Why Do We Need a Legislation for End-to-End Encryption- Pros and Cons?
Author: Parth Bathla, FIMT, GGSIPU, Delhi.
The debate over whether or not to ban end-to-end encryption is likely to intensify in the second half of 2019 and into 2020. Recently, high-level officials from the Trump administration met to discuss a potential crackdown on end-to-end encryption. At a meeting of the National Security Council, U.S. government officials weighed the pros and cons of end-to-end encryption. The issue has bubbled to the surface intermittently ever since 2014, when NSA contractor Edward Snowden first publicized the mass surveillance programs of the U.S. government.
The battle between government worldwide and tech companies about encryption had flared up with the clash between FBI and Apple regarding the unlocking of phone to have access to the private information inside the iPhones of those in question. WhatsApp made its own personal contribution to support the tech companies by bringing end-to-end encryption to all of its messages.
Earlier it was easier for government or cybercrime branch or even hackers for that matter to have access to your WhatsApp conversations and the files that you sent or received through the app – Not that this stopped delinquents from anything but only made gathering evidence against them easier.
However, there have always been security issues for common people who are constantly worried that their privacy could be easily invaded and that sending or receiving pictures or videos over the app could actually be unsafe. With end-to-end encryption, your messages are so safe that even WhatsApp couldn’t get access to them even if they wanted to.
Mixed signals on end-to-end encryption
It now appears that key agencies within the federal government have mixed feelings about the idea to ban end-to-end encryption. For example, on one hand are law enforcement agencies such as the FBI and Department of Justice, which view end-to-end encryption as a roadblock in their efforts to track down criminals and terrorists. On the other hand, the Commerce and State departments are less willing to take the heavy-handed step to ban end-to-end encryption, due to fears of the potential economic, security and diplomatic consequences.
And, even within agencies, there are mixed messages about how to proceed. The Department of Homeland Security has officials from several key agencies – such as ICE and the Secret Service – that understandably have a positive view of the plan to ban end-to-end encryption. Encrypted messaging, in their view, prevents them from doing their job. But, conversely, officials from the DHS Cybersecurity and Infrastructure Security Agency perceive end-to-end encryption as a potential national security risk.
The pros and cons of plans to ban end-to-end encryption
What is notable about the debate over whether or not to ban end-to-end encryption is how polarizing the concept has become. Every two or three years, it seems, there is some new event or incident that completely changes how people view end-to-end encryption. Back in 2014, when the Snowden accusations became public, tech companies in Silicon Valley embraced the idea of end-to-end encryption as a way to protect consumers and offer them unmatched privacy and security. Since only the sender and the recipient could read the final message, and the message was never stored on a third-party network, it gave complete peace-of-mind to users that government officials couldn’t snoop on their messages.
But then came the upswing in terrorist events in 2016, and suddenly, end-to-end encryption began to be viewed as a tool of the “bad guys” looking to evade detection by government and law enforcement officials. In 2016, there was a bipartisan attempt to pass a bill to ban end-to-end encryption, but it never gained enough traction. And there was a high-profile showdown between Apple and the U.S. government, which wanted Apple to unlock the phones of users suspected of terrorist activities.
Which brings us to where we are today. Silicon Valley tech companies, once viewed as the “good guys” saving us from intrusive Deep State actors, are now seen as the worst offenders when it comes to personal privacy and data security. Nobody really trusts Facebook any more, even if the company offers users the ability to send encrypted messages via Facebook Messenger or WhatsApp. And, even though Apple says all the right things when it comes to privacy, people are very circumspect these days about the ability of mobile devices to collect data on them and then share it with unwanted third parties.
The plan to ban end-to-end encryption around the world
Right now, it appears that coming up with a policy to ban end-to-end encryption is a top priority, based on the participants at the National Security Council meeting. One option is simply to put out a statement on the issue, in order to guide both public and private sector participants on how to deal with encryption. Another option is to encourage the U.S. Congress to pass a bill to ban end-to-end encryption, thereby forcing tech companies to abide by the government’s current view of end-to-end encryption. But is that really viable?
Willy Leichter, vice president of Virsec, weighs in on attempts to ban end-to-end encryption: “The encryption debate resurfaces frequently because it frustrates law enforcement, but banning encryption or opening back doors simply won’t work and can potentially undermine overall internet security. Encryption is simply advanced mathematics, and banning math is like banning an idea – it won’t just go away. Practically unbreakable encryption algorithms are widely available – if a US-based service can’t provide end-to-end encryption, then dozens more will pop up outside the country that are equally effective.”
If the Trump administration pushes Congress for legislation, tech companies such as Facebook and Apple would need to work on a solution that provides encryption for messages, but also simultaneously provides a “back door” or some other feature that would allow law enforcement officials a way to track terrorists and criminals. For now, though, it appears as if Congress is unlikely to approve any measure to ban end-to-end encryption.
In the UK, intelligence officials have even proposed a compromise third way. They have suggested a so-called “ghost protocol” that would enable law enforcement and intelligence officials to listen in on calls or messages, the same way that they currently eavesdrop on telephone calls. Doing so would not ban end-to-end encryption – instead, it would add government officials or security agents as “ghost” participants on a call without the knowledge of users. That proposal, though, has been roundly denounced by top tech companies on personal privacy grounds.
And, indeed, most efforts to legislate away encryption are criticized. Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, shares his view: “Once again, we have politicians trying to legislate what they do not understand. The message just doesn’t seem to be getting through – if you undermine encryption, create a backdoor, then you will weaken security defenses that are used by our very own government. It’s a really bad idea, once a backdoor is created it won’t stay secret for long and will just create blueprints for cyber attackers to steal private data and sneak into encrypted communications. I understand that it’s frustrating that police can’t access encrypted communications, but creating a backdoor isn’t the answer and it’s totally unrealistic to simply ban the use of such services – this will only hurt their legitimate, law abiding users.”
The path forward for end-to-end encryption
Whatever the U.S. government decides to do about the plan to ban end-to-end encryption, it’s a safe bet that governments around the world will follow its lead. And it might even embolden some nations – especially China – to become even more intrusive in how they snoop on citizens without their knowledge.
Dan Tuchler, CMO of Security First, agrees that the encryption issue could be abused by some governments: “Often there is a fine line between positions on an issue, but on this one there is no grey area. An authoritarian government will always seek to exert control by monitoring its citizens, using the reasoning that safety of citizens is more important than any erosion of their rights. The United States has a long history of mottos such as ‘Live Free or Die’ emphasizing the common conviction that the balance should always lean towards freedom of speech. We don’t like it when suspected terrorists have the ability to communicate on encrypted channels, but we need to catch them a different way, so that we can protect one of our most important fundamental rights. So yes, phone vendors will need to improve their ability to protect our private data, using stronger encryption.”
Thus, end-to-end encryption may not be a perfect system, but it’s certainly preferable to Big Brother snooping on every call or reading every message. As a result, a general position on encryption from the U.S. is needed now more than ever. For government agencies to continue to work together in concert, rather than at cross-purposes, they must be united in how they view the plan to ban end-to-end encryption. For now, turning to Congress for legislation may be the optimal path in terms of gaining bipartisan support for the issue, even if the time needed to put this legislation into place might well extend into 2020.