Tech

Western Gov’s Want to kill End-to-End Encryption, Pushback from Cyber Community

endtoendencryption

Western governments like Australia, Canada, New Zealand, the UK, and the US as well as India and Japan have released a joint statement calling tech firms to “enable law enforcement access to content” upon production of a warrant.

In other words, these western governments are looking to bring an end to “end-to-end encryption”, stating that the technology is getting into the way of investigations into serious crimes such as terrorism and child abuse.

End-to- end encryption is a system of communication where only the communicating users can read the messages.

In principle, it prevents potential eavesdroppers – including telecom providers, Internet providers, and even the provider of the communication service – from being able to access the cryptographic keys needed to decrypt the conversation.

end to end encryption

The statement’s signatories call for tech firms to “embed the safety of the public in system designs, thereby enabling companies to act against illegal content and activity effectively with no reduction to safety, and facilitating the investigation and prosecution of offenses and safeguarding the vulnerable.”

The GCHQ (Government Communications Headquarters – the intelligence and security organization responsible for providing signals intelligence and information assurance to the government and armed forces of the United Kingdom) went as far as to come up with a proposal for adding an extra party to an end-to-end encrypted chat via a “ghost” feature.

This gives us an idea into the sort of approaches intel agencies have in mind.

Many security experts do not agree with the methods outlined in the proposal and argue that they undermine the privacy of end-to-end encryption (E2E).

E2E encryption systems are effective and trusted because they use cryptographic keys to encrypt and decrypt communications.

These keys are held on the devices of the users, such as smartphones, rather than with the carriers or providers.

What this means is that the users don’t have to trust their ISP’s or service providers not to snoop because they simply do no have access.

Popular instant messaging apps such as WhatsApp, iMessage, and Signal have placed E2E encryption in the hands of the average smartphone user.

whats app end to end encryption

Western governments claim that they support encryption in general but more as a way to secure e-commerce transactions and protect the communications of law abiding citizens and businesses.

Really, they are saying it is just E2E encryption that they have issues with because they hamper with investigations of serious crimes.

The anonymous privacy activist behind the Spy Blog Twitter account noted that:

Malware can be used by law enforcement against individuals targeted in surveillance operations, a tactic which if successful gives access to content without needing to break encryption.

And police in countries such as the UK, for example, already have the ability to compel disclosure of encryption secrets from suspects.

Many security experts are criticizing the latest government push to mandate back-doors and make E2E accessible only to law enforcement.

They have compared it to the 1990’s when a similar push was made and it led to failed government encryption policies which included efforts to control the US export of encryption technologies and attempts to mandate key escrow.

Katie Moussouris, chief exec of Luta Security and an expert in bug bounties, tweeted:

Encryption of any type can be viewed as a branch of applied mathematics but arguments that “anyone can implement encryption in a few lines of code” miss the point that what governments are seeking is to “make encryption tools inaccessible to the broader public,” according to noted cryptographer Matthew Green.

So what makes this government push different than the failed crypto wars attempt in the 90’s?

Simply put, governments have more levers to apply pressure on tech firms, including app store bans.

A recent example is the recent threat made by the Trump administration to ban TikTok in the US over supposed national security concerns unless owners Byte Dance sold the technology to a US firm.

Green noted: “The current administration has demonstrated that app store bans can be used as a hammer to implement policy, and you can bet these folks are paying attention.

“I also think that sideloading capability is likely to be eliminated (or strongly discouraged) in a regime where encryption bans are successful,” he added.

“End-to-end encryption is a key tool towards securing the privacy of everyone on the planet, as the world becomes more connected. It must not be derailed, instead the police should be better funded for traditional investigation,” Muffett said on Twitter.

About the author

mm

Denise Elizabeth

Denise is one of our Senior Editors who has over 5 yrs hands-on Experience in the IT Software Procurement industry as well as extensive experience in forensic accounting.

Denise has a Master Degree in Organization Development and a Bachelors in Science in Accounting & Business Administration. He career path has taken her through several Tech companies and she's come to work for ITDM full-time as our Senior Editor.

What Topics Interest You?