End-to-end encryption is non-negotiable for the enterprise • The Register
Record the debate Welcome to the latest Register Debate where writers discuss technology topics and you, the reader, pick the winning argument. The format is simple: we propose a motion, the arguments for the motion will run this Monday and Wednesday, and the arguments against Tuesday and Thursday. During the week, you can vote for the side you support using the embedded poll below, choosing whether you support or oppose the motion. The final score will be announced on Friday, revealing whether the argument for or against was the most popular.
This week’s motion is: In the digital age, we shouldn’t expect our communications to remain private.
Our second contributor debates VS the motion is veteran security reporter John E. Dunn.
If the UK government fails to persuade the tech titans to drop the implementation of end-to-end encryption (E2EE) in messaging apps, its next tactic will be to try to mobilize public opinion against him by claiming that technology puts society in moral peril. .
It’s a new approach laid bare in a recent report that the Home Office commissioned an advertising agency to come up with a campaign to turn citizens against E2EE, specifically Facebook’s decision to add the technology to Messenger by 2023. As always, it’s about keeping kids safe.
“We engaged M&C Saatchi to bring together the many organizations who share our concerns about the impact end-to-end encryption would have on our ability to keep children safe,” a Home Office spokesperson said.
The tactic is probably doomed. The public probably doesn’t like the idea of attackers hiding behind encryption, but many people are also suspicious of the government’s motives. The government, it seems, does not trust its citizens. Facebook, meanwhile, does not trust governments, fearing that by agreeing to create E2EE backdoors, it will become a weapon of state surveillance. Ordinary citizens are simply wondering if they should trust anyone.
The public probably doesn’t like the idea that abusers are hiding behind encryption, but many people are also suspicious of government motives.
The problem with trust is that once it’s gone, it’s gone for good. Although most people trust governments in general, that can wear thin if pushed too far. This is especially true for privacy, although people are often content with knowing how much they actually have. Tell people you’re taking it off and they’ll feel a freedom has been taken. In a free society, privacy should be something over which citizens and businesses have some control rather than a privilege granted by governments on their terms.
The UK government has yet to ask the companies what they think. Small businesses are increasingly dependent on E2EE applications that have emerged from mainstream technology, so the idea of official spying on these applications could eventually become a problem. Businesses, of course, aren’t using these applications, but are increasingly concerned that E2EE is just the cutting edge of a wedge being pushed into the idea of private enterprise communications.
For businesses, encryption is non-negotiable. You cannot have secure communications and data once in a while. It’s all or nothing. This is how encryption has been sold to them for decades – it creates absolute mathematical certainty that protects them from rivals, criminals, nation states and, yes, government interference. In many cases, this security is a regulatory and legal requirement.
By arguing to circumvent E2EE, the UK government seems to want to position itself as the ultimate arbiter of where and when privacy and security should apply. Despite the moral arguments used to justify the weakening of encryption, it is the recourse of an authoritarian regime, ironic given the British and American antipathy to the oppressive mass surveillance carried out in countries like Russia and China.
E2EE is the target today but it won’t stop there
The benefits of E2EE backdooring are not only illusory but damaging. Criminals would continue their activities using different E2EE applications while ordinary citizens and businesses would be subject to unnecessary surveillance. Trust in governments would decline. Hailed as a big step forward, it would be nothing of the sort, but more of a simple surveillance theater.
E2EE is the target today but it won’t stop there. Other applications and perhaps broader uses of encryption will follow, as criminals are likely lurking there too. Imagine living in a world where governments control privacy and security.
It is not a world of greater security but of erosion of trust. Who is watching? You have no way of knowing. No sane person would want to live in this world and that is why I implore everyone to vote against this motion. ®
Over a 30-year career, John E Dunn edited several dead tree computer magazines before specializing in cybersecurity in 2003 when he co-founded the online title Techworld. These days he writes about it in many places because there is a lot to talk about.
Vote below. We will close the poll on Thursday evening and publish the final result on Friday. You can follow the progress of the debate here.