Why you should be careful on what you post on WhatsApp

The arrest and charging of Eddy Reuben Illah yesterday in Kiambu has ignited debate about the security and safety of content posted on WhatsApp.

He was charged in a Kiambu court with posting on social media pictures allegedly showing the bodies of Kenya Defence Forces soldiers who were attacked and killed in last Friday’s attack by Al-Shabaab militants in El-Adde, Somalia.

Eddy was charged that on January 16, 2016 at an unknown place within Kenya, he distributed pictures allegedly showing dead KDF soldiers through a WhatsApp group called “Youth People’s Union”.

The charge further said that he did so knowing that the pictures were grossly offensive and with an intent to cause needless anxiety to the family members of the officers and Kenyans in general.

The prosecutor said Eddy committed a crime under Section 29 of the Kenya Information and Communication (KICA) Act 2009.

Improper use of system is explained in Section 29 as;

A person who by means of a licensed telecommunication system—

(a) sends a message or other matter that is grossly offensive or of an indecent, obscene or menacing character; or

(b) sends a message that he knows to be false for the purpose of causing annoyance, inconvenience or needless anxiety to another person

commits an offence and shall be liable on conviction to a fine not exceeding fifty thousand shillings, or to imprisonment for a term not exceeding three months, or to both.

Content published on WhatsApp is encrypted. According to the company’s website

WhatsApp communication between your phone and our server is encrypted.

Even though data sent through our app is encrypted, please remember that if your phone or your friend’s phone is being used by someone else, it may be possible for them to read your WhatsApp messages. Please be aware of who has physical access to your phone.

According to an article published in the BBC, this encryption started in November 2014 by use of an encryption system called TextSecure. It was developed by a non-profit group called Open Whisper Systems.

But as the company explain, human interference makes the encryption useless, when you let anyone access the application.

For the Eddy’s case however, the human interface is the National Intelligence Service (NIS). Since they are unable to directly access data, it means that they use their employees and other point persons, embedded in groups to leak intelligence to them in the many WhatsApp groups Kenyans are in.

In article on technical Dawud Gordon, the CEO and founder of TwoSense, who holds a Ph.D. in computer engineering and is a privacy advocate, data empowerment activist and technologist adds that since they use Public Key Encryption, hacking is possible. He said

Only sender and recipient can encrypt the content. In addition, public key encryption means that anyone on the same network as your phone could gain access to the content of your messages.

Beyond Kenya, the company and parent corporation Facebook has access as well. This makes it possible for them to target you with advertising based on the content of your WhatsApp messaging.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.