| Introduction: Explain end-to-end encryption. Body: Write applications of end-to-end encryption and also highlight the issues associated with it. Conclusion: Write a way forward. |
End-to-end encryption (E2EE) is a communication process that encrypts data being shared between two devices. It prevents third parties like cloud service providers, internet service providers (ISPs) and cybercriminals from accessing data while it is being transferred.
The process of end-to-end encryption uses an algorithm that transforms standard text into an unreadable format. This format can only be unscrambled and read by those with the decryption keys, which are only stored on endpoints and not with any third parties including companies providing the service.
Applications of end-to-end encryption:
- End-to-end encryption is used to secure communications. Some of the popular instant-messaging apps that use it are Signal, WhatsApp, iMessage, and Google messages.
- It is also used to secure passwords, protect stored data and safeguard data on cloud storage.
- It is often used to help companies comply with data privacy and security regulations and laws. For example, an electronic point-of-sale (POS) system provider would include E2EE in its offering to protect sensitive information, such as customer credit card data.
- End-to-end encryption has long been used when transferring business documents, financial details, legal proceedings, and personal conversations.
- It can also be used to control users’ authorisation when accessing stored data.
Issues:
- Metadata: it does not conceal information about the message, such as the date and time it was sent or the participants in the exchange. This metadata could give malicious actors with an interest in the encrypted information clues as to where they may be able to intercept the information once it has been unencrypted.
- Compromised endpoints: If either endpoint has been compromised, an attacker may be able to see a message before it is encrypted or after it is decrypted. Attackers could also retrieve keys from compromised endpoints.
- Complexity in defining the endpoints: Some E2EE implementations allow the encrypted data to be decrypted and re-encrypted at certain points during transmission. This makes it important to clearly define and distinguish the endpoints of the communication circuit.
- Too much privacy: Government and law enforcement agencies express concern that end-to-end encryption can protect people sharing illicit content because service providers are unable to provide law enforcement with access to the content.
It needs to be ensured that integrity of data and privacy is maintained whilst using such technology, for example recommendations of Srikrishna Committee on Data Protection can be implemented.
