The emergence of social media and other forms of digital communication has brought up a fundamental need for privacy. This has taken center stage because most communication travels through the public Internet, where it can be exposed unless precautions are taken to protect the contents of the message. In general, users want only their end recipients to read and understand their message and not anyone who snoops around for information. This innate need for privacy led to the emergence of a technology called end-to-end encryption, or E2EE, which is a process that ensures that only the sender and the receiver can read the messages.
The COVID-19 pandemic exacerbated this need for safe and secure communication as the Internet and digital media were the only ways through which people could communicate to the world outside their homes. This has become an especially thorny problem for businesses, as many employees are working from home where they are transmitting and receiving sensitive information. As a result, end-to-end encryption became a hot topic, and everyone wants to know if this is a way to ensure their privacy.
Let’s find out! But a bit of history and basics before that.
History of end-to-end encryption
The idea of secure digital communication began in 1981 when SMTP was first published. This was the standard for email and started the evolution of the peer-to-peer protocol that everyone can use for communication.
The 1990s saw another big jump in this world with the introduction of Pretty Good Privacy or PGP, an end-to-end encryption software created by a programmer named Phil Zimmermann. But unfortunately, it did not take off as expected.
The next wave came in 2013 after the exposé by whistleblower Edward Snowden that put the spotlight back on encryption and privacy. Over the years, many debates on privacy coupled with advancements in technology led to the development of E2EE, and many applications started to implement it. This end-to-end encryption moved up in popularity when Facebook joined the bandwagon by saying it would implement this technology on all its social media platforms — although this is still not close to a reality.
What is end-to-end encryption?
End-to-end encryption is a secure way of communication where the messages are encrypted with an encryption key, and only the sender and the receiver have this key to decrypt the message. Hence, no one monitoring the network, including hackers, government agencies, and even service providers, can read the messages.
Let’s understand this technology with an example.
You want to send a private message to your mom. She has two keys, a private key and a public key. As the name suggests, the public key can be shared with others, but the private key is a secret one that only she can use. Both these keys are mathematically encrypted, and they work together, which means the message encrypted by a public key can be decrypted only with a private key.
First off, you use your mom’s public key to encrypt the message, and this turns your message into something called a ciphertext, which is nothing but a bunch of random characters that need a private key to decipher. When this message travels through the Internet, multiple servers of your Internet service provider or company may try to decipher this message, but they can’t do it because they don’t have the private key.
When this message reaches your mom, her software uses the private key to decrypt the message and she can read what you transmitted. Since no one else has the private key, you can rest assured that only your mom has read this message and no one else.
Pretty simple, right?
So, what are the advantages, and why should you use E2EE?
Benefits of using end-to-end encryption
End-to-end encryption is gaining ground as one of the most secure means of communication, and here’s why.
Security and integrity
The biggest advantage of using end-to-end encryption is security, as no one else can read your private message except your recipient. This keeps your data safe and secure from prying eyes.
This security takes a whole new meaning today, given the extent of online communication and the associated data breaches.
Further, E2EE maintains the integrity of the message as no one can change it or tamper with it during transit.
Away from the eyes of law enforcement
Today, most applications use a type of encryption called transport layer encryption, where the service provider encrypts the message. Typically, law enforcement organizations can issue warrants to service providers to allow them access to the contents of the encrypted message, and most times, if not all, the service provider has to comply with it.
But with end-to-end encryption, the service provider has no role in the encryption process, so law enforcement agencies can’t get the information they need through the service providers.
While there’s a lot of back-and-forth argument on whether this is good or bad, E2EE nevertheless makes it difficult for anyone other than the intended recipient to read the messages.
Healthy democracy and free speech
Besides providing privacy and security, E2EE is also good for the overall health of democracy as it encourages free speech and allows people to exchange their ideas without the constant fear of monitoring by government agencies.
Overall, it works well for society, given that we are transitioning into a complete online communication model.
Challenges of E2EE
End-to-end encryption may seem like a panacea to all our data breaches and security woes, but many challenges come with it.
Not a complete security solution
E2EE encrypts only the data while it is in transit and not while it is stored. Going back to our previous example, the messages you sent to your mom are safe during transit, but they are not safe after she opens them and they are in her inbox. So, the stored information is still vulnerable. Hence, E2EE is not a complete solution by itself.
Date and timestamp
Secondly, the servers that transmit the message keep track of your communication, though they can’t read the actual message. For example, the server notes that you sent a message to your mom on a specified date and time and that it was of a specified length. Such information by itself may draw unwanted attention, especially when you communicate with some people that the government or any other authority is tracking.
Despite these limitations, end-to-end encryption is probably the most secure choice available today to send and receive confidential messages. This is also why many communication services such as Signal Private Messenger, Telegram, and WhatsApp are choosing it for their platforms.
Does it ensure privacy?
Yes, to a large extent. Though it does have its share of challenges, it’s still more secure than most other technologies we have today. Also, many companies are working on this technology, adapting it to their needs, and are even incorporating it as a part of their applications.
Over the next few years, we’re likely to see wider adoption of E2EE, though the legal debate around its use may also get intense. For now, though, E2EE rules!
Have you tried end-to-end encryption? Do you think it’s the most secure way of communication today? Please let us know.
Featured image: Designed by Fullvector / Freepik