The Guardian has said it was “wrong” to report that messaging platform WhatsApp effectively had a “backdoor” through which companies could access users’ private messages.
In a column today, readers’ editor Paul Chadwick said the paper did not test the claim, which would affect the Facebook-owned app’s more than 1bn users, “with an appropriate range of experts”.
The Guardian claimed in its article, published in January, that the app’s security flaw was “so serious that it was a huge threat to freedom of speech”, Chadwick said.
He said critics of the piece had raised concerns that its “overstated claim” about security risks would see casual users become “unduly worried and needlessly abandon WhatsApp for less secure communication methods”.
Chadwick said that in particular concerns were raised that the article could have led to activists in authoritarian regimes who relied on WhatsApp as a secure means of communication abandoning the service for something less secure.
“During the review I independently confirmed that a Turkish government official had used the article when, in effect, attempting to deter users from WhatsApp,” he said.
“It was also confirmed that some activists who had been in the process of switching from a less secure messaging service to WhatsApp became confused by the Guardian story.
“On available evidence, I am unable to conclude whether these effects were widespread. But one case is one too many.”
As part of a “detailed review” into the article, Chadwick said: “I found that misinterpretations, mistakes and misunderstandings happened at several stages of the reporting and editing process. Cumulatively they produced an article that overstated its case.
“The Guardian ought to have responded more effectively to the strong criticism the article generated from well-credentialled experts in the arcane field of developing and adapting end-to-end encryption for a large-scale messaging service.
“The original article – now amended and associated with the conclusions of this review – led to follow-up coverage, some of which sustained the wrong impression given at the outset.
“The most serious inaccuracy was a claim that WhatsApp had a ‘backdoor’, an intentional, secret way for third parties to read supposedly private messages. This claim was withdrawn within eight hours of initial publication online, but [not] withdrawn incompletely.
“The story retained material predicated on the existence of a backdoor, including strongly expressed concerns about threats to freedom, betrayal of trust and benefits for governments which surveil.
“In effect, having dialled back the cause for alarm, the Guardian failed to dial back expressions of alarm.”
He added that Guardian editors did not react to a critical open letter co-signed by 72 experts “in a way commensurate with the combined stature of the critics and the huge number of people potentially affected by the story”.
Chadwick said he did not agree with calls for the story to be “entirely retracted”, saying: “After all the surrounding controversy, the story’s complete disappearance would be odd.
“More importantly, there is a clear public interest in the Guardian preserving (with appropriate amendments) reporting on this aspect of WhatsApp and the inherent trade-off.
“With so many users, watchfulness, news, analysis and debate about the security of WhatsApp are important. Communications privacy is a key element of human rights in the digital era, and developments affecting it ought to be reported.
“Also, Facebook needs scrutiny, both generally due to its power and specifically in its management of WhatsApp.”
But, he said he accepted the “consensus view of the experts” and had arranged, in consultation with editors, for the story to be amended and for a note to be added drawing attention to the review and linking to his column.
The Guardian is not signed up to an external press regulator, such as the Independent Press Standards Organisation, but instead has its own system for handling complaints headed up by the Readers’ Editor.