E-Threats

Is Somebody Else Reading Your Chat Conversations?

iStock_000052296872_Full

The Paris terrorist attacks fuelled governments’ not-so-secret desire to enhance mass surveillance at the cost of people’s privacy – by accessing private, encrypted communications sent via popular online services such as WhatsApp, Apple and Gmail. But can end-to-end encrypted services be intercepted and, if so, under what circumstances? Bitdefender offers insight from a security perspective.

By definition, end-to-end encryption means nobody except the receiver can read the message passing through the communication channel. Not even companies who offer the service can read it. If WhatsApp doesn’t know your secrets, that means the FBI, GHCQ or other governmental agencies don’t either.

So, the more privacy-friendly technology is, the more anxious governments become.

CALEA, a US 1994 law, allowed authorities to wiretap communications companies to investigate crime suspects, and the FBI thinks it’s time to add rules for online services. Recently, news broke that the NSA is working to crack VPNs and the encryption protocols used by chat services such as Skype. In the aftermath of the Charlie Hebdo attacks in Paris, British Prime Minister David Cameron wants a ban on encryption of messages as part of an anti-terror law for the Internet.

The end of online privacy?

Besides violating Internet freedom, a crackdown on encryption eliminates any possibility of cyber security. A security downgrade to basic encryption is a neither safe, nor likely to succeed.

Companies that have chosen to implement end-to-end encryption have invested costly extra resources into the project. End-to-end encryption involves extra computation for both clients to negotiate keys and to actually do the encryption/decryption, which translates to slower response and lower battery performance on mobiles, among other issues.

Authorities suggest using backdoors in encrypted software to read communications between journalists, activists, dissidents and whistleblowers around the world, yet these could end up in the wrong hands and endanger users’ privacy and security.

Banning encryption altogether is almost impossible. Most messaging apps are not built in the UK, which means they’re out of the UK’s jurisdiction. In the absence of a global data privacy law, why would companies give up their security efforts? Services like WhatsApp, iMessage and Telegram would need to make major changes to their services to function in the UK according to the proposed legislation.

Ultimately, under pressure, some of the most popular digital products in the world could cease to offer their services to UK users. Seeing the complex web of commercial interests around us, it’s safe to say online chats remain private, for now.

About the author

Alexandra GHEORGHE

Alexandra started writing about IT at the dawn of the decade - when an iPad was an eye-injury patch, we were minus Google+ and we all had Jobs. She has since wielded her background in PR and marketing communications to translate binary code to colorful stories that have been known to wear out readers' mouse scrolls. Alexandra is also a social media enthusiast who 'likes' only what she likes and LOLs only when she laughs out loud.