End-to-End-Encryption: A Reasonable Balance for Communication
By Alexandr Solad on August 7, 2018
As the world becomes increasingly digitized, securing personal information is a top priority for businesses, governments, and the global population as a whole. Globalization, integration, and information transparency raise demands on secure connections via encrypted messengers to maintain confidentiality. The fundamental principle of these kinds of communication is end-to-end encryption (E2EE), a relatively safe mode of interaction that allows users to bypass third-party censors such as telecommunication providers, security organizations, and government institutions.
The idea of full anonymity in communications is a concern for law enforcement agencies around the world. The widespread use of encrypted communications certainly creates challenges for governments in addressing terrorism, cybercrimes, drug dealing, trafficking, and the trade of illegal weapons.
This problem is not new, but increased terrorist activity and more ubiquitous cyberattacks pave the way for these concerns. It is well known that when the self-proclaimed Islamic State (ISIS) first emerged, its leaders urged jihadists to communicate via Telegram, an encrypted messaging app.
Threat Actor Communication
Underground criminal forums are a perfect example of how encrypted communications shield the anonymity of threat actors but still allow them to reach each other. Hackers and carders widely use Telegram for the marketing and sale of illegal goods, as well as for spamming and flooding activities. Iran, which is considered by the U.S. government to be a terrorist-sponsored state, had around 40 million Telegram users, and classified the messenger as a subversive power used during the past December riots.
Messengers like WhatsApp, Telegram, Viber, Signal, and WeChat, which have tens or even hundreds of millions of users, are treated by some governments as a potential danger to national security because of the end-to-end encryption algorithm they use that law enforcement can’t decrypt by using regular methods.
Countries are taking various approaches to eliminating the disadvantage that this puts them at. We can broadly group their responses into two categories. The first, and most rigid, is a total ban on such messengers — this happened with Telegram in China, and Iran has also taken this route, launching Soroush, a state-owned application, in its place. While citizens aren’t forced to use the Iranian alternative, the removal of Telegram has seen the number of Soroush users climb to more than 11 million since it was first made available at the end of April 2018.
These tactics certainly amount to some level of state censorship, and they risk violating the right to freedom of expression. Article 19 of the UN’s Universal Declaration of Human Rights is very specific, stating that “this right includes freedom to hold opinions without interference and to seek, receive, and impart information and ideas through any media and regardless of frontiers.”
The second approach is less strict and aims at establishing reasonable government surveillance over E2EE. According to an analysis from the Global Legal Research Center, 12 nations, including Brazil, Canada, Israel, Japan, and South Africa, as well as the European Union, have legitimate rights of access to private information as long as it is sanctioned by the court or government authorities. The proviso is that access is related to national interests or a threat to security. However, most of the legislation being applied to this problem is outdated, with some being adopted in the mid-’90s, while innovation in current technologies continues to rapidly gather pace.
This is a primary reason why governments are working to make revisions to laws in the United Kingdom, Australia, and in other countries. Among the most recent examples, the Russian Federal Security Service (FSB) demanded that Telegram provide its encryption key within a 15-day period or the app would be blocked under legislation enacted in 2016 to combat terrorism. That same demand was delivered to Viber. Telegram denied this request.
An Inevitable Drift
How the creators of these apps respond will certainly be a milestone in relations between technology companies and governments. The importance of the Russian market for Telegram is tremendous, meaning the company is unlikely to want to lose it. The app’s creator, Pavel Durov, faces a choice to either build rapport with the Kremlin or provide new technological solutions that would enable users to bypass government regulation. The huge minus of allowing government access to encrypted conversations is the potential creation of backdoors, which could ultimately be exploited by hackers.
E2EE provided by global IT companies is becoming more sophisticated and at the same time, more controlled, which hits law-abiding users and nullifies the idea of true privacy when using personal devices for communication. Unfortunately, the cybercriminal underground has more options available to keep its activities hidden. Threat actors have the opinion that “if you want to be anonymous on the web, then run your own server.” It means an inevitable further drift toward such decentralized messenger protocols like the Jabber (already very popular with members of dark web forums) or Discord platforms created and operated by small groups of users.
Threat intelligence solutions provide one possible resolution to this issue that may keep governments and law enforcement agencies as well as individuals who are concerned about their privacy happy. Some threat intelligence solutions can identify hidden and even encrypted channels of communication linked to threat actors like cybercriminals, terrorists, and drug and weapon dealers, and then pass that information along to the appropriate law enforcement agencies. That way, the privacy of law-abiding individuals remains secure and free from interference by their governments, but crime stoppers still get the intelligence they need to take action.