Does end-to-end encryption (E2EE) matter to you? Which side are you on?

Introduction

In “Does your privacy matter? Why you may need to value E2EE (Non-Technical analysis)”, we:

  • Identified End-to-End encryption (E2EE) as the practice of encrypting and securing information as it is being transmitted from Point A to Point B.
  • Explored what E2EE is, why it can be important for you, and how you may already be using it today in applications such as WhatsApp and Zoom.
  • Covered how E2EE stops people from accessing messages and content as it travels the communication pipes of the internet.
  • Saw how tech companies are accelerating the adoption of E2EE in their solutions (including Instagram, Messenger, MS Teams, Zoom etc.).

We also introduced the controversy that exists around the use of such encryption technologies spanning individual privacy v.s. Public safety.

In this article, I explore the arguments in favour and against the usage of E2EE, as I wanted to make a more robust, better opinion around this topic.

Arguments put forward against E2EE

The main argument against E2EE is built on the potential risk to Public Safety and National Security.

E2EE is so successful at protecting data from third parties that it provides a “safe space” for criminals and terrorists to communicate with no limit. Otherwise said, the technology that protects millions of innocent people also protects the criminals’ confidentiality.

E2EE stops intelligence officers (as third parties to the people at Point A and Point B) from accessing the evidence they need to detect and act on serious crimes such as:

  • Child Safety in terms of child porn, child abuse and online grooming of minors.
  • Sexual predators.
  • Harmful content.
  • Human trafficking and safety of vulnerable individuals.
  • The war on drugs.
  • Terrorism and national security.

“In serious cases related to allegations like terrorism, murder, and physical abuse, this data protection becomes a major hindrance to public safety and national security.”

Regulation and enforcement agencies warn that such technologies ultimately:

  • Help criminals and terrorists “go dark” because companies and security agencies cannot access the content of encrypted communications, even when faced with a warrant. This also applies to both entities that are cooperating and not cooperating.
  • Incentivise the practising of illegal activities.
  • Shift the ability to investigate criminality or abuse only after it has taken place, thereby limiting any ability to detect and prevent it from happening in the first place.

These agencies are also actively asking tech companies to:

  • Stop their usage and implementation of E2EE across services.
  • Provide authorities with a backdoor that would allow them to access the data they want to whenever they need to investigate illegal or harmful situations.

The main public arguments are built around the moral duties technology companies have to actively help prevent child abuse online over any other priority such as selling advertising, phones and online games.

Bottom line battle call is between adult privacy v.s. child safety, often citing the “if you have nothing to hide…” argument proposing that unless individuals are engaging in illegal activity they have nothing to fear from surveillance.

Charities have supported these arguments identifying how more vulnerable children are in such environments where

  • 1 in 3 online users are children (NSPCC Report, April 2021) and
  • 94.3% of reported children attacks originating from social products.
  • Private messaging is at the front line of abuse.
  • E2EE provides higher security to adults at the expense of children safety.

Arguments put forward in favour of E2EE

Privacy and digital rights groups argue that the freedom of information, communication and choice must be protected at all costs. There is an immediate recognition that E2EE diminishes the ability of either “big brother” or any other unauthorised entity/individual to:

  • Read and access personal information and communications.
  • Access photos, communications, health and geolocation data to interfere, harm, stalk or bully.
  • Map out public sentiment around specific topics being discussed in private.
  • Censor information.
  • Impose what people can read/view, leaving groups and society to self regulate and determine what is tolerated/not.
  • Find people opposed to their views.
  • Manipulate moods and opinions.

Privacy is considered by many to be an innate human right and privilege

Civil liberties advocates like Snowden and Mcaffee have praised and promoted the usage of such technologies as a step forward for users’ privacy and cyber-security:

  • Identifying how the scale of modern computing power can be used for both good and abuse.
  • Supporting the use of technology (like Microsoft PhotoDNA) to help detect sexual content or suggestive messaging designed to groom and entice children in private messages, but not selectively applied at the discretion of central power.
  • Referencing several instances of abuse of power of knowledge. Even if your governments behave responsibly, can you say the same as all others, globally? What about rogue states? or states that will not think twice about controlling their citizens through surveillance. Technology companies have no purpose in discriminating between one government and another. A blanket approach is more appropriate here.
  • Developing a zero-tolerance policy towards any entity using its access to information to manipulate people for personal gain at scale.

Furthermore, E2EE is necessary to support emerging or digitally transforming industries such as Fintech, InsureTech, EdTech etc., where the ability to communicate and transact securely is a core requirement. Using an example, securing the communications with E2EE between you and your bank prevents third parties from intercepting sensitive instructions and correspondence.

Bottom line is that the loss of a fundamental right like privacy to make the authorities jobs easier is not justified.

Security professionals also chipped in confirming that if a backdoor exists, this same backdoor can be discovered and used by criminals, thereby invalidating all the intended outcomes of the E2EE work.

Wrapping up

Wow, is this a lot of stuff to think about!

So much to gain! And so much to lose!

It is best to sleep over it!

I will take all of this information and perform additional analysis to take a position around this in a future post.

Who knows, it might surprise you. However, no matter my position, I would love to learn more about yours! This is an important topic, and we can only learn and grow through constructive conversations.

NOTE: Views are my own, based on my observations and experiences. I believe in productive discourse and welcome opportunities to refine my understanding through discussion. Comment in the comments area below or reach out on hi@andremuscat.com

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store