display | more...

Encryption method allowing only the users involved to read secure or private messages

"Most particular, in the post-Snowden world, It’s about preventing the government from compelling platforms and service providers from spying on their users at the behest of the government."
American Enterprise Institute

End-to-encryption is best described as a system in which messages being exchanged between two users can only be read by those individuals. It differs from encryption in transit in that messages are not translated by a server in the middle.

"Traditional" encryption using a server as a go-between means that if Alice and Bob wish to exchange messages, they each negotiate an encryption key with the server. Alice therefore sends a message to the server using an "Alice-server" key, the server then re-encrypts the message with a "Bob-server" key before relaying it to Bob. This is relatively secure, but suffers the problem that the server (and anyone with access to it) can read the exchanges between the two parties. This means that Eve (an eavesdropping outside third-party) can in theory gain access to the content. If the server is compromised (either through hacking or a government-sponsored back-door mechanism), the communication is effectively open to the hacker or Three Letter Agency and anyone they choose to share it with.

In order to overcome this problem, end-to-end encryption uses a different mechanic, one in which Alice and Bob negotiate a key directly, and use that to send messages between them. Because these messages are encrypted with a key the server does not know, it simply forwards the encrypted message but cannot read it. This immediately gives privacy and security benefits to Alice and Bob, and Eve cannot read the messages in transit. Even if the server has to store the message before transmission to the recipient, it would not be a trivial problem to anyone with access to the server to read the plaintext.

This method is used by Signal Messenger, WhatsApp and Telegram among others, and by a few email providers like ProtonMail and Tutanota (although it has to be said that messages are only fully encrypted between users of each individual service).

So now only I can read my messages?

The short answer is a flat "No". For someone with access to a device you use to send or receive messages, it is possible to gain access to the application, and by applying rubber-hose cryptanalysis methods, can read messages. It is also possible (though non-trivial) to masquerade as or impersonate the user's device, though this is made more difficult by other security means.

For this reason, most applications use some sort of secure token generated on each device to allow each user to authenticate other users. (In Signal, for example, there is a "security number" that identifies each device. If I get a message that the security number has changed, I can assume that the device has been changed, and establish communication with that user to verify the number.)

Similarly, the application and the device it's used on must be secure. Were I to leave my phone unlocked in a public place with the application open, there would be nothing to stop someone either reading messages or impersonating me by sending messages. For this reason, most apps will have some sort of secure sign-in before messages can be send or retrieved from the store. Of course, this is the responsibility of each user. Some messengers allow for messages to be deleted at one of both ends, either manually or after a certain time. I had a conversation recently with a friend who used a secure messaging app to communicate with his "other woman", but didn't bother to set any such security. The consequences were not trivial.

If you keep your phone locked, with a lock on the application itself, you do reduce the attack surface. Switching the device off when not needed for extended periods also introduces another layer of security.

How much tinfoil hat?

This all depends on your threat model. For me, I just don't want people to be able to read my stuff. I'm not involved in crime, I'm not trying to overthrow the government, I just want my stuff to stay private. If you are truly intent on keeping people out of your stuff, start by disabling biometric methods of unlocking your phone and applications, carry a blank burner phone and keep looking over your shoulder.

For governments and intelligence services, this is a horse of a very different colour. Intent on keeping an eye on those who would threaten either their interests, or the interests of their populations, being able to read anyone's messages is an important issue. There have been many high-profile stories in the media over the years in which governments or TLAs have tried to convince tech business to introduce backdoors into encryption services. Some, like Australia, have tried to ban hard encryption and E2E encryption for this very reason. Sadly, in the same way you can't fight City Hall, neither can they convince the mathematics of modern encryption to give in to their demands.

In the US there is currently a move through the EARN IT Act to knobble encryption to deny protection to those trafficking child pornography. According to Wired magazine,

"A bipartisan pair of US senators today introduced long-rumored legislation known as the EARN IT Act. Meant to combat child sexual exploitation online, the bill threatens to erode established protections against holding tech companies responsible for what people do and say on their platforms. It also poses the most serious threat in years to strong end-to-end encryption."

The Five Eyes have similarly taken up arms against strong encryption. According to a bulletin from the US Department of Justice,

"In July 2019, the governments of the United Kingdom, United States, Australia, New Zealand and Canada issued a communique, concluding that: “tech companies should include mechanisms in the design of their encrypted products and services whereby governments, acting with appropriate legal authority, can gain access to data in a readable and usable format."
Whilst combatting the spread of child porn, terrorist plans and organised crime is a Good Thing, as an advocate of the right to privacy, I do object. It will be interesting to see what would happen were this to become law and governments tried to strong-arm tech security business to reduce the power of encryption. It's too complicated to try to legislate, and I'll happily make popcorn and watch from the ringside. I'll stay more worried about the Palantir and Pegasus spyware.

YouTube Computerphile video on E2EE