Messaging firm Viber is adding end-to-end encryption for 711 million of its users, becoming the latest tech firm to embrace encryption on an massive scale. Making the move even more provocative is the fact Viber is owned by a Japanese conglomerate and operates out of Israel – making it immune to existing and any upcoming U.S. encryption laws.
Viber is not the first messaging company outside the U.S. to offer encryption, but it is the largest by a long shot, said Ed McAndrew, a cyber security attorney with the law firm Ballard Spahr and former federal cybercrime prosecutor.
“This illustrates the global nature of the issue. While in the U.S. we have been very focused on using the courts to gain a tech company’s assistance to accessing encrypted data, we are not going to have that option abroad,” McAndrew said.
The Viber app allows you to make phone calls, swap images and send text messages to other Viber users. Viber said that all forms of communication on all its platforms – Android, iOS, and Windows PCs – will be safe from prying third-party eyes.
Viber will be rolling out the encryption in a new 6.0 release of its software. Once users update their software, encryption will be turned on by default. In order to secure end-to-end encryption all parties communicating will need to upgrade to the 6.0 release or higher.
Viber COO Michael Shmilov said in a company blog its users can “confidently use Viber without fear of their messages being intercepted – whether it is in a one-to-one or group message, on a call, on desktop, mobile or tablet.” Viber said in addition to end-to-end encryption, messaging data stored on devices would also be encrypted.
The addition of encryption to the Viber platform comes just as the U.S. debate over encryption has intensified. On Tuesday, Apple and the FBI faced off in congressional hearings over encryption. Last week, Senators Richard Burr (R-NC) and Dianne Feinstein (D-CA) released a first-draft of a controversial anti-encryption bill. Earlier this month, Facebook-owned WhatsApp added encryption to one billion of its messaging users. And in February, Apple defied a U.S federal magistrate judge’s order to help the FBI break into an iPhone 5c.
Think of Apple’s battle with the FBI as the spark to this debate, McAndrew said. “The issues are getting more attention because privacy and security issues are becoming more relevant to consumers. This is an issue that has grabbed global attention and it’s not going away because it impacts everybody with a smartphone and every business that needs security,” he said.
While Viber has created its encryption in-house and has shared few details, it said today: “… we’ve ensured each user has an individual cryptography key associated with his or her device, allowing you to benefit from an added layer of security.”
Viber told Threatpost: “Viber can access records that show only that one phone number has contacted another phone number. However we cannot access the content of messages or phone conversations.”
On the topic of cooperating with law enforcement or foreign governments the company said: “Viber is committed to cooperating with law enforcement agencies to the best of our ability if anything is brought to our attention that is believed to be illegal or life-threatening.”
McAndrew said that Viber’s location outside the U.S. makes it immune to any encryption legislation passed by Congress. One of the few tools at law enforcement’s disposal, he said, is The Mutual Legal Assistance Treaty. And that is limited in scope and in its ability to gather information from foreign countries, Andrews said.
“We are seeing a Balkanization of data privacy rights and data security laws. Different companies and business and individuals are beginning to make decisions based on the regulatory environment around encryption in any given country,” McAndrew said.
If consumers feel limited by U.S. anti-encryption laws they can simply use products offered by non-U.S. companies, said Kevin Bocek, VP of security strategy at the security firm Venafi. “If that happens law enforcement’s job gets harder and U.S.-based business lose as companies and consumers look beyond U.S. borders for secure business solutions and communications,” Bocek said.
