absent regulatory action, those two will steer Facebook out of its uncomfortable privacy spot. They're also arguably the worst two people to be entrusted to do so.

Until recently, and arguably since then, Zuckerberg and Sandberg have been serial deniers of the problems Facebook has accumulated. It's been a wobbly road, filled with apologies and bromides about protecting user data until the next problem is revealed. Rinse and repeat.

Privacy-Centric Hope

Koum and Acton have long been privacy advocates. In 2016, WhatsApp adopted the Signal encryption protocol. The protocol is well-tested and well-regarded open source code that makes content transmitted on WhatsApp unintelligible to everyone but the intended recipients, using what's referred to as end-to-end encryption. WhatsApp's adoption of the Signal protocol was a remarkable move by a mainstream messaging product to protect user data and privacy.

WhatsApp co-founders Jan Koum and Brian Acton in 2014. (Source: Wikimedia Commons)

For Facebook, however, the encryption layer has made WhatsApp difficult to monetize through targeted advertising. Facebook's digital advertising revenues are intimately entwined with people's personal information, their activity on the site and external internet browsing. So far, however, WhatsApp generates no ad revenue, which is not a good return on a $19 billion investment.

Koum and Acton - both seasoned technologists - had to know that selling WhatsApp to Facebook was a proverbial deal with the devil.

The currency of online companies is data, and perhaps conveniently for technology firms, privacy isn't a feature the masses have found to be a product differentiator. That attitude may be changing as individuals gain more awareness of the tradeoffs they make when using free services. Still, it is hard for even the technically literate to unwind the paths that their personal data might take and all of the new ways organizations may find to use - or perhaps abuse - the information.

Moral Redemption

Of course, then there's $19 billion. That not only buys a large collection of rare, air-cooled Porsches, but also financial independence for your family and its descendants for near eternity.

Acton, however, hasn't given up the privacy fight. In February, he joined cryptography luminary Moxie Marlinspike - co-author of the Signal protocol - to create the Signal Foundation. The Washington Post reports that the foundation hopes to become self-sustaining, in no small part from a $50 million donation from Acton.

On the occasion of the foundation's launch, Acton wrote: "As more and more of our lives happen online, data protection and privacy are critical. This isn't just important for select people in select countries. It's important for people from all walks of life in every part of the world. Everyone deserves to be protected."

If there is a narrow path to moral redemption after the sale of WhatsApp to Facebook, Acton's generous donation is it. But Koum's Facebook departure is worrying. It's unrealistic to think that Koum would have stayed at Facebook forever. Indeed, four years is a longer tenure than most founders log after their startup has been acquired.

But Koum's deep understanding of privacy and security will be a great loss for the social network. Zuckerberg and Sandberg have shown they're incapable of genuinely embracing the long-term implications of their privacy choices.

If Facebook eventually strips out end-to-end encryption from WhatsApp, it will likely be met with the usual outrage in small corners. But like the Delete Facebook movement, it's unlikely to gain steam.

And that's how privacy gets lost, one app at a time.



About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.