Even though law enforcement agencies insist on encryption schemes that allow “lawful access by design,” messaging apps and tech giants are moving toward using end-to-end encryption to protect more user data.
Apple said on Wednesday that it will go from 14 to 23 categories of data on iCloud that are protected by end-to-end encryption. With end-to-end encryption, the company said, user data will be safe even if cloud data is broken into. In November, Elon Musk said that he wanted DMs on Twitter to be encrypted. He also said that he talks to Moxie Marlinspike, the creator of Signal, and that Marlinspike is willing to help with encrypting Twitter DMs. But government agencies aren’t happy about this change. In a statement to the AP, the FBI said that even though it still strongly supports encryption, it is very worried about the threat that end-to-end encryption and user-only access pose.
The agency said that they make it harder for it to protect Americans from cyberattacks, violence against children, and terrorism.
What does “end to end” mean?
End to end encryption is a way for two devices to talk to each other and encrypt the data they share. It stops Cloud Service Providers, Internet Service Providers (ISPs), and cybercriminals from accessing data while it’s being sent.
The end-to-end encryption process is used in algorithms that change normal text into a format that can’t be read. This format can only be decoded and read by people who have the description keys, which are only kept on the endpoints and not anywhere else, not even by the companies that provide the service.
End-to-end encryption has been used for a long time to send business documents, financial information, details about legal cases, and even private conversations. It can also be used to keep track of users when analysing stored data, which is what Apple seems to want to do.
how does it work?
To keep communications safe, encryption is used from one end to the other. Signal, WhatsApp, iMessage, and Google Message, which are all popular instant messaging apps, all use it. End-to-end encryption isn’t just used to protect user data in instant messaging, though. It can also be used to protect passwords, keep data safe, and keep data and cloud storage safe.
Why do tech businesses use it?
Apple said on its blog, “The rising threat to consumer data in the cloud: research on data breaches,” that the number of data breaches will more than triple from 2013 to 2021. Only in 2021, 1.1 billion personal records were shared, and the company is trying to deal with this growing threat by putting in place end-to-end encryption.
Apple also said it thinks the extra layer of security would be helpful for people who are the targets of hacking attacks by well-funded groups.
Mr. Elon Musk has also said in public that he wants to make Twitter’s direct message better. A report from the verge says that Mr. Elon Musk told employees that the company would encrypt DMs and work on adding encrypted video and voice calling between users.
Focusing on end-to-end encryption seems to set it up as a provider of secure services for storing and sending data. End-to-end encryption is also seen as a way to protect users’ data from being looked at by the government. This makes it a feature that activists, journalists, and political opponents want.
how does this affect users?
End-to-end description in source that user data is safe from unauthorised parties like service providers, cloud storage providers, and companies that handle in-scripted data.
On its support page, Apple said that end-to-end encrypted data can only be read by trusted devices signed in with an Apple ID. No one else can get to this data, and even if there is a data breach in the cloud storage, it will still be safe.
Only the device passcode, password, recovery contact, or recovery key can be used to get to the data. That technology also makes it harder for service providers to give government agencies information about their users.
But end-to-end encryption doesn’t protect metadata, which includes things like when a file was made, when a message was sent, and where the data was sent and received.
Why don’t government agencies like it?
In a statement, the FBI said that it didn’t like the idea of tech companies using more end-to-end encryption.
In a statement to the Associated Press, it said that while it is still a strong supporter of encryption schemes that allow “lawful access by design” so that tech companies can decrypt data when they get a court order, it “continues to be deeply concerned about the threat that end-to-end and user-only encryption pose.”
In the past, government agencies from all over the world have had a hard time getting to encrypted data hosted and stored by tech companies.
The US, UK, and Australia planned to put pressure on Facebook in 2019 to make a backdoor into its encrypted messaging system. A report from the guardian says that the goal of apps was to let the government check the content of private communications.
Australia passed laws in 2018 that would force tech companies and service providers to make it possible for law enforcement to read and send messages on platforms like WhatsApp and Facebook. According to a report by Al Jazeera, the laws were passed to stop terrorists and other serious criminals from hiding from the law. However, cryptographers and cyber security experts say that law enforcement’s attempts to break encryption are weak.