End-to-End Encryption: The Good, the Bad and the Politics – Security Boulevard

Heres what you need to know about the debate overend-to-end encryption

Its that time of the year when we grab ourpopcorn and witness another chapter in the age-old battle between governmentsand tech companies. Once again, governments are attacking tech companies forgiving criminals a safe place for their communication, while thecompanies say they are protecting privacy.

After Apple and WhatsApp, Facebook is the latest platform to make the headlines in the ongoing encryption debate end-to-end encryption to be precise. In an open letter addressed to Mark Zuckerberg, co-founder & CEO of Facebook, the governments of the U.S., U.K. and Australia have asked the social networking giant not to proceed with its plans to implement end-to-end encryption across Facebooks messaging services. And not only that, theyve also reaffirmed their request for a backdoor in the encryption of messaging services.

But before you form any opinions on this situation, its essential to know what end-to-end encryption is and what it does.

Lets hash it out.

Well get to end-to-end encryption in abit but before that, lets first understand what encryption is and what itdoes.

Consciously or unconsciously, we all sendand receive a lot of information when we use the internet through our devices.And some of this information is confidential (passwords, financial information,personal photographs, etc.) and could cause a lot of damage if someone stealsor tampers with it. So, how do we make sure that no one does that? Well, thisis where encryption comes in.

Encryption is the technique that turns ourdata into an undecipherable format so that no third party can read or alter it.Its what keeps us safe in the ocean of the internet.

Heres an example of a phrase of textthats been encrypted:

As you can see, theres no way to figureout what the encrypted text means unless, of course, you have the private keyto decrypt it.

Facebook Messenger already uses encryption just not end-to-end encryption. Normal encryption (a.k.a. link encryption)works like this:

Note that in this scenario, Facebookcontrols the encryption/decryption, and Facebook has access to the decryptedmessage.

Now, lets get to end-to-end encryption. Its precisely what it sounds like end-to-end encryption facilitates the type of encrypted communication that only the sender and receiver can read/see. No one in the middle including Facebook, the government, or another messaging service provider can read/decrypt messages being sent from one device to another.

In other words, the messages you send aredecrypted at the endpoint of the communication the device youre sendingmessages to. The server youre sending the data through (i.e. Facebook) wontbe able to decrypt or view your messages.

The distinction between the two is that while normal or link encryption encrypts the data, the server transmitting information between two devices has the ability to decrypt the encrypted data. End-to-end encryption, on the other hand, uses the server to transmit the data (how else would the data transfer take place?), but it doesnt allow the server to decrypt the data. Therefore, the server is just a medium that facilitates data transfer of encrypted information. Hence, WhatsApp or any other end-to-end encrypted app wont be able to read your information (even if they want to).

Security professionals and privacy experts largelysupport the idea of end-to-end encryption because it better protects your datafrom hackers and other parties who may want spy on you. When you allow the datatransmitter (the messaging service provider in this case) to decrypt yourmessages, youre leaving a significant potential security hole that could causeproblems if the server is compromised, hacked, or surveilled.

If the information is protected end to end,though, theres no point in intercepting information halfway down the line asits in an encrypted format. Thus, it protects the privacy of millions ofpeople and assures them that no one not even the messaging service itself could read their private information. For this reason, experts (includingorganizations such as the Electronic Frontier Foundation (EFF), the Center forDemocracy & Technology, and others) are advocating for the use ofend-to-end encryption in messaging apps.

The main argument against end-to-endencryption (and in favor of link encryption) is that end-to-end encryption createsa safe space for criminals to communicate where theres no thirdparty who can read and perform security checks on their messages. In otherwords, the technology thats supposed to protect the privacy of millions ofpeople and businesses protects the confidentiality of criminals as well.

Im not saying that Im in favor of thisargument, but it undeniably does hold some water. If the server was able to decryptthe data, we can have a system that would help in catching the bad guys. In thecase of end-to-end encryption, this option is gone. I dont know what othermotives they may have, but this is the argument that the governments of the U.S.,U.K., and Australia are using to do away with end-to-end encryption.

While the argument made by variousgovernments might make sense to a certain extent, theres always a questionmark regarding their full intentions. Do they care about the crimes that may behidden because of end-to-end encryption, or are they crying foul in order toserve a bigger agenda: having the power to easily spy on people?

So far, seeing the evidence thatsavailable to us, both seem likely to be true.

And its worth noting here that EdwardSnowden, the famous National Security Agency whistle-blower, previouslyrevealed that the intelligence services in the U.K. and U.S. had beenintercepting communications through various channels for many years on a massscale. So, where do you draw the line as far as governments interference isconcerned? Encryption can be used for good and for bad, but so cansurveillance!

If youve been following this entire encryption saga, you must have stumbled across the term backdoor.

Basically, a backdoor is a mathematical feature of the encryption key exchange that could decrypt the end-to-end encryption, and no one knows about this except the ones who made it (the messaging service). In popular words, its like a secret key. So when, lets say, a judge orders a warrant to hand over certain information in a decrypted format to the government, the messaging app (or the government agency) could use this backdoor to give your decrypted information to the government.

But, again, this comes with a danger a massive one. What if this powerful tool falls into the wrong hands? If a cybercriminal somehow gets hold of this secret key, they could have access to all of your private pictures, messages, etc. and do who knows what with them! And thats why creating a backdoor could be even more dangerous than concerns about standard encryption.

Dont Get Breached

91% of cyber attacks start with an email. 60% of SMBs are out of business within six months of a data breach. Not securing your email is like leaving the front door open for hackers.

Implementing end-to-end encryption wouldmean that even Facebook itself wont have access to the information beingshared through its messaging service. This seems quite contrary to the businessmodel that Facebook has built around data monetization.

So, why doesnt Facebook want the data? Doesit really care about privacy, or is there something else hiding behind thecurtain?

One possible reason why Facebook plans to implement end-to-end encryption is to simply move away from the pressure of law enforcement, court orders, warrants, and controversies. Currently, Facebook uses artificial intelligence (AI) and a team of human moderators to monitor the content and messages sent via its platform. They then report suspicious communication/content to authorities. This content moderation system is the source of a lot of expense, negative news coverage and even lawsuits for Facebook.

With end-to-end encryption in place, this couldall go away because Facebook wont be able to decipher the communication. Theycan simply say sorry, we cant access the content even if we want to. Thatcould save Facebook a lot of time, money, and hassle.

Considering that Facebook has already implemented end-to-end encryption in WhatsApp, the most extensively used messaging service that it owns, it seems likely that end-to-end encryption will be implemented in Facebooks other services as well. The question is what happens next? I expect the governments championing the call to eliminate end-to-end encryption to shift gears and attack the tech companies with more ferocity. Further down the road, this never-ending battle could spark into a fire, and ordinary users could be its witnesses or become engulfed in it.

As always, leave any comments or questions below

*** This is a Security Bloggers Network syndicated blog from Hashed Out by The SSL Store authored by Jay Thakkar. Read the original post at: https://www.thesslstore.com/blog/end-to-end-encryption-the-good-the-bad-and-the-politics/

See the original post:
End-to-End Encryption: The Good, the Bad and the Politics - Security Boulevard