A leaked document has revealed that the EU is seriously considering the ban of end-to-end encryption on off-the-shelf apps like WhatsApp in order to increase the ease at which security and law enforcement agencies carry out their duties against crime and terrorism.
The document highlights that the possible implementation of such a ban would be accompanied by mechanisms to ensure that as much as possible, the security assurance that the data privacy this encryption guarantees, would still be put in place.
End-to-end encryptions are one of the incentives put in place by service providers like WhatsApp
to ensure that users are comfortable with using the apps because they are guaranteed that not even the service providers — for example, WhatsApp — can see messages being transmitted between them and another party.
The technology, also being used by internet service providers or telecom providers, prevents these companies from eavesdropping and also prevents anyone including these aforementioned providers from gaining access to the cryptographic keys needed to decrypt the conversation.
Hence, in the event of a criminal case, these companies with end-to-end encryption on the products are unable to hand over the messages shared by any customer that can aid the investigation.
Therefore, the European Union’s concerns as indicated in the memo dated November 6, centers around how end-to-end restricts efforts against terrorism and crime and that a coordinated approach between lawmakers, companies, and academia is required to come up with an alternative that serves all parties — effectively banning the use of any security that fully encrypts data at every stage of its transmission despite apparent indications that any such back-channel available to the government can also be hacked by cybercriminals.
However, this is not the first time that a document predicting the ban on end-to-end encryption, would be leaked; earlier documents using the same title, leaked in September and circulated by Statewatch, revealed that the same topic had been discussed in numerous European council meetings since 2016.
Therefore, it signifies that the government is increasingly getting worried about the dynamics of user data and the potential power it gives private entities or users
— private firms can guarantee user absolute data privacy and users can also be confident in the fact that their data can also be absolutely secured via the technology.
Therefore, asides from engaging the potential impact of a ban on end-to-end encryption, it is necessary to look at the whole picture in order to explain underlying worries the government has about such technologies by drawing previously notable examples and indicators.
No Government Likes Being Completely Bypassed
The increasing concern and attention of the government with respect to technology or internet privacy are due to the ever-rising power that data is having; with the continuous adoption of tech-related solutions and platforms, every major aspect of the life of an average person is gradually moving online and the influence of information from the internet, fast becoming a major shaper of the lives of people.
The internet has become a very powerful tool as it basically influences the lifestyle, choices, buying decisions, or convictions of most people consciously or unconsciously.
Hence, as much as the government in any democratic state understands that people should be able to make their choices they are very skeptical when they feel they can’t have a say on the powers that can influence such choices, to put it in a simpler context:
the government doesn’t necessarily want to control you, but if anyone should have the power and potential to control you, then it should be them.
The emergence of the decentralized power of the internet has made it difficult for the government to act as the regulators of power or control in the manner they would like to.
The internet not being totally decentralized is another major concern and motivation for the government as the government is not oblivious of the fact that irrespective of the data privacy mechanisms that are reportedly being put in place, there are still big tech companies that have become monopolies by leveraging on a large network of people’s data and can still increase their ‘data power’ and the recent anti-trust regulations and hearings against the big tech companies in the USA are testaments to the government’s awareness of the hold that these companies can have.
For example, not too long ago, Donald Trump threatened to give an executive order against Twitter after the social media giants censored one of his tweets and more recently, the platform has attached numerous disclaimers to the president tweets after noticing most of his tweets try to indicate or insinuate election fraud in regards to the just-concluded USA presidential election.
Look further to Nigeria, and there is a clamor from seating government officials for there to be a social media regulation bill in the wake of the aftermath of the recent #ENDSARS protest, with many government officials worried that social media platforms like Twitter, have the ability to influence the choices of the young ones ahead of the 2023 presidential election.
Although these examples do not directly refer to the issue of end-to-end encryption, they are extensions of how the government sees the internet and its power especially with regards to the data of its citizens; the internet and technology are making it really difficult for the government to say they have absolute power when it comes to its citizens’ data.
Once again I repeat, not all government would violate the privacy of its citizens, but every government is comfortable with the knowledge that only they can do so
they feel having such ability is a reflection of the power they have and technologies (like end-to-end encryption) that seem to completely bypass them make them look less powerful.
Hence, looking directly at the encryption ban and its human behavioral implication in light of the data influence and power I already explained, one would see that the impact of allowing continuous improvement in technology related to encryption, would only give the ‘individual’ more power.
Firstly, more people will adopt solutions and platforms with more secure encryption and in most cases, these platforms do not have a direct relationship with the government.
Take, for example, the financial services space;
conventional banks have always had direct or indirect relationships with the government and hence, regulations from the CBN have always been implemented with consideration of its impact on these banks.
However, take a more encrypted and decentralized platform like cryptocurrency or Defi, these platforms sell the autonomy and independence they give their users, as one of its core advantages and benefits.
They are attractive to users because they bypass the central financial institutions set up by the government, hence, despite the fact that they are always in line with most basic economical or financial government regulations — for example, there are tax laws affecting Bitcoin — there seems to be this level of detachment from the grasp of the government’s potential control as long as they can keep guaranteeing impeccable user privacy, and the government is not just comfortable with such dynamics.
Another popular example is the iPhone;
the iPhone, besides its attractive brand and product, is a very secure and private phone and its level of encryption remains a selling point as to why a lot of people prefer to use the smartphone.
The truth is encryption is a huge selling point for private tech firms because people love privacy but the best way to make it more attractive, is even when there is a high level of detachment from the grasps of the government.
One would ask himself how the FBI felt when apple refused to unlock the iPhone reportedly useful in a criminal case despite immense pressure from the government and FBI?
Such incapacity is something no government wants to feel with the iPhone being finally unlocked by a more unconventional means as Apple refused to budge on their stance because they knew that breaching the privacy of one user compromises the security they guarantee all their customers.
The reality is, not everyone wants to commit crimes with their data privacy, but they prefer that even if they do, they do not have their data with a platform that can be easily compromised or controlled by the ‘feds’.
People have no problem with their basic data being with the government, but they hate when there is a possibility of the government being able to have more data about them than they would usually want to give.
It should also be noted, that this reservation about data privacy is not just restricted to the government alone, in fact, more and more internet consumers are beginning to worry about data privacy violation from big tech companies.
Hence, most people see data privacy as a power in the modern age (and they are not wrong), and they appreciate tech innovations like high-level encryption that help them secure their data.
However, on the other hand, the government knows that data privacy is power and they want to be in control of that power, or better still they want to make sure they have a say in how that power can be used.
Likely Outcomes for Stakeholders
No one can actually predict the exact outcomes as the European council reportedly looks for ways in which all stakeholders can be winners.
However, one technical fact is that the provision of any backchannel to bypass the end-to-end encryption would definitely make these platforms vulnerable and the question would be as to what extent these vulnerabilities can be reduced.
In the advent of the government having its way, I look at two possible outcomes and their effects on the stakeholders:
1 — Firstly, the government can ask these service providers or tech companies to create a backchannel
A backchannel that can later be called upon in the event of a criminal investigation and this backchannel would be a single channel that can be used by the government just like a password that only the government has access to.
This backchannel would be such that the data privacy of users would still be intact except in cases where the data can be useful for criminal investigations or similar situations and the companies would always be informed before this backchannel can be used by the government.
However, such a scenario weakens the trust that individuals have in these platforms because the knowledge of the government being able to access user’s data when they think they should, might even be scarier to most people than these private companies having these data.
Thus, the faith that people have in companies like WhatsApp would be really affected and thus these companies would be at risk of losing customers.
These platforms and user data are also now vulnerable to cyber-attacks that can compromise any such backchannel, because as already stated, once a loophole in the encryption, it can also be compromised by another party.
In this case, the public would most likely see the government as the ‘enemy’ as they would see such a move as a direct infringement on personal data by the government.
2 — A second but highly unlikely outcome can be the government allowing these service providers have exclusive access to such data when they need to assist the government with a criminal investigation with the government having to provide enough evidence that such data should be released.
However, in this scenario, a service provider can lose most of its customers after just one case of assisting the government with such data because no matter the grounds of such private data sharing, people’s trust in such a platform would be really reduced.
And besides, the government would prefer to take a higher ground of making sure that they are not the one encouraging private companies to have access to people’s data because in this scenario the government is basically making provisions for private firms like WhatsApp to read people’s messages.
In both cases, one sure thing is that people’s trust in service providers would be reduced, and also such a ban on end-to-end encryption regardless of whatsoever mechanisms put in place to ‘cushion the effect’, would still be seen by citizens as a violation of data privacy.
Hence, if the ban is actually implemented, it would only be confirming the fears of many people: that in the digital age, their data is not actually safe
Europe Wants to Ban Mathematics (Encryption) was originally published in Data Driven Investor on Medium, where people are continuing the conversation by highlighting and responding to this story.