Here we discuss the encryption vs. surveillance controversy that has often found itself in the mainstream news over the last few years.
What is the controversy about?
It all started like this…
Encryption technology designed to keep prying eyes away from information they shouldn’t be able to access has become so powerful, that software companies are now able to make their products practically impregnable.
Whether it is access to the contents of a smartphone or the information exchanged between users on a messaging program, the software companies behind those products can make encryption so strong that it cannot be broken, not even by the people who created them.
This is great for the users, who are almost guaranteed complete privacy, but governments across the globe are not happy.
Why don’t governments want companies to use unbreakable encryption?
Two words; national security. Governments and intelligence agencies don’t want criminals such as terrorists to be able to communicate with each other using technologies government agencies cannot access or eavesdrop on.
Decades ago, when phones were the best way of keeping in contact with people, governments could tap phones to eavesdrop on conversations, and this could help with their criminal investigations. However current technology prevents this type of eavesdropping, and governments fear that unbreakable encryption could prevent them from seeing information transmitted between criminals, which could make it harder to catch them and thus protect their respective citizens.
So what do governments and intelligence agencies want?
While governments and intelligence agencies understand the need for security features like encryption on products to help keep criminals out, they still want the software companies to build “backdoors” that would provide them access to information they would need.
What is a backdoor?
A backdoor is a way to bypass the security of a product, without the owner of the product knowing. A backdoor can be placed in the product either intentionally, or by accident as a security flaw.
Think of it this way – to access your house, you usually use the front door, so to keep strangers out you lock the front door. It doesn’t matter how strong your front door is or how many locks you install on it, if your house has an unlocked backdoor, people can still access it easily.
However, software companies are reluctant to build these backdoors.
Why don’t software companies want to comply?
Despite governments asking software companies to build backdoors into their products so that governments can potentially access those products if they need to, many software companies have refused to comply, most notably Apple, who refused government requests to “hack” into an iPhone belonging to one of the San Bernardino killers.
This is because software companies believe that building a backdoor into their products essentially equates to intentionally building a vulnerability into their own products. Many of these companies market themselves as providing secure and private products, a claim that is diminished if they allow certain people to bypass the security of those products.
The problem security companies have is that vulnerabilities – even ones they build intentionally for governments and intelligence agencies – can potentially be exploited by criminals.
Ultimately, a company that bills itself as private and secure would effectively be betraying their users trust by intentionally building a backdoor into their own products.
Of course, this reluctance was only strengthened after the Ed Snowden NSA leaks that revealed intelligence agencies were actively spying on private communications of innocent citizens.
Many software companies have refused to comply with governments regarding encryption, and some have even improved their encryption and security, such as WhatsApp that have integrated End-to-End Encryption (E2EE) to their messaging service.
What is E2EE?
End-to-End Encryption is a technology for messaging services that ensures only the sender and receiver can read messages, which are encrypted in a way that no one in the middle can intercept and decrypt the messages. E2EE messages cannot be read by anyone intercepting messages sent between two people – unless of course a backdoor is built into the encryption.
So what now?
While many software companies regularly do cooperate with authorities when subpoenaed for information, it is likely that we will continue to see a rise of these sorts of cases go to court as we have done in the past. Governments want software companies to compromise the security of their own products, something which many software companies have made clear that they are unwilling to do.