end to end encryption system for apps

App end-to-end encryption

Advertisements

With end-to-end encryption for messaging apps appearing in the news, we look at why this is desirable and why there is a fight against it.

Apps

Facebook Messenger, WhatsApp, iMessage, Viber, Telegram, and many more apps have end-to-end encrypted messages.

With end-to-end encryption, your messages are described as 'secure,' only visible to the intended recipients' phones. The message can't be read by anyone else as it passes over the internet from your phone to your contacts' phone.

This security is good; you can send personal information, login details, and social security numbers, criticize the current government, or discuss your thoughts on the latest news without being overheard. When using an end-to-end encrypted secure messaging app, you have Privacy. This means when sending an end-to-end encrypted message to one contact then, the message can only be read on that contact's phone.

While your contact has your message, there is nothing to stop them from sharing it with the person sitting next to them or sharing their phone with a friend, so the end-to-end encryption only secures the message from interception or modification as it travels over the internet. The two ends of end-to-end are the two phones - sender and recipient; the message is not decrypted at any other points.

All this confidence in secure messages is great. You could call it a basic human right to have access to unbreakable encryption for your messages. Why should only garments be secure from hackers reading their conversations? Why should big companies have the right to read your communications?

The Problem

The big problem with unbreakable end-to-end encryption that is so useful for the consumer is that the evil-doers can also ab(use) it.

You are not the only person that wants their chats to be secret from everyone other than their intended recipient. The criminals also want their messages secure. From terrorists to drug barons, they need communication, and they need it to be secure from law enforcement snooping to carry on their evil deeds unchecked. Privacy for criminals is an important, if not mandatory, feature.

A Dilemma

It is a dilemma. How to give the average man in the street, journalists, and all those who want it an unhackable, unbreakable end-to-end message system that criminals can't use? You can see that it is an impossible situation. It is impossible to give one person a secure app and restrict others from having it. If one person can have security from interception, everyone, including criminals, can have security from interception.

Backdoors

It is possible to add a 'backdoor' into encryption which allows anyone with access to the key to read or alter the message; law enforcement can read the message sent by the criminals. But the system doesn't know who is a criminal, and it can't read the message until it has been decrypted and read to see if the message contains 'red flags' of criminal communication. If the messages are being read by a system that is not the intended recipient, it is not end-to-end encrypted. There is a break in the middle. Your messages are not secure; if one government agency has the key, you can assume all of them do, including foreign powers and hackers. It only takes a small crack in a security system to be blown wide open, and then everyone has the potential to intercept the messages. Having a backdoor in the message system, no matter where it is not a secure message.

Weak Encryption

Weakened encryption can lead the message to be read with some effort (time) by law enforcement, but so can bad companies, hackers, foreign governments, your ex, or anyone with enough money to see the messages.

The Solution?

I don't see a technological solution that gives the good guys a level of message security from eavesdropping or interference not afforded to those with bad intentions and criminal communication.

Would the good guys be happy with no encryption, like in the old days before end-to-end became a standard feature? Absolutely not; many groups are fighting the cause to keep, improve and stop the dilution of end-to-end encryption for home and business users. What doesn't get mentioned is the strong end-to-end encryption used by criminals to protect them from law enforcement and time in jail.

Bottom Line

Would you be willing to give up your end-to-end encryption if it meant that more drug dealers spent more time in jail?
(or terrorists were prevented by the good guys from committing an atrocity because the messages they sent could be intercepted, at the risk of all of your message being read, by anyone en-route to the contact you chose).


Message Apps with end-to-end encryption:

Dust - Private Messenger
Facebook Messenger
iMessage
Kik Messenger
Pryvate Messenger
Signal
Telegram (only when 'Secret')
Threema
Viber
WeChat
WhatsApp
Wickr Me (Going away)
Zoom

Corporate/Governmantal

Wire
Element
Mattermost
Silent Phone

Email

ProtonMail

Communications systems that were sold to criminals that have encryption:

Ennetcom (Modified Blackberry)
Phantom Secure (Modified Blackberry)
Sky ECC (Shutdown)
Ciphr (Modified Blackberry)
Anom (Honeypot)
Encrochat (Compromised)

These systems are hardened over snooping by law enforcement, governments, and hacking. Their communications were often run on private servers; some have remote wipe function 'kill switch,' self-locking, hidden partitions, and hidden apps with PIN to aid the security of the phone and its messages.


Posted

in

by

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *