The story so far:
Apple, on Wednesday, announced it will be increasing the number of data points protected by end-to-end encryption on iCloud from 14 to 23 categories. The company claimed that with end-to-end encryption, user data will be protected even in case data is breached in the cloud. Similarly, Elon Musk, in November, said that he wanted Twitter DMs to be encrypted. He also shared that he is in contact with Moxie Marlinspike, creator of Signal who was willing to help out with encrypting Twitter DMs. However, government agencies are not happy with the development. The FBI in a statement to AP said that while it remains a strong advocate of encryption, it is deeply concerned with the threat that end-to-end encryption and user-only access pose. The agency insisted they hinder its ability to protect Americans from cyber-attacks, violence against children, and terrorism.
End-to-end encryption is a communication process that encrypts data being shared between two devices. It prevents third parties like cloud service providers, internet service providers (ISPs) and cybercriminals from accessing data while it is being transferred. The process of end-to-end encryption uses an algorithm that transforms standard text into an unreadable format. This format can only be unscrambled and read by those with the decryption keys, which are only stored on endpoints and not with any third parties including companies providing the service. End-to-end encryption has long been used when transferring business documents, financial details, legal proceedings, and personal conversations. It can also be used to control users’ authorisation when accessing stored data, which seems to be what Apple intends to do.
End-to-end encryption is used to secure communications. Some of the popular instant-messaging apps that use it are Signal, WhatsApp, iMessage, and Google messages. However, instant messaging is not the only place where user data is protected using end-to-end encryption. It is also used to secure passwords, protect stored data and safeguard data on cloud storage.
Apple, on its blog, cited data breach research, “The Rising Threat to Consumer Data in the Cloud”, stating that the total number of data breaches more than tripled between 2013 and 2021. The company shared that data of 1.1 billion personal records were exposed in 2021 alone and that it is trying to address this rising threat by implementing end-to-end encryption. Apple also said that it believes the extra layer of protection would be valuable to targets of hacking attacks launched by well-funded groups. Mr. Musk has also publicly talked about his desire to improve Twitter’s direct messages. Mr. Musk told employees that the company would encrypt DMs and work to add encrypted video and voice calling between users, according to a report from The Verge.
The focus on end-to-end encryption seems to stem from the company’s desire to position itself as a provider of secure data storage and transfer services. End-to-end encryption is also seen as a technology that secures users’ data from snooping by government agencies, making it a sought-after feature by activists, journalists, and political opponents.
End-to-end encryption ensures that user data is protected from unwarranted parties including service providers, cloud storage providers, and companies that handle encrypted data.
Apple on its support page shared that end-to-end encrypted data can only be decrypted by trusted devices where users are signed with their Apple ID. No one else can access this data and it remains secure even in the case of a data breach in the cloud storage.
The data can only be accessed with access to the device passcode, password, recovery contact, or recovery key. The technology also makes it harder for service providers to share user information from their services with authorities.
However, end-to-end encryption does not protect metadata, which includes information like when a file was created, the date when a message is sent and the endpoints between which data was shared.
The FBI in a statement expressed displeasure at the idea of increasing use of end-to-end encryption by technology companies. It said that while it remains a strong advocate of encryption schemes that give “lawful access by design”, that would enable tech companies “served with a legal order” to decrypt data, it “continues to be deeply concerned with the threat end-to-end and user-only-access encryption pose”, it said in a statement to the Associated Press.
Attempts by government agencies across the globe, in the past, to access encrypted data hosted and stored by tech companies have met with strong resistance.
In 2019, the U. S., the U. K., and Australia planned to pressure Facebook to create a backdoor into its encrypted messaging apps. The aim was to allow governments to access the contents of private communications according to a report by The Guardian.
Australia, in 2018, passed laws that would force tech companies and service providers to build capabilities allowing law enforcement secret access to messages on platforms like WhatsApp and Facebook.
The legislation, according to government agencies was necessary to prevent “terrorists” and other serious criminals from hiding from the law, according to a report by Al Jazeera.
While cryptographers and cybersecurity experts argue that attempts by law enforcement to weaken encryption with backdoors are ill-advised and could compromise the reliability of the internet, the move by tech companies to use end-to-end encryption to secure more user data seems to be getting stronger.