Editor's note: The IAPP is policy neutral. We publish contributed opinion pieces to enable our members to hear a broad spectrum of views in our domains.
There is growing tension between government authorities and the technology sector. Governments are seeking to exert greater control over an industry perceived as unbridled, rolling out innovations without due consideration for their societal impact, while technology advocates argue increased oversight would undermine the technical foundations upon which their transformative innovations are built.
This conflict mirrors the ongoing debate regarding the end-to-end encryption technology employed by communication or messaging apps. Governments desire some form of legal access to communications, but technologists argue this would compromise encryption's integrity and set a dangerous precedent.
While E2E encryption may not be a universal solution, the apparent reluctance of businesses to collaborate, find common ground and develop alternative approaches is particularly troubling. This lack of cooperation undermines government confidence in online operations and, ultimately, poses challenges to public safety.
Instead of resisting and anticipating inevitable legal intervention, businesses should prioritize user education. Explaining alternative methods for securing services without E2E encryption and demonstrably enhancing service infrastructure security is a significant step forward. Although the cost and time required to implement such changes are undeniable, delaying action in the hope of a future where E2E encryption becomes more "manageable" could ultimately lead to far greater consequences — the compromise of citizens' safety.
E2E encryption is unquestionably a significant security enhancement and has become so engrained in technology offerings that it is increasingly challenging to find alternatives that do not provide it. Public awareness of privacy rights has risen so substantially that a communication service lacking E2E encryption would likely struggle to find a market.
While E2E encryption offers robust security benefits for users by ensuring only the sender and recipient can access the message content, this inherent characteristic also poses a persistent challenge for law enforcement in their efforts to identify and prevent serious acts of terrorism and cybercrime, as well as threats to child safety.
It could be argued security should take precedence over privacy. However, it is important to proceed with caution. Privacy is a fundamental human right that must be respected. Yet it is not absolute, and this raises the questions: Is it prudent to extend such a high level of privacy to everyone? Are there any viable alternatives? What options are available to law enforcement agencies in the face of such measures? Should a certain class of users be offered a lower level of privacy for the benefit of the safety of other users or national security? How can users be shielded from potential abuses by governments and/or businesses?
To achieve a harmonious equilibrium between security and privacy, one potential concept is to restrict the use of E2E encryption exclusively to verified accounts on any communication or messaging platform.
The verification process could resemble the "know your customer" checks employed by banks, in which new customers are required to submit identification documents for verification. A similar system, or something analogous, could potentially be applied to private messaging services as well.
Consider this scenario. Bob registers for a service that provides E2E encrypted messaging. He can start using the service immediately, but E2E encryption is disabled by default. To activate E2E encryption, Bob must verify his identity through a government-approved procedure. To safeguard the security of his messages, Bob decides to complete the verification.
Communication between verified and unverified accounts functions differently. If Bob communicates with Alice, who has not completed the verification process, their messages would be in plain text, protected only by the platform's security measures. This would not affect their day-to-day conversations.
Over time, Bob might persuade Alice, or perhaps Alice decides independently, to verify her account to enable E2E encrypted communication. Once Alice verifies, E2E encryption is also activated for her. This would allow Bob and Alice to communicate securely with the best security feature the technology has to offer. This process would need to be repeated for each new platform Bob and Alice sign up for.
While identity verification offers advantages, it is not without its complexities. To address user privacy and choice, the system should permit users to withdraw their verification requests or statuses. This provision would be necessary to enable users to revert to unverified accounts without E2E encryption at their discretion.
Importantly, businesses would be prohibited from retaining copies of identification documents or numbers at any stage of the verification process, irrespective of whether the verification is approved or rejected. Striking a balance between retention and deletion could prove challenging in the face of legal disputes.
Moreover, any requirement for periodic reverification, if mandated, would only add to the burden on businesses as well as users. An entire life-cycle procedure would need to be established around this service, along with a grievance redressal mechanism to handle any user complaints.
So, does the proposed government oversight weaken E2E encryption? In short, no. Suggestions around installing backdoors must be strongly resisted. As an Electronic Frontier Foundation article rightly points out, good intentions do not guarantee only the "good guys" will have access to these backdoors.
However, a more nuanced answer is that the oversight discourages its use. It serves as a deterrent for individuals with malicious intent. Deterrents don't always work but they significantly help in preventing up-and-coming malicious individuals from freely misusing the technology.
However, this discouragement is complex because, for the average person, enabling E2E encryption might not be a primary concern if they can still access all the service's features.
However, for a certain segment of the community, the loss of E2E encryption could have a significant impact on their privacy, potentially affecting both their personal and professional lives. In due course, it may be determined that individuals convicted of serious offences are not granted access by default.
While a government-regulated approach to E2E encryption offers a degree of oversight, it presents some significant drawbacks like bureaucracy and loss of trust. Government systems do not always work as a well-oiled machine, and therefore, this oversight could create a sluggish and expensive system.
Securing approvals and managing oversight would hinder the fast-paced nature of the internet. New platforms might struggle to compete with established ones due to slow user acquisition, as potential users opt for familiar, readily available options. For businesses, registering and obtaining permissions would create unnecessary bureaucracy, stretching resources and creating bottlenecks.
Trust issues are another important factor in such an implementation. The government's power to revoke or deny E2E encryption access would create a climate of distrust. Users might perceive their privacy to be at risk. This could lead to a surge in lawsuits, further straining the legal system. Unforeseen issues could arise due to user behavior, government overreach or misuse of power. Automation can help mitigate distrust, but it will never fully eliminate it.
As we delve deeper into these issues, it is important to acknowledge that these drawbacks are not insurmountable and could potentially be mitigated over time through better use of technology. This is where extensive public awareness campaigns and robust policy implementation will be crucial in bringing transparency into the system.
Rethinking encryption for a safer world
The history of encryption stretches back millennia. Egyptians used coded hieroglyphs around 1900 BC, and similar techniques were employed by Greeks and Romans for wartime communication. These early endeavors paved the way for more complex encryption methods.
The 20th century witnessed the revolutionary invention of public-key cryptography, a cornerstone of modern encryption. This allowed for secure communication without pre-shared secrets.
The purpose of encryption has always been to shield communication. As technology advanced, so did threats, driving broader adoption of encryption. However, concerns about crime and government surveillance emerged. Whistleblowers highlighted the importance of encryption for privacy and transparency, leading to its widespread implementation.
While encryption offers undeniable benefits in our complex world, relying on it solely as a single solution for privacy might be flawed. While privacy is a right, unrestricted encryption itself may not be. Widespread use is not a necessity for everyday communication.
The case against default encryption
If service providers can ensure secure infrastructure and user-device, or client-side, security, is default encryption truly necessary?
For normal communication via apps, encryption may not always be crucial. It offers little to no benefit to the user experience or functionality, and even places a burden on businesses' infrastructure with processing overhead.
Network encryption
Data transmission should undoubtedly be encrypted. Network encryption has become a critical tool for protecting sensitive information and its widespread adoption in recent years reflects this growing awareness.
By encrypting data in transit, businesses can reduce the risk of unauthorized access to user information during transmission. However, it is not necessary to encrypt the actual content of the communication itself. Network and transport-layer security mechanisms should be relied upon in general population messaging scenarios.
This approach would enable businesses to comply with legitimate requests from the government for data during investigations or for national security concerns. As such, network encryption offers a balanced approach.
Through careful consideration and collaboration, governments and businesses could limit E2E encryption to specific scenarios. This would allow for targeted monitoring when necessary and help protect society as a whole.
Alternatives to widespread encryption
For highly sensitive communications, most services already offer — or could easily implement — self-destructing messages. These eliminate the need for widespread encryption in everyday communication and could be a good alternative for privacy-conscious users.
However, businesses would need to improve data-deletion policies on their servers. While this might not protect against real-time surveillance or attacks, historical data could be wiped clean, preserving nonsensitive messages.
A case for unverified users
Even unverified users deserve some protection, especially from amateur/hobbyist hackers.
Older encryption methods, though not the strongest, could provide a basic defense against casual snooping. These methods might be less effective against sophisticated attacks, but they would provide a baseline defense for unverified users.
Legal safeguards
Existing legal frameworks already criminalize unauthorized communication interception. While robust encryption is valuable, it should not be the only solution, nor should its absence invite eavesdropping. Secure infrastructure and strong legal safeguards are crucial.
With valid warrants, law enforcement should be able to access communication data. Privacy concerns must not hinder legitimate investigations. Upholding the law is paramount. As history shows, widely available tools can be misused.
Thus, encryption should be a responsibly used technology rather than an exclusive privilege.
Individual responsibility
Individuals must keep their government records accurate and up to date.
While it may be deceptively easy to forge documents, verifying their authenticity against a government database should not be a seamless process.
It is equally important for users to know their platform's reporting guidelines and actively flag potential fraud. Being cyber-aware is crucial in today's digital landscape.
Coexistence
Problems abound, but by working together and taking individual steps, we can all be part of the solution. In the same way different seasons are essential for a thriving planet, secure encrypted communication and plain-text communication can coexist harmoniously.
This balanced approach would safeguard law-abiding citizens while also fostering a healthy online environment.
Abhishek Kushwaha is a cybersecurity consultant at Eli Lilly Services India. The views expressed in this article are his own.
