Why We Need End-To-End Encryption
Discussion about the importance of online privacy and end-to-end encryption became lately a standard, not an exception. Although we may be happy that finally these issues are being addressed at all, the tone of this discussion is slightly worrying.
Last days of August brought the news about French interior minister aims: Encryption in messaging applications is widely used by terrorists. We will work with Germany to deal with the issue. There are no details of such initiative, but what we know is that both countries would like to limit end-to-end encryption (E2EE) for mobile communicators users. It might happen by forcing internet companies to decrypt communication on request, it might also mean introducing backdoors to existing technology. France and Germany want the initiative to become global and it may be possible; in May, Hungarian parliament passed an amendment to ban E2EE, there are also vivid fears over shape of new legislation in the UK.
The proposals are supported by arguments such as “better sharing of crucial information between member states” or “strengthening controls on borders outside the EU”. Earlier this year, French government was officially warned by National Agency for Information Security that if its demands for crypto backdoor will be fulfilled, it’s going to have really “disastrous effect” on computer security. Also European Data Protection Supervisor, Mr Giovanni Buttarelli, said that using encryption without backdoors should be allowed for users to protect their electronic communication.
What Is End-to-End Encryption And Why Is It Important?
To better understand the importance of the discussion about E2EE, let’s go through the basics of this technology.
In this method of securing the communication, the key to encryption is known only by the sender and by the recipient of the message. When a message is sent, it’s not decrypted when it’s stored on the service provider’s servers (e.g. as Google does). It’s fully encrypted all the time and nobody may access its content. Even the company providing a messaging service. Even a government organs (unless they get one of the user’s device, but still — look at Apple’s vs FBI case).
Right now E2EE is offered by WhatsApp, Signal and Telegram messaging apps — and all of them are targeted by rhetorics standing for an encryption ban.
End-to-End Encryption Ban — It’s All Wrong
I intellectually understand the origins of political will that now drives France and Germany towards limiting the privacy of their citizens. I understand fear over terrorism, especially in the wake of such horrible attacks, as last year’s in Paris or not really long ago in Munich. I really do and I suffer a lot when I think over what happened there — because these attacks exposed Europe’s weaknesses.
And although I wish all the European governments to undertake relevant actions to prevent such events in the future, sorry — limiting privacy of citizens, especially lurking or snooping on them over the internet is an utterly wrong way.
Every kind of domination, whether democratic or autocratic, threatens the individual’s freedom. These days, however, the attack on privacy is carried out in accord with justice, morals, and law. Transformations of domination are always accompanied by changes in the technologies of power.
Limiting privacy, especially these days, is a pure manifestation of state’s domination. The state needs to prove that it is capable of domination — because it covers state’s weakness and lack of ability to tackle the threats. It’s a saddening conclusion. Moreover:
The state has never limited itself to ensuring freedom. It has always been concerned to expand its power, even on the pretext of contributing to the moral improvement of society. […] Accordingly, privacy is ideologically suspect. Having apolitical beliefs, not voting, being indifferent to power games, refusing to applaud — these count as betrayals of democracy.
By limiting citizens’ privacy, the state says: “We don’t trust you. Everyone’s suspected — and that’s why we need to watch your every step”. Sorry, but if we agree to this, we admit that the terrorists we fear so much have already won over us. Terrorism spreads fear. Fear brings instability, lack of trust, everlasting state of emergency. It’s easier to disintegrate such a stirred society, isn’t it? It’s easier to control it. And, at the end — to ultimately shackle and dominate it.
End-to-end encryption ban is not only politically dangerous. Times have changed; right now the majority of our life is digitalised. We rely on our devices, we communicate in a slightly changed, entirely digital way, we transfer our money, thoughts and work through web and mobile apps. It became normal for a human being — to be a part of a bigger network. Ban on E2EE means that suddenly all of this — our health, finances, even physical well being — are in danger.
What’s the most important thing and a conclusion I’d like to highlight here, is that privacy itself is a freedom we’ve been forging out through centuries, as a culture, as a civilisation.
Like any freedom, privacy doesn’t guarantee the moral good.
Law — even the strictest one — doesn’t produce virtue or morality. The existence of privacy means it can be used both in wrong and lawful ways — but just because it might become of use for bad purposes, does it mean that we should allow it to be taken away? What about resignation from other freedoms and privileges? Let’s limit other freedoms we enjoy as Europeans — the freedom of movement, the right to work and live anywhere within EU, the privilege of being a part of something bigger — a community forged out of common values and background — just because people cannot be forced to use them in a good way.
But then, if these values, freedoms and privileges disappear, what else is there to defend?
(All quotes here come from the great essay by W. Sofsky — Privacy. A manifesto. Go and read it, as it broadens perspective. Seriously.)