The popular end-to-end encrypted communication application, WhatsApp, which boasts a user base of approximately 3 billion individuals globally, is preparing to launch cloud-based artificial intelligence (AI) features in the coming weeks. These new capabilities are designed to uphold WhatsApps foundational security and privacy principles while simultaneously offering users innovative tools for message summarization and composition.

Meta, the parent company of WhatsApp, has been progressively integrating generative AI functionalities across its various platforms. These features are developed using Metas open-source large language model, known as Llama. Currently, WhatsApp allows access to its AI assistant through a light blue circle feature. However, this addition has raised concerns among users, who are apprehensive about the fact that interactions with the AI assistant are not shielded by the same end-to-end encryption that protects regular WhatsApp conversations. In response to these concerns, Meta has introduced a new feature called Private Processing. This initiative aims to create a specialized platform dedicated to processing data for AI tasks without granting access to the information for Meta, WhatsApp, or any external entity.

Initial evaluations of the integrity of this new system have been encouraging, but some experts caution that the introduction of AI features might lead WhatsApp down a precarious path. Chris Rohlf, Metas director of security engineering, emphasized that WhatsApp is frequently scrutinized by a variety of researchers and potential threat actors. He remarked, WhatsApp is targeted and looked at by lots of different researchers and threat actors. That means internally it has a well understood threat model. Rohlf added that the company is not only focused on expanding this threat model but is also dedicated to maintaining existing privacy expectations for users, ensuring that the implementation of AI enhancements does not compromise user experience.

WhatsApps end-to-end encryption guarantees that only the intended sender and receiveror the members of a group chatcan access the content of messages. This means that neither WhatsApp nor Meta can access users' calls or messages, a feature that typically conflicts with standard generative AI platforms that rely on cloud servers and need user data and requests for processing. Through the development of Private Processing, WhatsApp aims to establish a framework that honors the privacy and security commitments synonymous with end-to-end encrypted communication while also incorporating the benefits of AI.

Users will have the option to opt into WhatsApps AI features and can also prevent others in their conversations from utilizing these AI capabilities by enabling a new function called Advanced Chat Privacy. According to WhatsApps blog post last week, When the setting is on, you can block others from exporting chats, auto-downloading media to their phone, and using messages for AI features. This feature operates similarly to disappearing messages, where any chat participant can toggle Advanced Chat Privacy on and off, and such changes are visible to all members of the chat, encouraging awareness of privacy settings.

The infrastructure supporting Private Processing utilizes specialized hardware that creates a Trusted Execution Environment (TEE), a secure and isolated region within a processor. This system is meticulously designed to process and store data for the shortest time necessary, and it has built-in safeguards that halt operations and alert users if any tampering is detected. WhatsApp has already begun inviting third-party audits of different facets of this innovative system and plans to incorporate it into the Meta bug bounty program, motivating the security community to report any flaws or potential vulnerabilities they discover. Furthermore, Meta intends to eventually release the components of Private Processing as open-source, thereby allowing for greater verification of its security measures and enabling other developers to construct similar services.