(MainsGS3:Challenges to internal security through communication networks, role of media and social networking sites in internal security challenges, basics of cyber security; money-laundering and its prevention.)
Context:
- Recently many companies claimed that with end-to-end encryption, user data will be protected even in case data is breached in the cloud.
- However, investigative agencies said end-to-end encryption and user-only access hinder their ability to protect citizens from cyber-attacks, violence against children, and terrorism.
About end-to-end encryption:
- End-to-end encryption (E2EE) is a system of communication where only the communicating users can read the messages.
- End-to-end encryption ensures that user data is protected from unwarranted parties including service providers, cloud storage providers, and companies that handle encrypted data.
- In principle, it prevents potential eavesdroppers – including telecom providers, Internet providers, malicious actors, and even the provider of the communication service – from being able to access the cryptographic keys needed to decrypt the conversation.
- End-to-end encryption is intended to prevent data being read or secretly modified, other than by the true sender and recipient(s).
- The messages are encrypted by the sender but the third party does not have a means to decrypt them, and stores them encrypted.
- The recipients retrieve the encrypted data and decrypt it themselves.
- Because no third parties can decipher the data being communicated or stored, for example, companies that provide end-to-end encryption are unable to hand over texts of their customers' messages to the authorities.
Provider of secure data:
- Apple, on its blog, cited data breach research, “The Rising Threat to Consumer Data in the Cloud”, stating that the total number of data breaches more than tripled between 2013 and 2021.
- The focus on end-to-end encryption seems to stem from the company’s desire to position itself as a provider of secure data storage and transfer services.
- End-to-end encryption is also seen as a technology that secures users’ data from snooping by government agencies, making it a sought-after feature by activists, journalists, and political opponents.
Concerns of government agencies:
- The FBI in a statement expressed displeasure and said while it remains a strong advocate of encryption schemes that give “lawful access by design”, that would enable tech companies “served with a legal order” to decrypt data, it “continues to be deeply concerned with the threat end-to-end and user-only-access encryption pose”.
- Attempts by government agencies across the globe, in the past, to access encrypted data hosted and stored by tech companies have met with strong resistance.
- In 2019, the U. S., the U. K., and Australia planned to pressure Facebook to create a backdoor into its encrypted messaging apps. The aim was to allow governments to access the contents of private communications.
Conclusion:
While cryptographers and cybersecurity experts argue that attempts by law enforcement to weaken encryption with backdoors are ill-advised and could compromise the reliability of the internet, the move by tech companies to use end-to-end encryption to secure more user data seems to be getting stronger.