Back in 2016, the FBI attempted to compel Apple into unlocking the messages on an iPhone belonging to a suspected mass murderer. In Apple’s official refusal, the company led by Tim Cook explained how they designed their end to end encryption service so that even their own manufacturers could not gain access to user messages. Then, a few months later, WhatsApp, the messaging service acquired by Facebook, made a surprising announcement. It had just unleashed end to end encryption (E2EE) for its billion+ users.
These events kickstarted an era of back and forth between enforcement agencies and big tech over end to end encryption. One that today has yet to be resolved. Let’s take a look at exactly what end to end encryption is, how it protects users, and who are the entities attempting to ban it today.
What is Encryption?
Let’s start with a quick definition of encryption:
Encryption involves a process of scrambling data that enables only authorized parties to understand the information. Technically, it converts plaintext to ciphertext using cryptographic keys.
There are two types of encryption commonly used:
Symmetric encryption – Uses only one key, and all parties use that same key for data encryption and decryption.
Asymmetric encryption – Also called public key encryption, involves 2 keys, one is private and the other is the public key, which is shared publicly.
End to end encryption is a type of asymmetric encryption, so you have the 2 keys:
- A public key (accessed by anyone with access to a server, such as with a messaging platform)
- A private key (accessed only by each of the two parties involved in a message)
It would look something like this:
Alice starts using a messaging app and a private and public key are generated.
- Alice’s private key stays on her phone.
- Her public key stays on a server, ready for when someone sends her a message.
Bob sends a message a Alice.
- Alice’s public key is retrieved from the server to encrypt Bob’s message.
- Now, only Alice’s private key can decrypt (and read) the message.
- The encrypted message file goes through a server to Alice.
- Alice’s private key decrypts the message so she can read it.
End to end Encryption Definition
End-to-end encryption essentially makes communications between two people using a messaging app completely unavailable to 3rd parties. Moreover, decrypting the message by brute force (as with programs that try to guess the private key sequence) is for all intents and purposes impossible. So, no one except the sender and the receiver of the message should be able to encrypt and decrypt the data sent between them.
As such, governments, owners of messaging platforms, phone manufacturers, law enforcement agencies and phone companies cannot get to these messages. Even if there is a court order requiring the release of that info.
To take the messaging example, end-to-end encryption scrambles data to all but the sender and receiver. In addition to Apple and WhatsApp as mentioned above, many other services have added end-to-end encryption to better secure the privacy of their users, who demand it. Some of these apps include:
- Kakao – An instant messaging service that offers free texting and calling. 93% of South Korean smartphone users were using Kakao as of 2017.
- Line – A Japanese freeware app for sending texts, images, videos, video conferences and audio clips. They recently also added a cryptocurrency exchange service.
- Vega Messenger – This Belgium-based messenger service offers end to end encryption for communications as well as for sharing files. Vega is geared towards corporate and governmental communications.
- Wire – Similar to Line, the Wire service offers free messaging, etc. and is focuses on enhancing collaborative, online workplaces.
- Signal, Viber, and other messaging services.
Reasons for banning end to end encryption
There are three major threads of resistance to E2EE. The following are the main arguments of enforcement agencies and governments:
- Law officials want a way into these messages because they feel it is necessary to combat crime and terrorism. Furthermore, their view is that their ability to access messages is more important to a person’s and country’s security than privacy.
- They’ve had access to messages in the past. Such as with physical documents and emails. So, when court-ordered, companies had to give up the data to officials. More modern tools are necessary for modern times, they say. So they want a way to continue using people’s communications to fight crime. Only this could be on a much grander scale, as we discuss later in the article.
- Officials need a way to access the messages, but only of those people who seek to harm us in some way. But the rules surrounding who accesses what are non transparent.
The second bullet point, about their having access throughout the history of communications, doesn’t stick. Because when phones first came on the scene, very little of a person’s time was spent talking on the phone. Especially when compared to how much ‘in person’ communication people still had. Same again when emails hit the scene. Governments and authorities enjoyed access when they had a court order.
Our communications have changed
But now things are very different. Just last year, Forbes reported that apps for communications represent the bulk load of our time spent on mobile devices. In fact, they estimated that people spent 85 million hours in WhatsApp alone in the last three months.
Our entire way of communication has changed. And our personal messages take up a bigger share than our in-person communications. Like it or not, our world is becoming more Internet-based and more global. So not only are we able to use our phones to communicate, but the potential number of people we can message is wildly beyond what we’ve ever experienced as humans in real life.
In addition, the expanding gig economy combined with the ability for companies to develop global markets are making international teams more common. It’s not just personal communications that have settled in online, it’s our workspaces too. This is a far cry from a bit of daily emailing or occasional calls on our old-timey landlines.
If the government and authorities were to have access to our messages in this day and age, it would likely be equivalent to having our offices, schools, social activities, and all personal, financial and work-related conversations under surveillance and/or at risk for backdoor hackers. Certainly, this is not the policy of a free country.
The problems with banning E2EE
Some government agencies, when they talk of banning ETEE, emphasize security reasons. But other officials actually recommend it and use it in their own communications. They also understand the privacy risks. But what most cybersecurity professionals will tell you is that if you create a back door, or a way in to access the messages, this poses enormous risks to the users. These experts fear a backdoor could cause a systemic weakness that could wreak havoc on big tech platforms.
Banning end-to-end encryption actually would undermine security, in their minds. So while it would make investigations or law enforcement possibly easier for officials, a backdoor would also make it easier for hackers and spies to access private data. Another huge problem would be at-risk people, such as abuse victims and political exiles, whose risk would be much greater should loopholes be created.
In the US, the Department of Justice and the FBI agree that being able to catch criminals and terrorists outweighs these risks. But other agencies, such as the State Department and the Department of Commerce do not always agree. Their viewpoint is that opening these backdoors could have major economic, security and diplomatic consequences. Interestingly, all of these agencies have a unique understanding due to the urgency of encrypting their own sensitive data.
Why you can’t really ban end to end encryption
The real kicker is that even if a government forced the removal of E2EE from WhatsApp or other messaging apps, this would not solve the problem of criminals communicating and/or carrying out terrorist acts. The software for enabling end-to-end encryption is open source and publicly available.
Another major challenge revolves around apps used in foreign countries. If your US-based messenger app is used by someone in China, would we build a back door for Chinese officials?
Some governmental authorities think Apple and Facebook are intentionally creating services that are outside the reach of the law. But on the other hand, these tech giants may be simply providing the security their customers want and feel they have a right to.
Who is Banning E2EE?
Some countries are attempting to banish E2EE to maintain a surveillance state. China, for instance, has banned WhatsApp and Snapchat due to encryption. Which is not a huge surprise. A recent report came out regarding how Chinese border guards are requiring visiting tourists entering the country to download a surveillance app on their phones. Surveillance there is a matter of standard policy.
Russia has also repeatedly tried to ban crypto favorite, Telegram, a messaging service that uses end to end encryption. When that didn’t work, they disabled Google and other popular websites in an effort to take down the rogue app. Still, Russians continue to enjoy wide access to Telegram.
In the “free” world, Germany, the UK, and the United States have all been discussing a ban on E2EE in their respective countries. More recently, the subject has resurfaced with a vengeance in America. The administration is now looking into banning end to end encryption techniques that repel law enforcement officials from accessing communications.
A special case – Australia
Leading up to the commonplace usage of end-to-end encryption, Australia already had laws in place requiring tech companies to give over the comments of suspected criminals. In August of 2018, a draft bill was presented to require a workaround on platforms providing end to end encryption.
The parliamentary committee handling the draft bill submitted their report on Dec 5th. Just a few weeks later, in time for the hectic holiday season, 173 of the bill’s amendments were dropped in order to get the bill rushed through before year end. One remaining amendment provided an out – but only if the backdoor solution created by a tech company would pose a systemic weakness.
Many governments are worried that end-to-end encryption will destroy their ability to fight crime. The reality is that spying on a country’s people is only one way to do so. It’s also one that poses its own serious security risks.
“I believe the future of communication will shift to private, encrypted services where people can be confident what they say to each other stays secure and messages and content won’t stick around forever.” Facebook CEO Mark Zuckerberg
Note: There are some issues with many messaging apps, including WhatsApp, that hint at E2EE not being the only tech necessary to guarantee privacy in communications. That’s because while the data you send via messaging is secure, your IP address and phone number are not. Many apps recommend a VPN service because of this problem. Additionally, users sometimes back up their iMessages to the iCloud, which disables end-to-end encryption.