The War on E2EE

Where are the keys, Lebowski?

Encryption. A word that seems simple, yet very few understand the implications it has on our modern world. It’s practically everywhere in our day-to-day lives — when you use your banking app, when you message your friends, or when you are a whistleblower submitting classified government documents to a group of journalists. Ok, maybe the last example doesn’t quite apply to you, yet it was important to highlight how important encryption is to different groups of people. Unfortunately, despite this seeming importance, I am seeing worrying trends with governmental actors attacking the idea of E2EE.

What is E2EE?

E2EE, or end-to-end encryption usually refers to a communication system, where only the sender and recipient can see the contents of a message. Imagine you sent a letter to Bob and only you and Bob can read it, while USPS and anyone else will only see some meaningless sequence of letters. There are many different protocols for how that could happen and I don’t want to go into great detail explaining technicalities. Check out this great video from Computerphile if you want to learn more:

Think of the Children!

Now that we understand what end-to-end encryption is, we can discuss the potential arguments against it. Obviously, encryption allows criminals to conceal their activity from prying eyes. This is because no one, except for the criminals themselves can see the contents of the messages. As such, law-enforcement agencies, and other security services, often express their opposition to the widespread use of end to end encryption. They say that I bad actors can go undetected and that without end to end encryption our brave security services would be able to capture some very bad people that roam free because they can exchange information securely. Of course, the fear of criminals such as terrorists is a strong motivator to give up encryption. However, there is something the people protect more than their own lives.

Whenever someone mentions children, people tend to sacrifice a lot in order to defend them from evils of the world. With end to end encryption, governments decided to use the threat of child exploitation as a precursor to remove or otherwise weaken the encryption that many messaging services now use. The primary way that governments propose we protect the children is to create a back door for the end to end encryption protocol, so that law-enforcement agencies are able to decrypt messages of private citizens, and detect some of the worst members of society. I wholeheartedly agree that we should do more to find people that pray on the vulnerability of children, there’s no defense for such actions. But the governments are completely misguided that weakening end to end encryption would make the world a safer place.

Encryption, but not really

A lot of encryption algorithm's are designed with the assumption of zero trust, meaning that it is not a good idea to trust a middleman to handle the encryption. This is because if the middleman is hacked, then everyone's messages are compromised. This, by the way, includes a lot of civil servants that work for the government and handle sensitive information. In essense, a lot of governments are proposing that we compromise the middleman by having a way for governments to unlock the E2EE. Law enforcement agencies have long asked tech companies for some sort of a key that would be universal to unlocking all encrypted messages. So, they are saying that encryption would stay in tact, except for cases when the government needs to catch bad people. Assuming that you fully trust the government to not misuse its powers, creating a key that “only” government can use, creates a massive security vulnerability.

People who use locks on their languages may know the TSA has a special key that can unlock the lock. Sorry for tautology. Supposedly, this key should only be available to TSA agent. Unfortunately, you can easily buy those TSA keys call from some shady people for 20$. As you can see, the security measure now becomes totally pointless. Imagine if the government had a key that unlocks every single house in the country. How long do you think it would take before you can buy a key that unlocks your neighbors door for less than your average Amazon purchase? Then, why do we think that it is a good idea to have the same sort of key but for personal communication? If such key existed, I would say that it is an almost guaranteed probability that you could download this key online within a week of its implementation. Governments are not well known for their regard towards date protection. There are always leaks, even from the most sophisticated agencies, such as CIA or NSA.

Citizens, don’t fall for the moral panic!

Every well functioning, member of society wants to see criminals, get caught and punished for their evil actions, especially when those actions threaten the most vulnerable members of our society. This, however, doesn't mean that we should give up our liberties and allow governments to read our text messages for a supposedly safer world. “If you have nothing to hide, then you have nothing to worry about” is a phrase I hear quite frequently. If that's the case, please give me access to your text messages so I can monitor them 24/7, you have nothing to hide right? Weakening end to end encryption will not stop criminals, it will weaken our digital infrastructure security, and allow bad actors to infiltrate into our private lives. I haven’t even mentioned potential abuses from the government in this post because I'm assuming that the government doesn't have malicious intent behind these proposals. Anyhow, we should defend end to end encryption and try and find other ways how we can fight criminals.

I’m just your Average Netizen. Peace