Is Kakao’s encryption promise just for show?

October 16, 2014
The companies announced the merge on Monday.

The companies announced the merge on Monday.

By Yoon Sung-won

Experts differ over the feasibility of Daum Kakao CEO Lee Sirgoo’s pledge to strengthen privacy protection, no matter the cost.

At a news conference Monday, Lee said strengthened encryption protocols will “apply not only to one-on-one conversations but also to group chats and to KakaoTalk’s desktop version in the first half of next year, even if it hampers the ease of use of the service.”

An information security expert said that it will be challenging to make this pledge a reality.

“Encryption technology is not used in group chats because it leads to a surge of data traffic, that overloads the servers,” said Kim Seung-joo, a professor at the Korea University Graduate School of Information Security. “I praise the company’s pledge because the effort will cost money to develop a technological solution for this.”

He added that Daum Kakao’s promise to strengthen its privacy protection more than that of global standards can be interpreted as willingness to regain user confidence which has been lost.

Telegram, a German mobile instant messenger service, said last week that more than a million new subscribers registered to its service, most of them Koreans who switched services en masse from Kakao.

Kakao said it will adopt an encryption level equal to that of Telegram, which boasts a heavily-protected one-on-one conversation built around end-to-end encryption technology.

However, another expert says that this is not worth the additional cost and will undermine user convenience.

“The encryption is not complicated because it only requires standard encryption to be applied to update the application,” said Kim In-sung, a former professor at Hanyang University’s computer science and engineering department, at a recent forum. “There is no need to involve servers or systems either. I don’t think the encryption process requires a considerable amount of money, nor will it reduce usability.”

Meanwhile, worries about user privacy in the Kakao case appear to have been taken out of proportion.First, to monitor the private conversations on a mobile instant messenger from a server in real-time, the prosecution and the police need a warrant to gain access to it to conduct inspections and install special devices.

However, the service provider may refuse to cooperate with the warrant implementation without being charged, citing a disruption in the service.

Of course, the authorities may force their way into the servers location and set up the monitoring devices themselves.

During the National Assembly audit of the Seoul High Prosecutors’ Office on late Thursday, the Daum Kakao CEO made it clear that it is currently impossible to monitor conversations on KakaoTalk in real-time.

“We neither have monitoring devices nor do we intend to get them,” Lee said, adding that his remarks on Monday that the company would no longer respond to warrants did not mean that he was disregarding the law.

For the confiscation of previous records, the server operators have no legal option but to provide what is requested in a warrant. To beat this, operators can shorten the period of storage of messages.