Bloomberg Screwed WhatsApp’s Screwup
How the media spreads misinformation and ignorance in the form of clickbait
Last week, WhatsApp discovered (and patched) a vulnerability that enabled a sophisticated Israeli spyware company called NSO to gain access and control to users’ devices. The media went crazy on this story and promptly started copying and paraphrasing each other in order to get into the feeding frenzy that the story became. Typically, when this happens, there’s always the incentive for reporters to stand out from the rest of the headlines by spinning the story in a different way and this case was no exception. Notably, Bloomberg posted what could easily be described as the most misguiding headline of them all, titled:
“WhatsApp’s End-to-End Encryption Is a Gimmick”
It wasn’t long before the internet raised hell against Bloomberg and its author, Leonid Bershidsky. As a result of the backlash Bloomberg changed the headline to “End-to-End Encryption Isn’t as Safe as You Think” — a change that was made only worse by the caption on twitter that read “WhatsApp’s hack shows end-to-end encryption is largely pointless”. These headlines are all what we call clickbait: captivating headlines that make you click to read a story. The story argued that encryption can’t protect against the specific breed of spyware that is NSO’s Pegasus system, which is true, however the headline implied that encryption is pointless, which is false. In fact, WhatsApp boasts the most coveted encryption protocol in the world which is called Signal (also used by Signal Messenger and Criptext Email). But, the fact is encryption has nothing to do with this story whatsoever.
To understand this let me summarize what the story was actually about. The Pegasus spyware took advantage of an opening, a vulnerability in WhatsApp’s voice calling feature that enabled the spyware to silently sneak into a user’s device. Again, this has nothing to do with WhatsApp’s end-to-end encryption, which is a process that cyphers your communications in a way that only the sender and recipient can read the message, thus protecting against any third party that wants to snoop or intercept the message.
For years the world has known about NSO’s Pegasus program which silently sits under the device’s Operating System (Mac, iOS, Windows, Android, etc) can control the entire device remotely without the user ever noticing. It can log every keystroke on the keyboard, record the screen, open/close applications, activate the camera and microphone remotely as well as remove and slide in data at will — some truly scary stuff. This spyware has been used by governments across the globe as a national security tool to deter terrorism criminality. However, many reports have alleged that some governments have misused this tool for political oppression, corruption, extortion and personal gain. Reporting on the seriousness of the Pegasus spyware is great, but that’s not what Bloomberg did here. Instead, it literally said, in many different ways (captions, headlines and content), that encryption is a useless gimmick by tech companies to make you feel more secure.
As a proponent of privacy and freedom of speech, I personally took offense to the headline because, a) it spread misinformation and b) it discounted the value of encryption in guaranteeing the privacy of day-to-day conversations via email, voice or text. In a nutshell, Bloomberg argued that the front door is useless because a thief got in through the window.
What is off-putting about the whole situation is that the author clearly knew the benefits of encryption and despite that he clearly chose a headline that would cause a stir. You had to dive deep into the story to be able to understand the reporter’s true argument. Reporters often bake-in half truths in order to get more clicks. The fact is that in the writing room you’re measured by the traction your story gets and not by the contents of it. I’m not a reporter, but having dealt with many reporters that have written about my encrypted email company, Criptext, I know first hand that their choice in headlines is guided by what makes people click rather than what the story is truly about. The perfect example is when we launched Criptext last year as the most secure email service ever made. The reporter at Venture Beat knew of its technical achievements, yet he chose to go with an almost a farfetched headline that read:
Criptext‘s Mizrachi escapes from a Colombian prison to launch a secure email platform
Ultimately the outcry was potent enough to at least make Bloomberg change the headline, even if it it was still a bad headline. People in the cybersecurity space spoke aloud and although their voices were heard, the damage was done and with Bloomberg’s far reaching distribution channels, the story was misunderstood by many to be a problem in WhatsApp’s encryption. As a founder of an email company that uses Signal to send end-to-end encrypted emails I can unequivocally say that WhatsApp’s encryption is quite possibly the best and most trustworthy encryption in existence.
WhatsApp has since patched the vulnerability that lead to the buzzy story, but Bloomberg never backtracked on their intentions to sell clicks rather than verified information. If you can take anything out of this story let it be that online media’s sole objective is to make you click and they’ll achieve that goal at all cost — event if it means bending the truth.