Comment: Its time for governments to learn how end-to-end encryption works – 9to5Mac

Theres an emerging health crisis at the moment, besides coronavirus: the head injuries caused by techies banging their heads on their desks at each piece of evidence that governments dont understand how end-to-end encryption works.

The latest example of this, reported in the Guardian, was the head of Britains domestic counterintelligence and security agency, MI5, calling on tech companies like Apple and Facebook to continue to offer end-to-end encryption, but to provide MI5 access on an exceptional basis

MI5, short for Military Intelligence, Section 5, is responsible for detecting planned terrorist attacks and preventing them before they can be carried out. It also assists other law enforcement agencies in the investigation of other serious crimes.

The Guardian quotes from an interview broadcast on British television channel ITV.

Parker called on the tech firms to use the brilliant technologists youve got to answer a question: Can you provide end-to-end encryption but on an exceptional basis exceptional basis where there is a legal warrant and a compelling case to do it, provide access to stop the most serious forms of harm happening?

The entire point of end-to-end encryption is that only an intended recipient of a message is able to decrypt it. When I send you an iMessage, nobody else is able to read it not even Apple because only a device authenticated by your Apple ID and password has the decryption key.

Technically, you can argue that Parkers question isnt quite as dumb as it sounds, as there is one potential workaround that would work with some end-to-end encrypted chat services known as the ghost proposal.

Its relatively easy for a service provider to silently add a law enforcement participant to a group chat or call. The service provider usually controls the identity system and so really decides whos who and which devices are involved theyre usually involved in introducing the parties to a chat or call. In a solution like this, were normally talking about suppressing a notification on a targets device and possibly those they communicate with.

In short, Apple or any other company that allows people to privately chat would be forced to allow the government to join those chats as a silent, invisible eavesdropper.

Unlike other proposals for compromising end-to-end encryption, that one at least has the virtue of being technically possible. It effectively takes advantage of the way that Apple allows you to begin an iMessage conversation on your iPhone then continue it on your iPad or Mac. Apple could effectively create a fake virtual device, authenticated as you, which would receive all your messages.

However, that would only be possible because it would break authentication of participants in the chat, which is a key component of end-to-end encrypted messaging. If you take an end-to-end encrypted messaging service and compromise the authentication process, you no longer have an end-to-end encrypted messaging service. Thewhole point of end-to-end encryption is that only authorized participants can decrypt it.

So, heres my open letter to governments:

Dear governments,

If you want to ban end-to-end encryption, as some of you have said, please understand what this means. Like the end of e-banking and online shopping.

If you instead want to ban the use of end-to-end encryption in messaging, you might first want to check whether many military, government, and law enforcement agency messaging services use it.

You now want to ban only the civilian use of end-to-end encrypted messaging, you say? Think about the impact on journalism. Think about the massive criminal opportunities you would be creating for identity theft and other forms of fraud. Above all, please think about the fact that you are telling your citizens they are no longer entitled to have private conversations using any electronic means, nor to privately share their photos with their partner, friends, or family. Think about what kind of regime wants that.

If you then decide, as MI5 apparently has, that you want to allow end-to-end encryption in messaging, but create a backdoor for governments, what you need to know is this: You cant. Because compromised end-to-end encryption isnt end-to-end encryption.

I hope that helps.

Love, Ben

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

Continued here:
Comment: Its time for governments to learn how end-to-end encryption works - 9to5Mac

Related Posts

Comments are closed.