Is End to End Encryption Good

The British government is reportedly about to start an ad campaign to convince the public that end-to-end encryption is bad.

They argue that end-to-end encryption allows terrorist, paedophiles and other criminals avoid detection.

I think this is wrong.

Firstly, I hope we can all agree that encryption in general is really good! Without it we couldn't buy anything on line. We couldn't do on-line banking etc. We couldn't work on our computers from home.

Encryption is vital to our day to day lives.

So why is end-to-end encryption different from the encryption we already use?

Almost all encrypted data we used daily is deciphered by a central entity. In the case of on-line banking and shopping, we create an encrypted channel with the bank or shop, so that nobody else can read (or alter) the messages.

With end-to-end encryption there is no central entity that can read the messages.

For example, if whatsapp uses end-to-end encryption, and I talk to my brother, only he and I can see the messages. Whatsapp (Facebook) cannot read the messages, because they don't have the decryption keys. Only my brother and I have them.

But can't we already do that?

Yes we can. There are numerous ways that we could set up end-to-end encryption, but we don't tend to, because it is tricky to set up. For example, we could use PGP and old-fashioned e-mail.

So banning end-to-end encryption will make no difference to tech savvy criminals.

But Police MUST be able to intercept message

Before the internet, the police used to work hard to get leads, to eavesdrop on conversation, put wires on snitches etc. They couldn't sit behind their desk hoping that information would magically fall into their lap.

The same should be true today and in the future. If police want to eavesdrop on an encrypted conversation between two criminals, they should expect to put the same amount of effort that they did historically.

Modern equivalents of old techniques still exist even when end-to-end encryption is used. For example:

  • Get a camera into the room where the messages are being read.
  • Compromise the criminals computer (governments have repeatedly shown they are experts at hacking our computers!)
  • Undercover agents work as well in "cyberspace" as they did in the past!

What's the problem if we can't have end-to-end encryption?

If we rewind a couple of decades we would have exactly the same conversation about "normal" encryption. The USA passed a law stating the strong encryption was a military asset which could not be exported. This made on-line banking and on-line commerce utterly unsafe! We were lucky that Covid-19 hit when it did, because we had encrypted digital communications. So, many things that historically required direct human interaction could be done virtually. Such as shopping, banking, working from home etc.

In hindsight banning encryption was insane, and banning end-to-end encryption is equally insane.

Let me make an old-fashioned analogy :

Encryption is like an envelope. Without encryption all correspondence is via postcards (visible to all).

Banning end-to-end encryption is akin to banning envelopes except to your bank or shop. You cannot use envelopes when corresponding with family, friends, colleagues or business partners.

If the government tried to band envelopes, they would be laughed out of office pretty damn quickly. The only difference here, is the general public understand envelopes, but do not understand computer encryption.

BTW, If we banned envelopes we could catch bad guys easier, because the police could see everything they sent to each other. So using the UK's Conservative government's logic, envelopes are evil, and must be banned. Consequences be damned.

Note: Encryption is better than an envelope, because an envelope can be easily opened. Encyrpted messages can't. Envelopes can also be resealed without the recipient knowing. (This is why sealing wax was invented centuries ago!)

If you have nothing to hide, then encryption doesn't matter

If you have nothing to hide, then write your political views on your front door. As well as your sexual proclivities. The details of your (ill) health. As well as all the sexy pictures you sent to your partner.

Clearly we must have the right to kept these things private.

In a digital world, we need to have the digital equivalents of an envelope. Do not let your government force you to send all of your private message on the back of a postcard!

An Aside

Many years ago, as part of my job as a computer programmer, I stumbled across a piece of private information about somebody I knew within a database. I was the lead developer of the application. The vast, vast majority of the data was of no significance, so no thought was given to privacy. I had full access to the whole database.

I'm sure it would be embarrassing for them if they knew that I knew! Fortunately, it was only a passing acquaintance, and through the mists of time, I've forgotten the person's name, and what they look like. So I am no longer burdened with a secret.

But at the time I knew something that I shouldn't. Their privacy was invaded.

That incident hit hard, and has stayed with me. Partly because it is my job to understand the implications of encryption, but also on a personal, human level. Privacy matters, and we should strive to protect it.

If that piece of information was on a piece of paper, instead of a computer database, I'm sure I would not have seen it. In this digital age, privacy is very difficult to protect. Because data flows so easily.

Protecting privacy will be made so much harder if we pass laws banning technology which aids privacy.

Conclusion

Encryption is really good. There's no doubt about that!

End-to-end encryption is also good.

End-to-end encryption doesn't mean police are impotent, it only means they cannot be lazy.

The only reason banning end-to-end encryption will be allowed is because the public don't understand the implications.

I'm unsure if the government is being evil, or merely stupid. Do they understand the implications?

(i)