Messaging apps have a become a daily part of, their use is widespread globally and is completely integrated into the average person’s every-day form of communication. As of December 2017, one of the popular messaging apps, ‘What’s App’ announced that it had over 1.5 billion monthly active users.1
Most messaging apps use encryption (such as protocols like SSL) to protect their users from those who try to get unauthorised access over the Internet, but owners of these apps have access to the contents of their user’s messages unless end-to-end encryption is used. Some messaging apps such as ‘What’s App’ already have end-to-end encryption as a feature included by default and there is a growing movement towards following their lead by making this a required standard on all messaging apps. The push for data protection and privacy is a needed due to the rise of identity theft and blackmail however there a those who argue against end-to-end encryption citing that it hinders law enforcement and that it kills lesser messaging apps who don’t have the means to conform to this proposed standard. This essay examines the reasons that end-to-end encryption must be built into and enabled by default on all messaging apps and considers the various arguments against its inclusion.
Using end-to-end encryption protects the privacy and information of users from exploitation. Most messaging apps operate as client-server-client where the information is sent to the server and then is forwarded onto the intended recipient. This means messages are in some cases stored on the servers and it’s up to the app’s owners to choose whether to remove them or keep them stored.2 With end-to-end encryption, information is encrypted by the source with a key that is only known to their device and is then sent to the destination where they decrypt it with a matching key that is only known to them.3 There have been numerous cases with the rise of cybercrimes where users are subject to having their information stolen which is then used to blackmail and steal their identities.4 Numerous celebrities have had personal information stolen and then leaked to the media. Law suits have been filed against these companies and they’ve been sued for millions for these security violations. The addition of end-to-end encryption as a form of security means that if the information is intercepted, it cannot be used for anything as the interceptor would require the necessary keys to decrypt. It would protect these companies from being sued as they wouldn’t even have access to these files, as they would be encrypted.
End-to-end encryption also protects innocent people from law enforcement and government agencies. Law enforcement can request the information that are stored on the messaging app’s servers in interception operations at any time for any reason. Errors occur during these operations and this has led to cases where the information has been used to wrongly detain and convict innocent people.5 Messages are toneless medium, “Cardinal Richelieu promised to be able to hang most honest men with just ‘six lines’ written by their hand”5 With the number of messages, emails and websites users visit daily, it is enough to make anyone look like a criminal.5 Like law enforcement, government bodies can also request user information and many of the same issues apply however if the government is corrupt and has rigorous laws against free speech; people can be arrested and even, killed based on their opinions.6 End-to-end encryption would protect innocent people from this, as their messages couldn’t be read by anyone except themselves and who they were sending the messages to.
The use of end-to-end encryption allows users to be sure of who they are communicating with. With messaging apps people can spoof the user identity and emails of friends and families of users and trick them into giving private information such as bank account details and passwords. These people prey upon the user’s empathy and their computer illiteracy. Users have been tricked into sending funds to who they believe are their friends who are in need.7 8 With end-to-end encryption, users exchange with each other a key that is known only to them to confirm one another’s identity. In the case of ‘What’s App’, users share with each other a QR code or a 60-digit number and once the keys are confirmed, a green mark will appear on their names.9 End-to-end encryption would solve the issue of people being scammed because they would be completely sure that who they were talking with, is who they say they are.
Those who advocate against the use of end-to-end encryption as it can be a hinderance to law enforcement’s ability to track those who commit crimes and are a risk to national security. They argue that since the messages can’t be read, criminals will use those messaging apps to communicate freely with another without fear of being caught. They can plan out their crimes without any consequences.10 This is untrue, while the messages are encrypted, that is the only thing encrypted. Everything else that can be used to identify the users will be still readily available. Law enforcement can build up connections between those who are suspects through who they are communicating with, what social media accounts they use, what their browsing history is, their chat habits and more.11 All of this builds a perfect picture of whether the user is a suspect or not. While they are unable to see exactly what is being said, enough evidence can be gathered. Also, they can’t take people at their word because people often lie or missay things. As it won’t hinder their ability too much, is it worth giving up user privacy and risk accusing innocent people of crimes based on their words? As suspected criminals can still be tracked, user privacy matters more and as such end-to-end encryption should be implemented.
The enforcement of end-to-end security will hinder smaller messaging app companies as they don’t have the means to produce robust encryption. Encryption at a most basic level means that information is unreadable without a key that enables you to decrypt the content.12 Protecting information at this level is of course, not easy. The algorithms involved to encrypt and decrypt the information have become more complex as the years pass due to computers becoming faster and able to perform more calculations per minute. With all information exchange there is some form of encryption involved, when being stored on the servers, it needs to be encrypted and then decrypted when its sent to the recipient’s devices.12 But with the freely available information provided by the internet, it’s not too difficult to learn and keep up to date with the latest encryption technologies. Using end-to-end encryption removes the middle man and therefore uses less encryption and decryption algorithms. This makes it easier for all companies involved including smaller apps. It also saves them from data leaks and privacy concerns if the company can see the information that is being transmitted. It will reduce the expense they have to pay for data storage as the file sizes of information such as photos and video being sent with messages is going to increase.13 End-to-end encryption helps smaller messaging apps by reducing costs and helps protect them from security and privacy risks.
To conclude, end-to-end encryption protects the privacy and data of users by encrypting the information to be only seen between the sender and the recipient. The use of it protects users from law enforcement and government agencies as they don’t have access the information and as such cannot use the user’s words against them. Law enforcement can still track criminals through other means such as who they are talking with and chat frequency. End-to-end encryption allows users to be sure of who they are exchanging information with and protects users from those who would prey upon them. Though smaller messaging apps will need to rise to the standards proposed, they will still be able to meet the demands and remain a viable alternative. In fact, using end-to-end encryption will protect them from law suits and make their jobs easier because there will be less information to encrypt, store and then decrypt. It also saves on the cost of data storage which is an increasing expense for most companies. End-to-end encryption is necessary based on the evidence and should be built into messaging apps by default to protect user’s data and privacy.
- Number of monthly active WhatsApp users worldwide from April 2013 to December 2017 (in millions) [Internet]. Statista. 2018 [cited 10 August 2018]. Available from: https://www.statista.com/statistics/260819/number-of-monthly-active-whatsapp-users/
- Is Your Messaging App Encrypted? [Internet]. Recode. 2018 [cited 10 August 2018]. Available from: https://www.recode.net/2015/12/21/11621610/is-your-messaging-app-encrypted
- What is end-to-end encryption and why does it matter? – Nextcloud [Internet]. Nextcloud. 2018 [cited 10 August 2018]. Available from: https://nextcloud.com/blog/what-is-end-to-end-encryption-and-why-does-it-matter/
- 770,000 Australians fall victim to identity theft [Internet]. ABC News. 2018 [cited 10 August 2018]. Available from: http://www.abc.net.au/news/2015-04-14/identity-theft-hits-australians-veda/6390570
- Viner K. How technology disrupted the truth | Katharine Viner [Internet]. the Guardian. 2018 [cited 10 August 2018]. Available from: https://www.theguardian.com/media/2016/jul/12/how-technology-disrupted-the-truth
- News I. How a WhatsApp message can get you arrested – Times of India [Internet]. The Times of India. 2018 [cited 10 August 2018]. Available from: https://timesofindia.indiatimes.com/india/how-a-whatsapp-message-can-get-you-arrested/articleshow/61718967.cms
- Beware of Scams Using Fake Facebook Profiles [Internet]. Heimdal Security Blog. 2018 [cited 10 August 2018]. Available from: https://heimdalsecurity.com/blog/fake-facebook-scams/
- “Grandparent scam” explained: What you need to know [Internet]. Cbsnews.com. 2018 [cited 10 August 2018]. Available from: https://www.cbsnews.com/news/grandparent-scam-explained-by-former-scammer-what-you-need-to-know/
- WhatsApp FAQ – End-to-end encryption [Internet]. WhatsApp.com. 2018 [cited 10 August 2018]. Available from: https://faq.whatsapp.com/en/android/28030015/
- The Pros and Cons of Encryption – [Internet]. Naturalnetworks.com. 2018 [cited 10 August 2018]. Available from: http://www.naturalnetworks.com/the-pros-and-cons-of-encryption
- Encryption, Encryption and Encryption – Decentralize Today [Internet]. Decentralize Today. 2018 [cited 10 August 2018]. Available from: https://decentralize.today/encryption-encryption-and-encryption-91390dead6d2
- Alston A. The ‘Secrets’ of Robust Encryption [Internet]. Infosecurity Magazine. 2018 [cited 10 August 2018]. Available from: https://www.infosecurity-magazine.com/opinions/the-secrets-of-robust-encryption/
- Lamberth K. The Cost of Data Storage Can Swallow Your Enterprise IT Budget [Internet]. Paranet.com. 2018 [cited 10 August 2018]. Available from: http://www.paranet.com/blog/bid/157237/The-Cost-of-Data-Storage-Can-Swallow-Your-Enterprise-IT-Budget