There’s an emerging health crisis at the moment, besides coronavirus: the head injuries caused by techies banging their heads on their desks at each piece of evidence that governments don’t understand how end-to-end encryption works.
The latest example of this, reported in the Guardian, was the head of Britain’s domestic counterintelligence and security agency, MI5, calling on tech companies like Apple and Facebook to continue to offer end-to-end encryption, but to provide MI5 access “on an exceptional basis”…
MI5, short for Military Intelligence, Section 5, is responsible for detecting planned terrorist attacks and preventing them before they can be carried out. It also assists other law enforcement agencies in the investigation of other serious crimes.
The Guardian quotes from an interview broadcast on British television channel ITV.
The entire point of end-to-end encryption is that only an intended recipient of a message is able to decrypt it. When I send you an iMessage, nobody else is able to read it — not even Apple — because only a device authenticated by your Apple ID and password has the decryption key.
Technically, you can argue that Parker’s question isn’t quite as dumb as it sounds, as there is one potential workaround that would work with some end-to-end encrypted chat services known as “the ghost proposal.”
Unlike other proposals for compromising end-to-end encryption, that one at least has the virtue of being technically possible. It effectively takes advantage of the way that Apple allows you to begin an iMessage conversation on your iPhone then continue it on your iPad or Mac. Apple could effectively create a fake virtual device, authenticated as you, which would receive all your messages.
In short, Apple — or any other company that allows people to privately chat — would be forced to allow the government to join those chats as a silent, invisible eavesdropper.
However, that would only be possible because it would break authentication of participants in the chat, which is a key component of end-to-end encrypted messaging. If you take an end-to-end encrypted messaging service and compromise the authentication process, you no longer have an end-to-end encrypted messaging service. The whole point of end-to-end encryption is that only authorized participants can decrypt it.
So, here’s my open letter to governments:
If you want to ban end-to-end encryption, as some of you have said, please understand what this means. Like the end of e-banking and online shopping.
If you instead want to ban the use of end-to-end encryption in messaging, you might first want to check whether many military, government, and law enforcement agency messaging services use it.
You now want to ban only the civilian use of end-to-end encrypted messaging, you say? Think about the impact on journalism. Think about the massive criminal opportunities you would be creating for identity theft and other forms of fraud. Above all, please think about the fact that you are telling your citizens they are no longer entitled to have private conversations using any electronic means, nor to privately share their photos with their partner, friends, or family. Think about what kind of regime wants that.
If you then decide, as MI5 apparently has, that you want to allow end-to-end encryption in messaging, but create a backdoor for governments, what you need to know is this: You can’t. Because compromised end-to-end encryption isn’t end-to-end encryption.
I hope that helps.
Love, Ben