Tech companies focusing on end-to-end encryption

(MainsGS3:Challenges to internal security through communication networks, role of media and social networking sites in internal security challenges, basics of cyber security; money-laundering and its prevention.)

Context:

• Recently many companies claimed that with end-to-end encryption, user data will be protected even in case data is breached in the cloud.
• However, investigative agencies said end-to-end encryption and user-only access hinder their ability to protect citizens from cyber-attacks, violence against children, and terrorism.

About end-to-end encryption:

• End-to-end encryption (E2EE) is a system of communication where only the communicating users can read the messages.
• End-to-end encryption ensures that user data is protected from unwarranted parties including service providers, cloud storage providers, and companies that handle encrypted data.
• In principle, it prevents potential eavesdroppers – including telecom providers, Internet providers, malicious actors, and even the provider of the communication service – from being able to access the cryptographic keys needed to decrypt the conversation.
• End-to-end encryption is intended to prevent data being read or secretly modified, other than by the true sender and recipient(s).
• The messages are encrypted by the sender but the third party does not have a means to decrypt them, and stores them encrypted.
• The recipients retrieve the encrypted data and decrypt it themselves.
• Because no third parties can decipher the data being communicated or stored, for example, companies that provide end-to-end encryption are unable to hand over texts of their customers' messages to the authorities.

Provider of secure data:

• Apple, on its blog, cited data breach research, “The Rising Threat to Consumer Data in the Cloud”, stating that the total number of data breaches more than tripled between 2013 and 2021.
• The focus on end-to-end encryption seems to stem from the company’s desire to position itself as a provider of secure data storage and transfer services.
• End-to-end encryption is also seen as a technology that secures users’ data from snooping by government agencies, making it a sought-after feature by activists, journalists, and political opponents.

Concerns of government agencies:

• The FBI in a statement expressed displeasure and said while it remains a strong advocate of encryption schemes that give “lawful access by design”, that would enable tech companies “served with a legal order” to decrypt data, it “continues to be deeply concerned with the threat end-to-end and user-only-access encryption pose”.
• Attempts by government agencies across the globe, in the past, to access encrypted data hosted and stored by tech companies have met with strong resistance.
• In 2019, the U. S., the U. K., and Australia planned to pressure Facebook to create a backdoor into its encrypted messaging apps. The aim was to allow governments to access the contents of private communications.

Conclusion:

While cryptographers and cybersecurity experts argue that attempts by law enforcement to weaken encryption with backdoors are ill-advised and could compromise the reliability of the internet, the move by tech companies to use end-to-end encryption to secure more user data seems to be getting stronger.