Encryption, For Everyone, Everywhere.

Thankfully, the days of it being cool to demonize technology in a blanket fashion are coming to an end. Even over the course of my career, things have shifted and people have realized that it’s much more useful as a tool for productivity, learning and even to help us d-estress. Few things bring as much joy as a YouTube video of a talking husky. There is something brewing however which does cast somewhat of a shadow on this progress. It protects our privacy when we communicate with others, enables the secure sharing of files and keeps prying eyes from our data in general. Let’s engage in one of my favorite things, learning about a topic so we’re armed to make our own decisions! This is the troubled world of end-to-end-encryption.

E2EE as it’s been dubbed for short, in very basic terms is a means of transmitting data in a secure manner between one device and another. This could be a message, or a file, or some other piece of data. The important thing here is that only the sender and the recipient has access to whatever is being transferred. Privacy is something I’m a huge proponent of and, in my opinion, it shouldn’t be something which is only for the technically savvy. E2EE when deployed in things like photo sharing and messaging applications ensures that this privacy is simply “baked in” and transparent to the user. It just works. No setup, no difficulty, no confusion.

What enables this to function is digital keys, held by the sender and the recipient. When you send an encrypted message, your device scrambles it into something unreadable by an intermediary. The “middle man,” be that an ISP or your cellphone provider or someone with nefarious intent, can’t easily decipher and peek into what you’re sending. It takes the key held by the receiving party to descramble the message and reveal its contents. Again, this is near-instantaneous and happens without input from either user. Great, right? Well it’s exactly this resistance to eavesdropping which is making some people nervous.

Now, there are already lots of apps using this technology. iMessage, WhatsApp, Facebook Messenger, to name a few have all deployed full E2EE to make your conversations safe from prying eyes. Secure email has existed for years and years, this is something which is an old concept deployed in new ways. Its wide adoption though brings friction, largely from parties worried about creating “safe” methods for people to engage in criminal activity. If you can’t intercept something mid-transmission and check it for bad behavior, how can these bad actors be caught? It’s the potential for misuse of this privacy which puts it in jeopardy for everyone.

The solution to this is a secret, skeleton key-esque backdoor which affords, typically the owners of the application, a method of decrypting and viewing these messages. A court could then feasibly require a company to use this backdoor for the purposes of surveillance. The danger, and why this method holds no water for me, is in its power. If you design something to be inherently less than watertight from a data security standpoint, who’s going to govern the use of this circumvention? What about if one of these purported criminals gains access to this backdoor? How long until it’s simply used for routine screening of ALL messages, and it’s no longer of any use to be encrypted at all?

In my opinion, which incidentally is shared with the majority of tech security professionals, is that the solution is much more dangerous than the issue it’s trying to solve. The average person shouldn’t have to sacrifice here, as privacy is too important to relinquish in the name of theoretics.