Governments wanting a back door for access to encrypted chat service communication seems to be a global trend. Such access would greatly increase the effectiveness of law enforcement and investigative agencies, thus helping to safeguard national security. In this blog, we will take a look at several aspects of the issue, including the potential risks involved.
The end-to-end encryption used by most chat services is a major thorn in the side of national intelligence and investigation agencies. Over the past few months, there have been multiple reports of politicians and government officials from various countries voicing their concerns as to the use of end-to-end encryption. Dutch Minister of Justice Grapperhaus for instance launched an initiative to structurally weaken the effectiveness of end-to-end encryption. The proposal was promptly rejected by the Dutch House of Representatives, but that has not stopped government institutions from continuing to work out details of the plan, the general idea being the incorporation of a ‘back door’ which will allow investigative and law enforcement agencies access, by means of a ‘master key’, to messages sent through various chat applications. The reasons for this drive toward curtailing the strength of end-to-end encryption all centre on considerations of crime prevention and safeguarding of national security.
Recently, a group of European tech companies issued a warning to the EC, pointing out the dangers of end-to-end encryption weakening, and submitting that while there is no reason to believe that it will provide added security, there is every reason to suggest that it would constitute an infringement of the fundamental rights of individual citizens.
So, in this week’s blog we will take a closer look at the concept and significance of end-to-end encryption. What exactly is it and what would be the effects of weakening the technology?
End-to-end encryption is used by various chat services, including WhatsApp and Signal. What this means is that outgoing messages are encrypted on the sender’s phone. The recipient’s phone has a key for decoding the message on arrival. The central servers, which is where messages go through before being routed to their destination, do not have access to the content of these messages, which only the recipient can read once the message has actually been received on his or her phone. So, the only persons who have access to the content of the message, who can read the message, are the sender and the recipient.
End-to-end encryption, in other words, prevents random interception of the content of digital communication, acting as an additional security lock. But this is only true for the message content. It does not apply to metadata, which, as a result, are routinely used by law enforcement agencies for investigative purposes.
In December 2020, the heads of government of all EU member states agreed to a draft resolution on the encryption of online communication. As mentioned above, the call for encryption weakening is inspired by motives related to crime prevention, by the desire to offer investigative agencies the maximum range of options in a time of increasing online crime or online planning of criminal operations. In order not to completely lose track, law enforcement officials feel they simply need access to chat messages exchanged by parties involved in criminal activities.
The intention of said EU resolution was to allow for effective application of rules from the physical world in the digital realm as well. Take, for instance, the concept of confidentiality of correspondence as it applies to the physical world, meaning that no-one has the right to open mail addressed to another person, with the sole exception of cases ruled by consent from the recipient or by a court order which – based on a well-considered decision – grants investigative authorities the right to open certain items of mail. In theory, the same principle should apply to digital communication, but, due to the end-to-end encryption used by chat services, the exception is not available to investigators dealing with digital communication, not even in situations of imminent threat to national security.
On the other hand, weakening the encryption used by chat applications does come with a number of caveats. The idea of implementing a ‘back door’ to provide access to holders of a ‘master key’ seems to make a lot of sense, especially in urgent situations where fast, decisive action can make the difference between life and death. Unfortunately, these back doors also make the encryption system more vulnerable to cyber-attacks. Which, in view of the increasing number of data breaches and hacking incidents of recent years, is by no means an unlikely risk. Besides, the effect of encryption weakening in terms of improved national security remains questionable, as there is nothing to prevent individuals or organisations with criminal intent from switching to alternative communication channels.
Before the European Council and individual European governments take legal steps to make it obligatory for chat services to provide access to message content, a careful consideration needs to be made as to the potential social impact as well as the appropriateness of a course of action that may be rather drastic in relation to the dubiousness of its effect.
Taking intrusive measures that fail to generate the intended effect while at the same time jeopardising the privacy of large numbers of citizens, can never qualify as sound policy.
An additional, long-term problem of end-to-end encryption weakening is the potential ‘chilling effect’, preventing users from freely expressing themselves on WhatsApp and similar platforms, for fear of information leaks or someone watching over their shoulder. This is an issue that goes to the very heart of the right to privacy and may lead to the eventual erosion of the democratic constitutional state’s core values.