Does end-to-end encryption (E2EE) matter to you? Which side are you on?

Does end-to-end encryption (E2EE) matter to you? Which side are you on?

Introduction

In "Does your privacy matter? Why you may need to value E2EE (Non-Technical analysis)", we:

  • Identified End-to-End encryption (E2EE) as the practice of encrypting and securing information as it is being transmitted from Point A to Point B.
  • Explored what E2EE is, why it can be important for you, and how you may already be using it today in applications such as WhatsApp and Zoom.
  • Covered how E2EE stops people from accessing messages and content as it travels the communication pipes of the internet.
  • Saw how tech companies are accelerating the adoption of E2EE in their solutions (including Instagram, Messenger, MS Teams, Zoom etc.).

We also introduced the controversy that exists around the use of such encryption technologies spanning individual privacy v.s. Public safety.

In this article, I explore the arguments in favour and against the usage of E2EE, as I wanted to make a more robust, better opinion around this topic.

Arguments put forward against E2EE

The main argument against E2EE is built on the potential risk to Public Safety and National Security.

E2EE is so successful at protecting data from third parties that it provides a "safe space" for criminals and terrorists to communicate with no limit. Otherwise said, the technology that protects millions of innocent people also protects the criminals' confidentiality.

E2EE stops intelligence officers (as third parties to the people at Point A and Point B) from accessing the evidence they need to detect and act on serious crimes such as:

  • Child Safety in terms of child porn, child abuse and online grooming of minors.
  • Sexual predators.
  • Harmful content.
  • Human trafficking and safety of vulnerable individuals.
  • The war on drugs.
  • Terrorism and national security.
"In serious cases related to allegations like terrorism, murder, and physical abuse, this data protection becomes a major hindrance to public safety and national security."

Regulation and enforcement agencies warn that such technologies ultimately:

  • Help criminals and terrorists "go dark" because companies and security agencies cannot access the content of encrypted communications, even when faced with a warrant. This also applies to both entities that are cooperating and not cooperating.  
  • Incentivise the practising of illegal activities.  
  • Shift the ability to investigate criminality or abuse only after it has taken place, thereby limiting any ability to detect and prevent it from happening in the first place.

These agencies are also actively asking tech companies to:

  • Stop their usage and implementation of E2EE across services.
  • Provide authorities with a backdoor that would allow them to access the data they want to whenever they need to investigate illegal or harmful situations.

The main public arguments are built around the moral duties technology companies have to actively help prevent child abuse online over any other priority such as selling advertising, phones and online games.

Bottom line battle call is between adult privacy v.s. child safety, often citing the "if you have nothing to hide..." argument proposing that unless individuals are engaging in illegal activity they have nothing to fear from surveillance.

Charities have supported these arguments identifying how more vulnerable children are in such environments where

  • 1 in 3 online users are children (NSPCC Report, April 2021) and
  • 94.3% of reported children attacks originating from social products.
  • Private messaging is at the front line of abuse.
  • E2EE provides higher security to adults at the expense of children safety.

Arguments put forward in favour of E2EE

Privacy and digital rights groups argue that the freedom of information, communication and choice must be protected at all costs. There is an immediate recognition that E2EE diminishes the ability of either "big brother" or any other unauthorised entity/individual to:

  • Read and access personal information and communications.
  • Access photos, communications, health and geolocation data to interfere, harm, stalk or bully.
  • Map out public sentiment around specific topics being discussed in private.
  • Censor information.
  • Impose what people can read/view, leaving groups and society to self regulate and determine what is tolerated/not.
  • Find people opposed to their views.
  • Manipulate moods and opinions.
Privacy is considered by many to be an innate human right and privilege

Civil liberties advocates like Snowden and Mcaffee have praised and promoted the usage of such technologies as a step forward for users' privacy and cyber-security:

  • Identifying how the scale of modern computing power can be used for both good and abuse.
  • Supporting the use of technology (like Microsoft PhotoDNA) to help detect sexual content or suggestive messaging designed to groom and entice children in private messages, but not selectively applied at the discretion of central power.  
  • Referencing several instances of abuse of power of knowledge. Even if your governments behave responsibly, can you say the same as all others, globally? What about rogue states? or states that will not think twice about controlling their citizens through surveillance. Technology companies have no purpose in discriminating between one government and another. A blanket approach is more appropriate here.
  • Developing a zero-tolerance policy towards any entity using its access to information to manipulate people for personal gain at scale.

Furthermore, E2EE is necessary to support emerging or digitally transforming industries such as Fintech, InsureTech, EdTech etc., where the ability to communicate and transact securely is a core requirement. Using an example, securing the communications with E2EE between you and your bank prevents third parties from intercepting sensitive instructions and correspondence.

Bottom line is that the loss of a fundamental right like privacy to make the authorities jobs easier is not justified.

Security professionals also chipped in confirming that if a backdoor exists, this same backdoor can be discovered and used by criminals, thereby invalidating all the intended outcomes of the E2EE work.

Wrapping up

Wow, is this a lot of stuff to think about!

So much to gain! And so much to lose!

It is best to sleep over it!

I will take all of this information and perform additional analysis to take a position around this in a future post.

Who knows, it might surprise you. However, no matter my position, I would love to learn more about yours! This is an important topic, and we can only learn and grow through constructive conversations.

This post and the information presented in newsletter, events and website content are intended for informational and entertainment purposes only. The views expressed herein are of the author alone and is not a recommendation of an investment strategy or to buy or sell any security, digital asset (including cryptocurrency) in any account. The content is also not a research report and is not intended to serve as the basis for any investment decision. While certain information contained herein has been obtained from sources believed to be reliable, neither the author nor any of his employers or their affiliates have independently verified this information, and its accuracy and completeness cannot be guaranteed. The content is not legal advice. Any third-party information provided therein does not reflect the views of andremuscat.com. Accordingly, no representation or warranty, express or implied, is made as to, and no reliance should be placed on, the fairness, accuracy, timeliness or completeness of this information. The author and all employers and their affiliated persons assume no liability for this information and no obligation to update the information or analysis contained herein in the future.

You've successfully subscribed to Andre Muscat
Great! Next, complete checkout to get full access to all premium content.
Welcome back! You've successfully signed in.
Unable to sign you in. Please try again.
Success! Your account is fully activated, you now have access to all content.
Error! Stripe checkout failed.
Success! Your billing info is updated.
Billing info update failed.