The UK government will reportedly launch a campaign against end-to-end encryption with a key objective of “mobilizing public opinion against Facebook’s decision to encrypt its Messenger app,” according to a report in Rolling Stone. The campaign is reigniting a debate around public good vs privacy since subsequent draft bills from the UK government would presumably weaken end-to-end encryption or eliminate it.
Major Internet and social media companies have embraced end-to-end encryption (E2EE), including Zoom, which implemented E2EE for all users—not just paid subscribers as it previously did—indicating that E2EE can no longer be considered a “premium” feature but necessary for all users. WhatsApp and Ring also employ E2EE.
The reason is simple. E2EE encrypts data between a sender and receiver so that no third party can access it. While there are several techniques available to protect the content of online messaging, E2EE is considered the most secure.
But end-to-end encryption has become a hot-button topic since it goes to the heart of privacy vs public good concerns.
Privacy advocates support E2EE because, they argue, it ensures online users are free from the threat of unauthorized surveillance from service providers, government agencies, cybercriminals and any other threat actors. Law enforcement agencies, on the other hand, have come out against broad use of E2EE, claiming that it could serve to protect cybercriminals. The position of the International Criminal Police Organization (Interpol) is that law enforcement needs privileged access to certain communications so criminals are unable to hide behind technology and evade justice.
CIO Study: Outages Escalating with Massive Growth in Machine Identities
The UK offensive against end-to-end-encryption
The Rolling Stone report cites a “publicity offensive” by the UK government that is expected to start this month in support of a draft Online Safety Bill.
“Successive Home Secretaries of different political parties have taken strong anti-encryption stances, claiming the technology…will diminish the effectiveness of UK bulk surveillance capabilities, make fighting organized crime more difficult, and hamper the ability to stop terror attacks. The American FBI has made similar arguments in recent years,” the report said.
The new UK government campaign argues that E2EE would hamper efforts to tackle child exploitation online.
But privacy advocates are slamming the government’s plans as “scaremongering” that could put children and vulnerable adults at risk by undermining online privacy, according to Rolling Stone.
The Internet Society has also chimed in arguing that the creation of “encryption backdoors” – that weaken E2EE – “is not true end-to-end encryption.”
“The consensus among technical experts is that there are currently no technical solutions that would allow only certain actors access to private communications and not others. The creation of a backdoor for law enforcement access also creates a common gateway that criminals and hostile state actors can use,” the Internet Society report says.
The Society argues further that if the Online Safety Bill is implemented in its current form, providers will face the daunting prospect of creating secure encryption backdoors.
“For businesses, encryption protects transaction data and confidential business information from interception. End-to-end consumer messaging applications are used throughout the international business world, to negotiate partnerships and carry out exchanges. Research has shown that laws that weaken encryption fuel business uncertainty and can result in significant economic harm,” according to the report.
Encryption—in general—is critical to protecting the privacy of both individuals and organizations. Any campaign that portrays encryption in a bad light endangers the privacy protections that we all rely on. So, while there may be merit in exposing encrypted communications to certain privileged organizations—such as law enforcement—we should be extremely careful how we portray the value of encryption to those who will benefit most from its protections.
Why Do You Need a Control Plane for Machine Identities?
Related posts