23 May 2016
End-to-end encryption has made instant messages more secure. But the technology has also made it more difficult for authorities to fight terrorism and crime. Reverting to the previous encryption technology rebalances security requirements with privacy concerns.
The recent decision by Brazilian authorities to ban WhatsApp – an instant messaging app used by millions of people worldwide – is emblematic of the kind of push around the world to rein in commercial messaging apps featuring state-of-the-art encryption.
In the case of WhatsApp, every message sent is encrypted with a unique “key” — typically, a very large number — ensuring that only the person(s) holding the specific key can unscramble the message. Even if a message were intercepted during transmission, it would be unreadable without the key. Besides WhatsApp, iMessage, Line, Signal and Telegram are some examples of commercial messaging apps featuring this technology.
To be precise, this form of encryption is called end-to-end encryption (or E2EE, for short). In earlier versions of the technology, the app developer retained the keys, thus making it possible for the developer to unscramble users’ encrypted messages under court orders. But with E2EE, the keys are kept in the users’ computer or mobile device and as a result, app developers are no longer able to hand over users’ encrypted messages even if ordered to. The only way authorities can gain access to users’ unscrambled messages in this case is to get physical access to their devices.
… Tan Teck Boon is a Research Fellow with the National Security Studies Programme in the Office of the Executive Deputy Chairman, S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University, Singapore. An earlier version appeared in Today.
NSSP / Online
Last updated on 24/05/2016