Encryption is designed to protect data from being accessed by unauthorized persons and is in use in many software’s, applications and technology systems. However, recent events have called into question whether encryption should have a back-door key, with compelling arguments coming from both sides. What it comes down to is the need for authorities to protect against the privacy of an individual or organization.
This is an argument which has significant legal grounding and for a decision to be made either way there will certainly be authorities involved and politicians giving their opinions. The General Data Protection Regulation (GDPR) is set to take effect in less than a year, with the regulation focusing heavily on the protection of personal data and the rights of individuals; pointing to no back door into encryption or a heavily regulated process if one is implemented.
What’s the risk of having no key?
The argument for introducing a back-door key that can be used and accessed by authorities is to directly be able to monitor and track known criminals and/or terrorist suspects. It has been argued that the ability to send messages that are encrypted end-to-end has reduced the effect authorities and police have had in their investigations.
WhatsApp is just one example of a messaging application that utilizes end-to-end encryption and has reported usage of up to 1 billion users a day. WhatsApp has always used encryption and part of their core message is around providing great service and protection to its users making it unlikely to U-turn and allow access. Especially as they do not currently have access to people’s messages themselves, let alone giving others access.
There are also risks if there is a key
As a consumer, there is often a fear that your personal information is going to be lost or stolen, especially given some of the high-profile data breaches that have made the news in recent months. Many consumers choose suppliers (or in this case messaging applications) based on reputation, only choosing organizations that they can trust. This being the case, implementing a key could drive away some customers and have damaging effects on an organization.
Opening end-to-end encryption leaves platforms open to attack, whether it be hackers or internal contributors looking to take advantage. Another issue is that once data can be accessed, who will have permission to access it, when you consider that data (especially given the example of a messaging platform) is likely to cross multiple borders – once this happens the data must be dealt with in accordance to the data laws in each country which also raises the question of who would be liable if data was lost or a breach occurred.
Legally speaking, the door may be shutting
This is a high-profile debate and there are many stakeholders with their own agendas to consider, The European Union being one of those. This week it has been reported that, a European Parliament Committee wants to end the debate by banning ‘back-doors’ into encrypted messaging applications.
Draft legislation will seek to extend the rights an individual has around personal privacy and with this likely to cover online communications, those who are looking for a back-door may have to find another solution. The proposal will seek to amend Article Seven of the EU’s Charter of Fundamental Rights to protect individuals and to reduce the risk of sensitive information being hacked or accessed by unauthorized persons.
It is unlikely that authorities, police forces and governments are going to all together drop their interest in being able to access and review content being sent via encrypted platforms but a ‘back-door key’ is starting to seem less likely of a route in. One potential avenue that authorities can take is working with technology providers to do traffic analysis and understand patterns of behaviour such as who is talking to who, where and when.