With alarming regularity, the information security and privacy world has the same debate with governments around the world.
Every few years there is a push to implement back doors in encryption technology. Regardless of the government, the straw man argument is the same; back doors in encryption are the only thing that can keep everyone safe.
End-to-end Encryption
End-to-end encryption (E2E) is a technique that ensure that only the parties involved in a communication can access it’s contents.
Information about the communication is still visible to the network is travelled across. Things like source, destination, size, etc. are all required to actually get the message from one place to another.
So it’s possible to know that you and I communicated on Tuesday from 09:21 to 09:33 and that connection involved the transfer of 486 MB of information.
What did that communication entail? Only you and I can tell someone that.
Why Encrypt?
The next question asked by most people is, “Why would you want to encrypt your communications?”
I think the opposite question is more enlightening, “Why would you want any number of network providers and service providers to be able to see your communications any time they want?”
If communication is not encrypted, it’s trivial for someone in support to look at that information. Same goes for someone running one of the network providers.
Will they do that? We don’t have the hard data to properly scope this risk. But we do know that breaking encryption makes that interception trivial.
What’s The Harm?
The argument against encryption, or more specifically to include a backdoor in encryption schemes, is that governments and law enforcement should be able to monitor any communication.
In most countries, this is a capability already written into existing law for traditional technologies. However, those capabilities were granted well before the internet and haven’t been reexamined for today’s digital age.
To be clear, a backdoor that only the “good guys” can use is a fallacy. The experts agree.
A backdoor is an introduced weakness and any weakness can be exploited.
Open, transparent discussion is required to find a balanced path forward. Using the straw man of keeping you safe only sets up a conflict.
This discussion must seek to balance all concerns with data to support the highlighted risks.