WhatsApp and Ring are the latest companies to embrace end-to-end encryption as a standard cyber security feature to protect their users. As high-level encryption becomes more widely used, it will play a more substantial role in our day-to-day lives. While most people do recognize the benefits, very few understand how exactly it works and what can go wrong. That being said, the unparalleled protection of user data and privacy is a substantial benefit to all, but there has been significant backlash from service providers and other entities that see this as a negative.
How exactly does end-to-end encryption work, and why would anybody want to prevent users from enjoying exceptional standards of cyber security? Read on to find out!
End-to-end encryption (E2EE) is a process that encrypts data sent between a sender and receiver in a manner such that no third party can access it. While there are several techniques used to protect the contents of online messaging and other transmissions, E2EE is widely accepted as the most secure.
The benefits of user privacy cannot be denied, which is why it’s growing in demand and popularity. Last summer Zoom implemented end-to-end encryption for all users, a pivot from previously only offering this feature to paid subscribers. This shift was an early indication that E2EE should no longer be considered a “premium” feature, but a base-level offering to all users.
WhatsApp, one of the most popular global instant messaging services, also employs E2EE to protect the digital content shared by its billions of users, and an Amazon-owned app is following these examples.
Neighborhood watch and safety alert app, Ring, has globally rolled out end-to-end encryption for users across the world. While users do have to opt-in to this feature, Ring has taken this step to reassure customers that Ring cannot view any recorded footage; videos are only available to the enrolled device on which they were captured, and any enrolled devices users choose to share it with. Ring has also confirmed that they do not have the access or authority to hand over captured video to any law enforcement agencies.
Privacy campaigners and advocates for digital rights support E2EE by arguing that ensures online users are free from the threat of unauthorized surveillance from service providers, government agencies, cyber criminals, and any other threat actors.
Why is there such strong backlash over expanded use of E2EE?
As stated above, no third party can access the contents sent via E2EE, and this includes the service provider. This is a departure from standard encryption techniques that do allow for legitimate third parties to intercept and access transmitted data. While unauthorized parties are still prevented from accessing these types of messages, there is still room for a security hole that is ripe for bad actors to take advantage of. Plus, that opens a huge can of worms as to whether companies should be able to access private user data and communications.
Law enforcement agencies are speaking out against mass use of E2EE, citing that it could actually serve to protect cybercriminals. The position of the International Criminal Police Organization (Interpol) is that law enforcement needs privileged access to certain communications, so criminals are unable to hide behind technology and evade justice. Some of these concerns may be valid, but there is no real ban of E2EE on the horizon. The benefits are simply too great.
There is no doubt that we are entering the golden era of encryption. Regardless of the type of encryption that we are using, it will continue to permeate our everyday lives. The more machines that use encryption, the more machine identities we will need. In this new age of encryption, the importance of educating yourself about the best ways to manage and protect those machine identities from falling into the wrong hands cannot be understated. Start your digital transformation today and learn how Venafi’s Trust Protection Platform will protect your machine identities from audit, error, misuse, and attack.
- Schrems II: Modernized Contractual Clauses and End-to-End Encryption
- Level Up: Get End-to-end Machine Identity Lifecycle Protection with Intel® SGX
- Concerned About Social Media Hijacks? Then Don’t Ban End-to-End Encryption.