Cryptography Part II End-To-End Encryption – A Tool To Preserve Privacy Or A Legal Hurdle in Justice
Let us continue our discussion regarding cryptography and its applications in modern digital world. If you haven’t yet read the previous article, I urge you to do so for clarity and better understanding of this one (click here to read the first part).
As we saw last week, cryptography is the cornerstone of modern digital world. If not for this technology, that has been in use since ancient times, cybercrimes would have compromised the security and privacy of devices as well as users. Today, let us delve deep into one of the applications of cryptography and the legal hurdles faced by it. We shall also discuss the important question of security of society versus privacy of individuals that has arisen as a result of encryption techniques.
End-To-End Encryption (E2EE) and Keeping Out Eavesdroppers
Proliferation of instant messaging apps such as WhatsApp have brought the world closer. They have caused a revolution in the world of messaging by creating a secure and fast way of self-expression. With the coming of WhatsApp Payments and Business variant, maintaining security and privacy of users has become more significant. Hence, end-to-end encryption has gained prominence in recent years.
So how does E2EE actually work?
When you type and send a message to your friend over WhatsApp, your device encrypts it before sending it out over the internet. Then from your mobile device, the message travels an interconnected web of servers and nodes that are connected to each other. The path chosen for message travel is the shortest one to reach your friend’s device. Once your friend receives the message, her device decrypts the encrypted contents into a humanly understandable form.
In this process, E2EE ensures that data is encrypted even during transit over open networks such as the internet, along with encryption at the sending device’s end. Thus, encryption makes sure that no unauthorized person is able to intercept your message, change its contents or route it to other device than intended.
This was the reason that prompted WhatsApp to bring in End-To-End Encryption within its mobile app across all devices. If not for E2EE, anybody familiar with hacking would be able to read users’ private chats, thus subverting their security and privacy. E2EE differs from other encryption techniques in that it offers a holistic encryption solution from the sender’s end to that of the receiver’s. Hence it is named as End-to-End Encryption. None other than the communicating parties can know the contents of the message. As the plaintext data is encrypted at the transmitter’s end, no entity in the middle can decrypt it over the network. This includes telecom or internet service providers, hackers or even the company that has created the application, for example WhatsApp. The ciphertext can be decrypted only at the receiver’s end through use of a unique key that is known only to the decrypting device.
E2EE uses Public Key Cryptography, also known as Asymmetric Encryption. In this type, the encryption key is made public while the key for decryption is kept secret. This allows for ease of ‘Key Management’ and reduces the system complexity, while still maintaining data integrity and confidentiality.
Should E2EE Exist? – Government v/s Manufacturers
Based on the application, cryptographic key can either be known to the creator of the application or it can be kept secret. If the manufacturer has an access to the cryptographic key(s) that is(are) used during encryption and decryption, or if the usual authorization and encryption process can be bypassed by the manufacturer to gain access to information being shared, it is referred to as an application ‘backdoor’. This backdoor is introduced willingly or otherwise by the developers for use in emergencies. But due to lack of stringent laws and absence of standard operating procedures in place that penalise manufacturers, it is possible to use backdoors for spying. Sometimes, the law enforcement agencies themselves ask manufacturers to provide access to backdoors for the purposes of crime investigation.
This topic got a lot of media coverage during the investigation of terrorist attacks that occurred in San Bernardino, USA in 2015. FBI asked Apple for backdoor entry to a suspect’s I-Phone, which the latter denied citing threat to its users’ privacy. The debate regarding ‘Individual Privacy’ versus ‘Societal Good’ raged on for months. Proponents of both sides seemed to raise valid points as privacy, like security, has also been declared a Universal Human Right by the United Nations. Since then, governments and enforcement agencies have demanded ‘reasonable restrictions’ on the privacy of persons if the encroachment will lead to greater good. On the other side, proponents of privacy, point out that other equally valid and court-admissible methods of investigation are available at the disposal of investigating agencies, so privacy of encrypted devices should not be compromised. Privacy is intricately involved with human dignity, which in turn, related to a human’s ‘Right to Life’. Thus, like safety and security is necessary for living one’s life, so is privacy important for leading a fulfilled life. Despite these polar-opposite opinions, many others expressed completely doing away with E2EE. I believe, instead of resorting to any of these extremes, a middle ground can be found out by using technology.
End-To-End-Encryption and the celebrities’ drug usage case
Closer home, the E2EE was questioned when WhatsApp chats of Bollywood film actors and celebrities were leaked in 2020 and thereafter. In the chats, these stars were seen either demanding or consuming banned narcotic substances. The Narcotics Control Bureau (NCB) of India was able to bust the whole drugs supply chain through reading WhatsApp chats of apprehended drug peddlers. Theoretically, this should not be possible since WhatsApp uses end-to-end-encryption. So, how did the police manage to decrypt the chats that were supposed to be encrypted?
The answer to this question is quite simple. The cybercell of NCB accessed private chats between celebrities and drug dealers by downloading them from Google Drive. Everyday, at around 2 AM, your WhatsApp data including the text and media files are backed-up by uploading them to Google Drive, which is a cloud-storage platform. It enables you to store and access your files from anywhere and over any device, without worrying about buying storage space online. Now when you allow your WhatsApp application to backup data to Google Drive, it is done but without encryption. This is to say that anybody who has access to your Google Drive can easily download and view your WhatsApp chats without any hassle of decryption or backdoors. Thus, though E2EE ensured encryption of the transmitter and receiver as well as the transmission channel, it failed to take into account the process of cloud-based backup employed by the application. That is a loophole that can compromise the data privacy and device security. Also, due to non-adherence to encryption policy by the cloud-based backup services, it can be easily be argued in the court of law that data integrity and confidentiality has been tampered with, thus making a case for repudiation of messages. That argument may end up weakening the prosecution’s case. Thus, a technical issue creates a legal loophole that is exploited by the accused to their advantage.
Future Advancements in the Field of Cryptography
As we have seen above, cryptography has some challenges that need to be solved. But there exists no reason to discard its use in entirety. As mentioned in the last article, if not for the encryption-decryption techniques, the modern digital world would not have been feasible. We are able to process payments safely and quickly due to the encrypted storage of our credit/debit card details within the server. E-commerce and social media websites use numerous cryptographic methods to authenticate users so as to prevent frauds. The JAM (Jan Dhan, Aadhar, and Mobile) Framework that has revolutionised government’s aid pay-outs in India, is possible through the application of cryptography. Satellite communication, Electronic-Mails, Internet Browsing are all made safer and more secure to use through the application of various cryptographic protocols.
Despite of cryptography being looked at as a bulwark against cyber-criminals, the technology itself faces the danger of turning obsolete. As the computing power of devices is rapidly increasing, experts suggest that soon it would not be too difficult to precisely calculate a private key from a pool of billions. It is also possible for a hacker to access the data before it is encrypted or post-decryption. All these concerns cloud the future of cryptography, but not for long. Current research in Quantum Computing can be used to create protocols for Quantum Cryptography (QC), which is deemed to be the technology of the future – one that cannot be broken into. This invincibility of QC can be attributed to the fact that unlike a binary bit, quantum bit can take on an infinite number of values. This can lead to an infinite number of possibilities for cryptographic keys, which would be difficult to guess by hackers. Thus, though it may change its techniques and form, but modern cryptography is here to stay and continue to make our lives easier.
Vishvali Deo is an E&TC (Electronics and Telecommunication) Engineer by education and Software Engineer by Profession. She believes that 'Technology is a Great Democratising and Equalising Force' and hence is on a mission to make the general public understand seemingly complex technologies in a simple manner.
She is convinced that the root of today's world problems lie in the past, hence she has also pursued post-graduation in History. She has a keen interest and a good grip over Economics, Political Science and Environmental Engineering. She has a penchant for working with Women and spreading Digital Literacy amongst them, with the aim of their empowerment. She also strives to provide Free Quality Education to children and counsels young adults. Besides, she is also skilled at Public Speaking, having won many awards in Elocution & Debate Competitions and Technical Paper Presentations.