End-to-end encryption is problematic when it comes to law enforcement. It's a secure option for users, but some governments see encryption as an obstacle to preventing various crimes. That's why Australia, the UK, and the US are asking tech companies to build backdoors into encrypted apps and devices. The argument is the same - safe society first.
Australia passed the anti-encryption laws at the end of 2018. However, some local tech companies are planning to move the stored data out of the country. As for the United Kingdom, debates about a similar ban are always in the air.
Restricting encryption has also been recently discussed in a National Security Council meeting in the US. But here the ban would cause the most significant concern. Many encrypted messaging platforms, such as WhatsApp, iMessage, Signal, and Wickr, are US-based. That’s why any changes would affect not only US citizens, but also users abroad.
What is end-to-end encryption, and why do we need it?
Today users have the freedom of choice whether they want privacy, convenience, or both. With encrypted communication apps, people are free to discuss sensitive matters that social media and even email sometimes do not allow. An encryption ban would suppress free speech. Also, it's essential to know how and when the collected data will be used. Companies might sell ads by invading "private" chats and delivering that information to brands. In some countries, people can even get arrested for speaking against the authorities.
End-to-end encryption not only allows users to maintain privacy and secrecy but also safeguards information from third-party access. It's not possible to create an encryption backdoor that would target only one person, without affecting the security of others. Any such ban would make it easier for hackers to steal users' private data by exploiting loopholes in encryption. The lack of encoding would also endanger people hiding from stalkers and abusive relatives. The truth is, there is no secure backdoor solution for law enforcement that would not be accessible to malicious hackers.
Providing an encryption backdoor for governmental institutions is alarming in general. Through the years, many state-owned systems have failed to safeguard sensitive information, and they are among the most common targets for hackers, both individual and state-sponsored. Despite the multitude of cyber-attacks, many government databases are still not protected properly. So it won't get any better when officials gain access to even more sensitive information.
The Chinese government and its overuse of surveillance
While the Western countries are still making up their minds, China already lives by its authoritarian script. Encryption methods are restricted here with citizens' security as an excuse.
A major messaging app WeChat is the main communication provider for 1 billion monthly Chinese users. Handling around 45 billion messages sent and received daily, it is also the primary tool for the government to track the information traffic. In a 2016 report on user privacy, Amnesty International gave the app a rating of 0/100. It was due to its lack of free speech protections and end-to-end encryption.
Law in China requires all internet companies to monitor and control the content across their platforms. That includes Tencent, the owner of WeChat. Without end-to-end encryption, the developer can filter all the messages and the media sent via the app in real-time. For example, it can review and censor images before they even reach the intended recipient.
Tencent compares pictures with those already on its blacklist by examining the file's "hash," a so-called digital fingerprint. If it matches a file on the list, they filter and prevent it from reaching the other user. It can be done with text messages, as well. The sender can see their texts without any warning messages, but the recipient sees nothing.
However, WeChat is not only for messaging. Over recent years, it has turned into an all-in-one digital multitool. The app enables users to do anything from paying for groceries to rentals, from ordering coffee to booking a doctor's appointment. WeChat also plans to integrate a digital ID card, which should function as a regular citizen ID card. In case of a breach, hackers could access everything from a user's identity to their facial features, bank details, address, and more. And with no special encryption, it is easy to achieve.
Privacy laws behind The Great Firewall of China
There’s also very little legal protection for the personal data of Chinese citizens. Although with some restrictions, tech companies can still sell private information. Conglomerates such as Tencent and Alibaba have all the tools to share user data with advertisers and third parties. The former company uses its user data to improve its other products, some of them related to AI and surveillance. Most of the time, without people consenting or knowing about that.
Being under the government's rule, these companies also share the collected data with the authorities. It’s then used for political purposes, such as suppressing public protests before they happen. Trained people find blacklisted keywords or images and remove them. Sometimes people get reported to law enforcement if their actions raise concern. For example, one could joke about ISIS and get arrested by the police, without any proof of guilt.
Should Western countries follow the worst-case scenario?
China has its justifications for the control over its citizens, censorship, and 24/7 monitoring. The government claims these methods help ensure people’s safety and fight against terrorism. But this system is still a violation of human rights, endangering the security and lives of millions. It has a severe impact on activists, journalists, and ordinary people with dissenting opinions.
Even though Western countries are nothing alike, we must try to imagine the what-if scenario. Should governments be more concerned about crimes than people’s privacy? If so, what fundamental human rights could be taken away next? Are we all ready to be spied for the greater good? Either way, the end-to-end encryption ban is a red flag for democracy, fundamental human rights, and security. And this might have a huge impact not only on Australia, the UK, or the US, but also other countries worldwide.