In May, the Facebook-owned messaging app sued India over new rules issued by the country’s IT ministry that could break end-to-end encryption around the globe.

A few days later, the company announced the introduction of a way to let you encrypt a backup of your WhatsApp messages, preventing anyone who doesn’t have your encryption key (or, alternatively, a password that you set) from reading the contents of any of your messages.

Will Cathcart: We’re always focused on what we can do to protect the privacy of people’s messages.

People’s messages are very sensitive.

We’ve had end-to-end encryption for five years, which means if you send a message to someone on WhatsApp, we can’t see what you sent as it passes through all of our servers.

But the reality is there’s other things we can do to protect people’s messages.

One is to actually help people’s messages not live forever?

Many people don’t back up their messages, but a lot of people do?

We wanted to see if we could find a way to add the same level of end-to-end encrypted security that you get when you send a message across WhatsApp to those backups.

Or if that’s too intimidating or too hard, which we think it will be for a lot of people, we’ve come up with a system where we’ll store the key for you using hardware security modules, which means we don’t have a way to access it.

As you mentioned, in recent years we’ve seen stories about state-sponsored hackers attempting to access the WhatsApp messages of government officials, diplomats, activists, journalists, and human rights activists, among others.

But WhatsApp came in for criticism last week over the fact that it allows users to report each other, and to include recent messages in the reports they submit.

For what it’s worth, in this area — I haven’t heard people who use WhatsApp tell me they think the idea that we let people report is a problem.

Unfortunately, there are going to be some people who are going to try to abuse it — send out spam, send out phishing messages, send out things that are trying to make the experience for people less safe.

Again, we can’t see the messages people send, but we can see when someone reports to us.

We think we’ve found a way to have an end-to-end encrypted system that has the level of security people need for their private messages — but uses things like reports, and some of the metadata we have, to ban people who appear to be sharing childhood exploitative imagery.

I think that’s very consistent with people’s model of privacy: if I send you something and you think it’s a problem and you want to ask for help, you should be able to.

When I talked to ProPublica’s president about all this, and he said look: at the end of the day, this company is saying that WhatsApp messages are totally private, when in fact in some cases they’re reviewed by humans.

Anyone who uses WhatsApp can go in and hit the report button, and it gets used a lot?

It’s really transparent when you do that, that it’s going to send messages to us.

End-to-end encryption protects all of our users?

It’s usually framed as like, “are you picking privacy or are you picking safety?” I see this as the same thing — end-to-end encryption is one of most powerful technologies we have to protect people’s safety all around the world.

And I think that’s been a good thing?

Sometimes when you look at some of the proposals on breaking encryption, or traceability in India, or scanning every private photo against the database, and you just apply it to “Hey, how would you feel about doing this in people’s living rooms?” Most people have an instinctive horrified reaction.

If people who want to organize can’t communicate in private, I think that undermines their ability to advocate for change.

I think there’s a lot of core tenets of democracy and liberalism that actually rely on people being able to have private information.

Does that break encryption in WhatsApp globally, or can you contain the fallout to India somehow — and maybe eventually in other countries who might adopt similar rules?

I get that when we launch things like end-to-end encrypted backups, there are going to be some people who criticize it