What does End-to-End Encryption mean (and why should you care?)

What are these ‘ends’ in end-to-end?

When they refer to end-to-end, the two ends refer to the sender and the receiver. Let’s say you are want to convey some important pieces of information to your colleague. So you are the ‘sender’ and the colleague is the ‘receiver’. The transfer of information could be verbal, by gestures, or even some electronic form such as via telephone, or in the modern days by text messaging, email, or some other form of communication. The last few channels of information are digital and travel from one device to the other over the Internet or the cellular service.

Keep it to yourself, buddy

Let’s say that the information you are providing to your colleague needs to be confidential. This is where you would employ different tactics depending upon whether you are talking in a private space (where you would not be too concerned about someone overhearing your conversation), or in a corner of the conference room where there are other folks (you might use a soft voice and use gestures to make sure no one hears what you are saying), or on the phone (you will confirm with your colleague that the call is not being heard on the speakerphone or there is no one in the vicinity who could listen to the conversation).

But none of these methods could be foolproof because someone could be snooping in your conversation (by lip-reading, watching your body language, or even by tapping the phone line).

This is where the Encryption comes into play.

Encryption — It’s All Greek to me!

So in the above example, the two parties might take precaution to exclude others from the conversation (some of my Chinese friends don’t bother about talking in a soft voice even in the presence of a bunch of others, they just switch to Mandarin!) there are problems when you have to be physically separated from each other.

The electronic bits that represent the conversation need to travel and someone with enough technical chops could intercept these bits and piece together the ‘confidential’ information that you were eager to pass on!

So this is where the Mandarin trick comes into play. Well, sort of (don’t worry, we are not planning to send the two ‘ends’ to the language lessons). The idea is that you expect that some people could hear you talk. And you would want to make sure that they don’t understand what you are saying.

Now you will question that in a small setting you could know that no one understands Mandarin, but when surrounded by a larger crowd you can’t be absolutely sure that no one would understand you. You’re right, it’s a sensible observation!

And yet, this is the theme that forms the basis of how we can solve the problem of preventing others from snooping on your conversation. Or rather preventing them from understanding what they are ‘snooping’. Essentially, just like my friends resort to Mandarin, we convert the information into temporary ‘language’. Thus anyone who tries to understand the intercepted information would just get the gibberish and cry, “it’s all Greek to me“! (Sorry to jump a whole continent in my analogies 🙇‍♂️).

See the following figure:

This illustration shows four different conversations happening. In order to make sure that every pair in the conversation remains private from each other, the ‘language’ or the ‘gibberish’ has to be unique for each.

This process of generating gibberish from perfectly good information has a fancy, mathematical name — it’s called encryption (Ah.. yes, finally coming to the main point of this topic!) Encryption is the encoding of a message to the indecipherable sequence so that only the intended party can decode it. Technically, this gibberish is called ciphertext. Even if someone gets hold of this ciphertext, they won’t be able to access the original information. The receiving party decodes the original information by the reverse process of decryption (We will get into the details of how this is accomplished in a separate topic). And of course, it pertains mainly to all forms of electronic communication that happens beyond the face-to-face communication, including any information that is stored electronically.

Back to the medical environment

When a clinician speaks to another clinician about a patient or directly with the patient, the utmost care has to be taken to protect the information and prevent it from reaching the wrong person. Transitioning to modern reality due to the increasing adoption of digital technology, there are more channels of potentially ‘leaky’ communication.

Additionally, the liberal intrusion of social media into our daily lives has also made it into the medical environment, jeopardizing the privacy of the healthcare constituents.

Why should you care? Two words, HIPAA compliance. And this is where the end-to-end encryption becomes important.

Please see the companion article “How does End-to-End Encryption Work in Practice” for more details on how the process of encryption and decryption work in practice.