• Home
  • About RSIS
    • Introduction
    • Building the Foundations
    • Welcome Message
    • Board of Governors
    • Staff Profiles
      • Executive Deputy Chairman’s Office
      • Dean’s Office
      • Management
      • Distinguished Fellows
      • Faculty and Research
      • Associate Research Fellows, Senior Analysts and Research Analysts
      • Visiting Fellows
      • Adjunct Fellows
      • Administrative Staff
    • Honours and Awards for RSIS Staff and Students
    • RSIS Endowment Fund
    • Endowed Professorships
    • Career Opportunities
    • Getting to RSIS
  • Research
    • Research Centres
      • Centre for Multilateralism Studies (CMS)
      • Centre for Non-Traditional Security Studies (NTS Centre)
      • Centre of Excellence for National Security (CENS)
      • Institute of Defence and Strategic Studies (IDSS)
      • International Centre for Political Violence and Terrorism Research (ICPVTR)
    • Research Programmes
      • National Security Studies Programme (NSSP)
      • Studies in Inter-Religious Relations in Plural Societies (SRP) Programme
    • Future Issues and Technology Cluster
    • [email protected] Newsletter
    • Other Research
      • Science and Technology Studies Programme (STSP) (2017-2020)
  • Graduate Education
    • Graduate Programmes Office
    • Overview
    • MSc (Asian Studies)
    • MSc (International Political Economy)
    • MSc (International Relations)
    • MSc (Strategic Studies)
    • NTU-Warwick Double Masters Programme
    • PhD Programme
    • Exchange Partners and Programmes
    • How to Apply
    • Financial Assistance
    • Meet the Admissions Team: Information Sessions and other events
    • RSIS Alumni
  • Alumni & Networks
    • Alumni
    • Asia-Pacific Programme for Senior Military Officers (APPSMO)
    • Asia-Pacific Programme for Senior National Security Officers (APPSNO)
    • International Strategy Forum-Asia (ISF-Asia)
    • SRP Executive Programme
    • Terrorism Analyst Training Course (TATC)
  • Publications
    • RSIS Publications
      • Annual Reviews
      • Books
      • Bulletins and Newsletters
      • Commentaries
      • Counter Terrorist Trends and Analyses
      • Commemorative / Event Reports
      • IDSS Paper
      • Interreligious Relations
      • Monographs
      • NTS Insight
      • Policy Reports
      • Working Papers
      • RSIS Publications for the Year
    • Glossary of Abbreviations
    • External Publications
      • Authored Books
      • Journal Articles
      • Edited Books
      • Chapters in Edited Books
      • Policy Reports
      • Working Papers
      • Op-Eds
      • External Publications for the Year
    • Policy-relevant Articles Given RSIS Award
  • Media
    • Great Powers
    • Sustainable Security
    • Other Resource Pages
    • Media Highlights
    • News Releases
    • Speeches
    • Vidcast Channel
    • Audio/Video Forums
  • Events
  • Giving
  • Contact Us
Facebook
Twitter
YouTube
RSISVideoCast RSISVideoCast rsis.sg
Linkedin
instagram instagram rsis.sg
RSS
  • Home
  • About RSIS
      • Introduction
      • Building the Foundations
      • Welcome Message
      • Board of Governors
      • Staff Profiles
        • Executive Deputy Chairman’s Office
        • Dean’s Office
        • Management
        • Distinguished Fellows
        • Faculty and Research
        • Associate Research Fellows, Senior Analysts and Research Analysts
        • Visiting Fellows
        • Adjunct Fellows
        • Administrative Staff
      • Honours and Awards for RSIS Staff and Students
      • RSIS Endowment Fund
      • Endowed Professorships
      • Career Opportunities
      • Getting to RSIS
  • Research
      • Research Centres
        • Centre for Multilateralism Studies (CMS)
        • Centre for Non-Traditional Security Studies (NTS Centre)
        • Centre of Excellence for National Security (CENS)
        • Institute of Defence and Strategic Studies (IDSS)
        • International Centre for Political Violence and Terrorism Research (ICPVTR)
      • Research Programmes
        • National Security Studies Programme (NSSP)
        • Studies in Inter-Religious Relations in Plural Societies (SRP) Programme
      • Future Issues and Technology Cluster
      • [email protected] Newsletter
      • Other Research
        • Science and Technology Studies Programme (STSP) (2017-2020)
  • Graduate Education
      • Graduate Programmes Office
      • Overview
      • MSc (Asian Studies)
      • MSc (International Political Economy)
      • MSc (International Relations)
      • MSc (Strategic Studies)
      • NTU-Warwick Double Masters Programme
      • PhD Programme
      • Exchange Partners and Programmes
      • How to Apply
      • Financial Assistance
      • Meet the Admissions Team: Information Sessions and other events
      • RSIS Alumni
  • Alumni & Networks
      • Alumni
      • Asia-Pacific Programme for Senior Military Officers (APPSMO)
      • Asia-Pacific Programme for Senior National Security Officers (APPSNO)
      • International Strategy Forum-Asia (ISF-Asia)
      • SRP Executive Programme
      • Terrorism Analyst Training Course (TATC)
  • Publications
      • RSIS Publications
        • Annual Reviews
        • Books
        • Bulletins and Newsletters
        • Commentaries
        • Counter Terrorist Trends and Analyses
        • Commemorative / Event Reports
        • IDSS Paper
        • Interreligious Relations
        • Monographs
        • NTS Insight
        • Policy Reports
        • Working Papers
        • RSIS Publications for the Year
      • Glossary of Abbreviations
      • External Publications
        • Authored Books
        • Journal Articles
        • Edited Books
        • Chapters in Edited Books
        • Policy Reports
        • Working Papers
        • Op-Eds
        • External Publications for the Year
      • Policy-relevant Articles Given RSIS Award
  • Media
      • Great Powers
      • Sustainable Security
      • Other Resource Pages
      • Media Highlights
      • News Releases
      • Speeches
      • Vidcast Channel
      • Audio/Video Forums
  • Events
  • Giving
  • Contact Us
  • instagram instagram rsis.sg
Connect

Getting to RSIS

Map

Address

Nanyang Technological University
Block S4, Level B3,
50 Nanyang Avenue,
Singapore 639798

View location on Google maps Click here for directions to RSIS

Get in Touch

    Connect with Us

      rsis.ntu
      rsis_ntu
      rsisntu
    RSISVideoCast RSISVideoCast rsisvideocast
      school/rsis-ntu
    instagram instagram rsis.sg
      RSS
    Subscribe to RSIS Publications
    Subscribe to RSIS Events

    RSIS Intranet

    S. Rajaratnam School of International Studies Think Tank and Graduate School Ponder The Improbable Since 1966
    Nanyang Technological University Nanyang Technological University

    Skip to content

     
    • RSIS
    • Publication
    • RSIS Publications
    • CO16119 | Rebalancing Encrypted Messaging Apps
    • Annual Reviews
    • Books
    • Bulletins and Newsletters
    • Commentaries
    • Counter Terrorist Trends and Analyses
    • Commemorative / Event Reports
    • IDSS Paper
    • Interreligious Relations
    • Monographs
    • NTS Insight
    • Policy Reports
    • Working Papers
    • RSIS Publications for the Year

    CO16119 | Rebalancing Encrypted Messaging Apps
    Tan Teck Boon

    19 May 2016

    download pdf
    RSIS Commentary is a platform to provide timely and, where appropriate, policy-relevant commentary and analysis of topical and contemporary issues. The authors’ views are their own and do not represent the official position of the S. Rajaratnam School of International Studies (RSIS), NTU. These commentaries may be reproduced with prior permission from RSIS and due credit to the author(s) and RSIS. Please email to Editor RSIS Commentary at [email protected].

    Synopsis

    End-to-end encryption has made instant messages more secure. But the technology has also made it more difficult for authorities to fight terrorism and crime. Reverting to the previous encryption technology rebalances security requirements with privacy concerns.

    Commentary

    THE RECENT decision by Brazilian authorities to ban WhatsApp – an instant messaging app used by millions of people worldwide – is emblematic of the kind of push around the world to rein in commercial messaging apps featuring state-of-the-art encryption.

    In the case of WhatsApp, every message sent is encrypted with a unique “key” — typically, a very large number — ensuring that only the person(s) holding the specific key can unscramble the message. Even if a message were intercepted during transmission, it would be unreadable without the key. Besides WhatsApp, iMessage, Line, Signal and Telegram are some examples of commercial messaging apps featuring this technology.

    To be precise, this form of encryption is called end-to-end encryption (or E2EE, for short). In earlier versions of the technology, the app developer retained the keys, thus making it possible for the developer to unscramble users’ encrypted messages under court orders. But with E2EE, the keys are kept in the users’ computer or mobile device and as a result, app developers are no longer able to hand over users’ encrypted messages even if ordered to. The only way authorities can gain access to users’ unscrambled messages in this case is to get physical access to their devices.

    Upsetting Balance between Privacy and Security

    History-wise, developers began seeing the need for more secure communications after a series of embarrassing photo leaks in 2014 involving quite a few female celebrities. But to be sure, monetary reward was also a big driver behind the development of encrypted messaging apps since the company that develops the app with the strongest encryption will invariably corner the lion’s share of this incredibly lucrative market. The advent of encrypted messaging apps would not have been a problem except that as instant messages became more secure, criminals and militants have also caught on to their usefulness — paradoxically exploiting for their own benefit the very justification that underpinned these apps in the first place.

    Indeed, Islamic State (IS) militants are known to take advantage of these apps for secure communication as well as to reach out to potential recruits around the world. As a case in point, Malaysian authorities arrested three of its own citizens earlier this year who were thought to have been recruited by IS through Telegram. IS operatives also claimed responsibility for the recent Jakarta attack using the same messaging app.

    But terrorists are not the only ones exploiting encrypted messaging apps; cyber-criminals, organised crime, drug dealers and even child predators use them to mask their illegal activities. Besides making it more difficult to monitor suspects, encrypted messaging apps have also made it harder for law-enforcement agencies to collect evidence against them. If anything, the situation now is akin to the police not being able to enter a house to collect evidence even with court authorisation.

    Because encrypted messaging apps have made it significantly more challenging for authorities to disrupt terrorist plots and fight crime, the vital balance between privacy and security has arguably shifted in favour of the former.

    Old Way Still the Best Way

    One way to restore the current imbalance is to introduce so-called backdoors or hidden flaws into the apps so that authorities might gain access to the plaintext (unencrypted) messages of suspects. The backdoors could be introduced into either the hardware or software granting the authorities unlimited access. But even this strategy is imperfect. Apart from potential abuses, this approach can be downright dangerous since cyber-criminals and hostile foreign governments can exploit these built-in flaws just as well. Once a flaw is intentionally introduced into the system, it is only fair to assume that someone out there would find a way to exploit it for malicious reasons.

    Technological advancement occurs at such a brisk pace that it sometimes blinds us to the fact that earlier inventions already held the solution to an existing problem. Indeed, by reverting to the previous encryption technology (in which the keys are retained by the app developer), the authorities can again monitor encrypted instant messages if needed. As in the past, app developer will act as a check against illegal government surveillance by scrutinising requests from the authorities for plaintext messages. The most obvious advantage is that authorities will right away regain the ability to monitor suspected militants’ encrypted messages.

    But what is less obvious is that reverting to the previous encryption technology will also serve to push them offline. In the same way Osama bin Laden promptly stopped using his Inmarsat satellite phone when the Al Qaeda leader learnt that it was being monitored by US intelligence, the idea here will likewise push militants offline once they realise that the digital realm is no longer a safe haven from which to promote violence.

    Unlike backdoors, reverting to the previous encryption technology will not lead to a spike in cyber-attacks because the previous encryption technology is sufficiently robust against the majority of cyber criminals. We know this because the authorities had to turn to the app developers for help and if they could not break into the previous encryption technology, then chances are run-of-the-mill hackers would not be able to either. Not all developers are expected to cooperate even though their apps now arguably threaten public safety and interest. But even if some were to, it will reduce the multitude of encrypted messaging apps at the moment and allow authorities to then concentrate their cryptanalytic effort on those that remain unbreakable.

    Trump Card: Changing Attitudes toward Privacy

    Reverting to the previous encryption technology will entail some risks to privacy. But it is still far superior and more realistic compared to introducing backdoors into every mobile device, computer and encrypted instant messaging software out there.

    More importantly, our readiness today to share much personal information online in exchange for greater convenience and accessibility is indicative of our changing attitude towards the notion of absolute privacy. If anything, the popularity of cloud storage and social media websites these days really speaks to this shift in mindset. And as militants and criminals of all stripes continue to exploit encrypted messaging apps, reverting to the previous encryption technology will restore the delicate balance between privacy and security.

    About the Author

    Tan Teck Boon is a Research Fellow with the National Security Studies Programme in the Office of the Executive Deputy Chairman, S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University, Singapore. An earlier version appeared in Today.

    Categories: Commentaries / Country and Region Studies / Non-Traditional Security / Global

    Last updated on 21/03/2018

    RSIS Commentary is a platform to provide timely and, where appropriate, policy-relevant commentary and analysis of topical and contemporary issues. The authors’ views are their own and do not represent the official position of the S. Rajaratnam School of International Studies (RSIS), NTU. These commentaries may be reproduced with prior permission from RSIS and due credit to the author(s) and RSIS. Please email to Editor RSIS Commentary at [email protected].

    Synopsis

    End-to-end encryption has made instant messages more secure. But the technology has also made it more difficult for authorities to fight terrorism and crime. Reverting to the previous encryption technology rebalances security requirements with privacy concerns.

    Commentary

    THE RECENT decision by Brazilian authorities to ban WhatsApp – an instant messaging app used by millions of people worldwide – is emblematic of the kind of push around the world to rein in commercial messaging apps featuring state-of-the-art encryption.

    In the case of WhatsApp, every message sent is encrypted with a unique “key” — typically, a very large number — ensuring that only the person(s) holding the specific key can unscramble the message. Even if a message were intercepted during transmission, it would be unreadable without the key. Besides WhatsApp, iMessage, Line, Signal and Telegram are some examples of commercial messaging apps featuring this technology.

    To be precise, this form of encryption is called end-to-end encryption (or E2EE, for short). In earlier versions of the technology, the app developer retained the keys, thus making it possible for the developer to unscramble users’ encrypted messages under court orders. But with E2EE, the keys are kept in the users’ computer or mobile device and as a result, app developers are no longer able to hand over users’ encrypted messages even if ordered to. The only way authorities can gain access to users’ unscrambled messages in this case is to get physical access to their devices.

    Upsetting Balance between Privacy and Security

    History-wise, developers began seeing the need for more secure communications after a series of embarrassing photo leaks in 2014 involving quite a few female celebrities. But to be sure, monetary reward was also a big driver behind the development of encrypted messaging apps since the company that develops the app with the strongest encryption will invariably corner the lion’s share of this incredibly lucrative market. The advent of encrypted messaging apps would not have been a problem except that as instant messages became more secure, criminals and militants have also caught on to their usefulness — paradoxically exploiting for their own benefit the very justification that underpinned these apps in the first place.

    Indeed, Islamic State (IS) militants are known to take advantage of these apps for secure communication as well as to reach out to potential recruits around the world. As a case in point, Malaysian authorities arrested three of its own citizens earlier this year who were thought to have been recruited by IS through Telegram. IS operatives also claimed responsibility for the recent Jakarta attack using the same messaging app.

    But terrorists are not the only ones exploiting encrypted messaging apps; cyber-criminals, organised crime, drug dealers and even child predators use them to mask their illegal activities. Besides making it more difficult to monitor suspects, encrypted messaging apps have also made it harder for law-enforcement agencies to collect evidence against them. If anything, the situation now is akin to the police not being able to enter a house to collect evidence even with court authorisation.

    Because encrypted messaging apps have made it significantly more challenging for authorities to disrupt terrorist plots and fight crime, the vital balance between privacy and security has arguably shifted in favour of the former.

    Old Way Still the Best Way

    One way to restore the current imbalance is to introduce so-called backdoors or hidden flaws into the apps so that authorities might gain access to the plaintext (unencrypted) messages of suspects. The backdoors could be introduced into either the hardware or software granting the authorities unlimited access. But even this strategy is imperfect. Apart from potential abuses, this approach can be downright dangerous since cyber-criminals and hostile foreign governments can exploit these built-in flaws just as well. Once a flaw is intentionally introduced into the system, it is only fair to assume that someone out there would find a way to exploit it for malicious reasons.

    Technological advancement occurs at such a brisk pace that it sometimes blinds us to the fact that earlier inventions already held the solution to an existing problem. Indeed, by reverting to the previous encryption technology (in which the keys are retained by the app developer), the authorities can again monitor encrypted instant messages if needed. As in the past, app developer will act as a check against illegal government surveillance by scrutinising requests from the authorities for plaintext messages. The most obvious advantage is that authorities will right away regain the ability to monitor suspected militants’ encrypted messages.

    But what is less obvious is that reverting to the previous encryption technology will also serve to push them offline. In the same way Osama bin Laden promptly stopped using his Inmarsat satellite phone when the Al Qaeda leader learnt that it was being monitored by US intelligence, the idea here will likewise push militants offline once they realise that the digital realm is no longer a safe haven from which to promote violence.

    Unlike backdoors, reverting to the previous encryption technology will not lead to a spike in cyber-attacks because the previous encryption technology is sufficiently robust against the majority of cyber criminals. We know this because the authorities had to turn to the app developers for help and if they could not break into the previous encryption technology, then chances are run-of-the-mill hackers would not be able to either. Not all developers are expected to cooperate even though their apps now arguably threaten public safety and interest. But even if some were to, it will reduce the multitude of encrypted messaging apps at the moment and allow authorities to then concentrate their cryptanalytic effort on those that remain unbreakable.

    Trump Card: Changing Attitudes toward Privacy

    Reverting to the previous encryption technology will entail some risks to privacy. But it is still far superior and more realistic compared to introducing backdoors into every mobile device, computer and encrypted instant messaging software out there.

    More importantly, our readiness today to share much personal information online in exchange for greater convenience and accessibility is indicative of our changing attitude towards the notion of absolute privacy. If anything, the popularity of cloud storage and social media websites these days really speaks to this shift in mindset. And as militants and criminals of all stripes continue to exploit encrypted messaging apps, reverting to the previous encryption technology will restore the delicate balance between privacy and security.

    About the Author

    Tan Teck Boon is a Research Fellow with the National Security Studies Programme in the Office of the Executive Deputy Chairman, S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University, Singapore. An earlier version appeared in Today.

    Categories: Commentaries / Country and Region Studies / Non-Traditional Security

    Last updated on 21/03/2018

    Back to top

    Terms of Use | Privacy Statement
    Copyright © S. Rajaratnam School of International Studies. All rights reserved.
    This site uses cookies to offer you a better browsing experience. By continuing, you are agreeing to the use of cookies on your device as described in our privacy policy. Learn more
    OK
    Latest Book
    CO16119 | Rebalancing Encrypted Messaging Apps

    Synopsis

    End-to-end encryption has made instant messages more secure. But the technology has also made it more difficult for authorities to fight terrorism and ...
    more info