End-to-end encryption (E2EE) ensures that only the sender and recipient can read the content of a message, keeping it protected from everyone else, including service providers and potential intruders.
This level of privacy is crucial not just for individual security, but for the broader fabric of a free and democratic society. It empowers individuals to express themselves freely without fear of surveillance or reprisal. It safeguards activists and journalists, providing them a shield against authoritarian attempts to silence or punish them for their political views.
However, it is important to acknowledge that E2EE can also be exploited by criminal organizations to conceal their activities. This poses a significant challenge for law enforcement agencies tasked with maintaining public safety while respecting privacy rights.
In a democratic society, there's a delicate balance between two essential needs: the need for security engineering to safeguard democratic freedoms and the need for law enforcement to actively prosecute criminal activities.
The recent landmark ruling by the European Court of Human Rights (ECHR) in the "Podchasov v. Russia" case has rekindled the debate over encryption backdoors. This case underscored the tension between privacy rights and state surveillance needs, ruling against the forced implementation of encryption backdoors.
Despite the clear privacy benefits of E2EE, EU authorities are pressing forward with plans to address the challenges posed by encrypted communications with the so-called "Chat Control" proposal. This approach raises concerns about their commitment to upholding landmark rulings by the ECHR. It appears that EU officials might regard these rulings as pertinent only in cases involving other nations, like Russia, rather than applying the same standards to their own policies.
This inconsistency suggests a troubling double standard where the privacy rights upheld in ECHR decisions are acknowledged selectively, potentially undermining the principles of privacy and freedom within the EU itself.
This is a dangerous development.
A recently published scoping paper by the High-Level Expert Group on access to data for effective law enforcement underscores the increasing desire among EU officials to weaken E2EE. Their clear intention is to find ways to counter the so-called "going dark" problem, where robust encryption prevents law enforcement from accessing digital communications.
The Belgian Federal Police has taken a particularly assertive stance. In a presentation they outlined a proposal for real-time access to communications involving Over-the-Top (OTT) platforms which would be legally compelled to allow government agencies to intercept communications.
The Belgian approach suggests that rather than investing in costly and potentially unreliable hacking tools, it would be more efficient to mandate OTT platforms to offer a built-in interception capability. This approach, they argue, would avoid the pitfalls associated with state-developed malware (often referred to as "legal interception tools" rather than "hacking tools" to avoid negative connotations).
Yet, this concept faces a significant hurdle: service providers themselves do not have access to the encrypted content under E2EE. Messages are encrypted on the sender's device and only decrypted on the recipient's device, leaving the provider with no means to access the plain text. Consequently, authorities would need some form of "master key" to decrypt communications, effectively dismantling E2EE.
The EU's Technical Committee Cyber of the Telecommunications Standards Institute (ETSI) is actively exploring methods to bypass this encryption. One proposed solution involves the creation of a "trusted authenticated party" that would hold a universal decryption key. This entity could theoretically decrypt any communication, circumventing the secure design of E2EE.
I would like to underscore several major concerns with this approach:
-
Security Vulnerabilities: Implementing backdoors or master keys to bypass E2EE introduces significant security risks. These vulnerabilities can be exploited not only by law enforcement but also by malicious actors, including blackhat hackers, foreign governments and criminal organizations. For instance, former Estonian President Toomas Hendrik Ilves has cautioned that such a universal key could easily be co-opted by authoritarian regimes. As he puts it: "If you dismantle encryption, you give Putin the key to the kingdom."
-
Erosion of Trust in Technology: Compromising encryption undermines public confidence in digital services and platforms. Users depend on the assurance of secure communication for personal, business and governmental purposes. Breaching this trust can significantly decrease the adoption and usage of these technologies, as people may fear their data is no longer safe.
-
Authotarian abuse: Weakening encryption sets a dangerous precedent that can be exploited by authoritarian regimes to justify surveillance and suppress dissent. It is hypocritical to criticize countries like Russia for mass surveillance while implementing similar measures domestically. These mechanisms can lead to significant abuses of power. In a democratic society, systems should be designed to prevent such abuses, recognizing that the nature of power often breeds the desire for more power. Ensuring robust encryption is crucial in safeguarding against these tendencies and protecting civil liberties from overreach by those in authority.
-
Ineffectiveness: Introducing backdoors is not only technically challenging but often counterproductive. Criminals can easily switch to alternative encryption tools that do not comply with weakened standards, rendering the effort ineffective. This means that the primary targets are likely to evade detection by adopting more secure or obscure communication methods. Meanwhile, law-abiding citizens are disproportionately affected, as their secure communications become more vulnerable. Essentially, these measures end up weakening security for the general public without effectively addressing the criminal use of encryption.
-
Innovation Stifling: Mandating weakened encryption could limit innovation in the tech sector. Developers and companies might be discouraged from creating new security technologies, knowing that they could be forced to incorporate vulnerabilities, which limits technological advancement.
-
Global Implications: Weakening encryption in one region can have far-reaching global consequences. Such measures can trigger a cascade of security risks, compromising internal communications and potentially exposing global infrastructure to cyber threats. As highlighted by inside-it these risks extend beyond the EU, impacting countries like Switzerland, which, despite not being an EU member, could still suffer from compromised communications. They could face the challenge of implementing special measures to secure communications to the EU on less protected channels.
Don’t get me wrong - the points discussed highlight the implications of weakening E2EE. This perspective does not oppose efforts to combat crimes like terrorism, cybercrime, child abuse or threats against national security, which often involve the digital space. On the contrary, significant efforts should be made to address these issues.
However, I believe that weakening protective encryption mechanisms is not the right approach. Instead, we should support alternative solutions that uphold strong encryption while effectively addressing criminal activities.
The right to privacy is a fundamental distinction between free democratic societies and authoritarian regimes.
While it is essential to investigate and combat criminal activities, weakening privacy on a mass scale could lead us down a perilous path.
Upholding privacy rights, even amidst these challenges, is crucial because freedom has never come without a cost. We must strive to protect privacy while finding ways to ensure security.
I advocate for a multifaceted approach to crime fighting that emphasizes collaboration, technological innovation and targeted strategies while maintaining a firm commitment to privacy and civil liberties. This stance aligns with the ECHR's decision in the "Podchasov vs. Russia" case, which endorsed alternative solutions that do not undermine encryption.
These alternatives include traditional policing methods, undercover operations, and metadata analysis (following ECHR). To outline potential alternatives:
-
Targeted Surveillance: Implementing strict creteria and juridicial oversight for surveillance warrants can ensure that only specific targets based on credible suspicion are monitored, rather than blanket data collection.
-
Digital Forensics: Improving techniques for accessing and analyzing data from devices that already been lawfully obtained like using specialized tools to extract data from encrypted devices without requiring backdoors.
-
Human Intelligence: Deploying undercover operations and cultivating informants within criminal organizations can provide invaluable inside information, e.g. using undercover agents to infiltrate human trafficking rings.
-
Financial Tracking: Following financial transactions to uncover and disrupt the funding sources of criminal activities.
-
Metadata Analysis: Analyzing non-content data like communication patterns, duration and frequency to track criminal networks without accessing the content of communications, e.g. identifying suspicious connections between known criminal suspects based on call records or internet activity.
-
Intelligence Sharing: Building stronger networks for sharing intelligence between agencies across borders can help tackle transnational crime effectively.
In cryptography, several advanced techniques can be leveraged without compromising E2EE. These innovations can provide robust solutions in specific scenarios:
-
Homomorphic Encryption: This technique allows computations on encrypted data without decrypting it. Law enforcement can analyze encrypted information for patterns or anomalies while keeping the data content secure and private.
-
Zero-Knowledge Proofs: Zero-knowledge proofs enable one party to prove to another that a statement is true without disclosing any additional information. This can verify specific details without exposing the underlying data.
-
Multi-Party Computation (MPC): MPC allows multiple parties to jointly compute a function over their inputs while keeping these inputs private. This technique supports collaborative analysis without compromising individual data privacy.
My intention here is not to assess the effectiveness or moral implications of these alternative methods. Instead, I aim to provide a general overview of potential strategies that could be employed without compromising encryption. Ultimately, deciding on their implementation should be a transparent democratic process, involving the input and consent of the people who will be affected. This inclusive approach ensures that any adopted measures align with the values and needs of society.
Beyond these targeted cryptographic methods, our general approach should focus on bolstering the digital defenses of both the public and organizational level in a democratic society.
This includes improving, not weakening, cryptographic standards to reduce vulnerabilities that criminals might exploit. For example, we should promote awareness campaigns on phishing, secure password practices and invest in advanced security engineering. These measures collectively reinforce our digital resilience without compromising the privacy and security that underpin a free society.
In IT, there is a concept known as a "single point of failure" (SPOF), a non-redundant component that, if it fails, can bring down the entire system.
This principle also applies to democratic systems: if a critical element of democracy, such as the right to privacy or free expression, is compromised, the stability and integrity of the entire democratic structure is at risk.
A democracy must protect its core values and rights to ensure its resilience and continued function.
Comments
No comment on this post yet... Initiate the dialogue - be the first to illuminate this page with your thoughts!