The Paris terrorist attacks fuelled governmentsâ€™ not-so-secret desire to enhance mass surveillance at the cost of peopleâ€™s privacy – by accessing private, encrypted communications sent via popular online services such as WhatsApp, Apple and Gmail. But can end-to-end encrypted services be intercepted and, if so, under what circumstances? Bitdefender offers insight from a security perspective.
By definition, end-to-end encryption means nobody except the receiver can read the message passing through the communication channel. Not even companies who offer the service can read it. If WhatsApp doesnâ€™t know your secrets, that means the FBI, GHCQ or other governmental agencies donâ€™t either.
So, the more privacy-friendly technology is, the more anxious governments become.
CALEA, a US 1994 law, allowed authorities to wiretap communications companies to investigate crime suspects, and the FBI thinks itâ€™s time to add rules for online services. Recently, news broke that the NSA is working to crack VPNs and the encryption protocols used by chat services such as Skype. In the aftermath of the Charlie Hebdo attacks in Paris, British Prime Minister David Cameron wants a ban on encryption of messages as part of an anti-terror law for the Internet.
The end of online privacy?
Besides violating Internet freedom, a crackdown on encryption eliminates any possibility of cyber security. A security downgrade to basic encryption is a neither safe, nor likely to succeed.
Companies that have chosen to implement end-to-end encryption have invested costly extra resources into the project. End-to-end encryption involves extra computation for both clients to negotiate keys and to actually do the encryption/decryption, which translates to slower response and lower battery performance on mobiles, among other issues.
Authorities suggest using backdoors in encrypted software to read communications between journalists, activists, dissidents and whistleblowers around the world, yet these could end up in the wrong hands and endanger usersâ€™ privacy and security.
Banning encryption altogether is almost impossible. Most messaging apps are not built in the UK, which means theyâ€™re out of the UKâ€™s jurisdiction. In the absence of a global data privacy law, why would companies give up their security efforts? Services like WhatsApp, iMessage and Telegram would need to make major changes to their services to function in the UK according to the proposed legislation.
Ultimately, under pressure, some of the most popular digital products in the world could cease to offer their services to UK users. Seeing the complex web of commercial interests around us, itâ€™s safe to say online chats remain private, for now.