WhatsApp Encryption

Well, a month ago when I wrote a piece of how WhatsApp group admins in South Africa had been warned that they were legally responsible for the content that is shared in the groups, I expressed my concern on what would happen if the same law was extended to Kenya.

Well,it has happened. In an elections preparedness stakeholder’s breakfast meeting held today, Communications Authority of Kenya Director General, Francis Wangusi said that WhatsApp group admins will be held responsible for the “spread of falsehood and hatespeech” within their groups. Mr Wangusi said that group admins have the mandate to ensure that memebers of the group do not spread any form of hate speech, rumours or fake news.

“… We have identified 21 County WhatsApp platforms and we have indicated to their administrators that they have to take action before we deal with them,” said Mr. Wangusi.

It was also revealed that Communication Authority’s monitors had already started ‘doing their job’ and were monitoring telecommunications gadgets, social media platforms and mainstream media, looking for any form of hate speech.

Read More: Safaricom Refuses to Install Kenya’s Communications Authority Device Management System

In attendance, was the National Cohesion and Integration Commission (NCIC) chairman, Francis Ole Kaparo, who said that the organization had launched a massive crackdown on offensive websites and other social media platforms.

A major concern however, is how these two organizations (CA and NCIC) will monitor WhatsApp groups without breaching people’s privacy. The truth is, WhatsApp messages are encrypted, according to their privacy policy:

We do not retain your messages in the ordinary course of providing our Services to you… We also offer end-to-end encryption for our Services, which is on by default, when you and the people with whom you message use a version of our app released after April 2, 2016. End-to-end encryption means that your messages are encrypted to protect against us and third parties from reading them.

However, digging deeper into the company’s privacy policy, you will find the following statement under the ‘Law And Protection’ section:

We may collect, use, preserve, and share your information if we have a good-faith belief that it is reasonably necessary to: (a) respond pursuant to applicable law or regulations, to legal process, or to government requests…

Also, I have to express my concern over a very vague statement within the privacy policy that says:

When we share information with third-party providers, we require them to use your information in accordance with our instructions and terms or with express permission from you.

The fact that WhatsApp is able to store (read preserve) messages on their servers and can share your information with third-parties, is what worries me. A report that was released recently, indicated that WhatsApp was ranked poorly when it came to user privacy.

The report indicated that WhatsApp failed to tell users about government requests to access its servers, the company also does not explicitly state that it prohibits third-party access to its user data, nor does it say that third parties are prohibited from allowing WhatsApp user data to be used for surveillance purposes.

Read More: WhatsApp Is Not Doing Enough To Guard User Privacy – Report

So, there is a possibility that the Communications Authority of Kenya and NCIC can access messages sent through WhatsApp and since they plan to “hold WhatsApp group admins liable for hate speech”, they must have a way to do it and my bet is, WhatsApp is in on it.

We reached out to both NCIC and the Communications Authority to comment on the issue and at the time of publishing, they had not responded.

My intention is not to scare you, but to make you aware that the government is not bluffing and you should be careful of what you share on social media and not just WhatsApp.

Group admins on the other hand, your job just got a whole lot serious.


  1. Hey Saruni. Great articles on the work NCIC and CA are doing to monitor social media. I’ve read both your articles and there’s an insinuation you make about monitoring WhatsApp that is incorrect.
    As you cited above, WhatsApp messages are encrypted and prevented from third party access. As you also cited, WhatsApp can share user data UPON REQUEST from government bodies, and access your data with EXPRESS PERMISSION from you.
    WhatsApp is not monitoring Kenya users for hate speech. However, if NCIC asks for say, my data, based on a belief that I’m spreading hate speech, then yes, WhatsApp can share it with NCIC.
    So how then will NCIC or CA know when I spread hate speech on WhatsApp? As mentioned in the CA guidelines that you brought to our attention in your other article on this matter, section 13.7 states :

    “Social media service providers shall be required to pull down accounts used
    in disseminating undesirable political contents on their platform that have
    brought to their attention within 24 hours.”

    Another section asks the public to bring such hate speech incidents to their attention.
    Public Facebook groups and Twitter can be monitored by CA’s monitors. As you know, WhatsApp is trickier. It therefore becomes the responsibility of the wananchi to report hate speech that is shared in those private spaces where NCIC or CA cannot reach.

    In summary, Whatsapp is not monitoring WhatsApp user accounts for hate speech nor can NCIC or CA monitor your WhatsApp groups (your articles imply this) , BUT any communication sent on WhatsApp is regulated. Meaning that when brought to their attention, data can be shared by WhatsApp upon request.

    In 2013 we, as ihub Research, ran a hate speech project called Umati, where we monitored hate speech online. At the time, some local media reported us as monitoring all social media and sending the names of perpetrators to NCIC. This was incorrect. Hence, my current sensitivity to incorrectly reporting on online media monitoring.

Comments are closed.