Everyday services such as Messenger are now as well protected as only sensitive documents used to be. This helps both private individuals and companies. However, it also helps criminals and terrorists. How should we deal with this dichotomy? This is an ongoing debate that we would like to explain here.
The same encryption that US authorities use for "secret" and "top secret" documents can now be found on computers and smartphones. It is activated with one click, and sometimes it is even standard. Messenger services such as "Signal" or "Threema", which are available to everyone, offer protection that is also good enough for whistleblower Edward Snowden. In short, we can all protect our communications to a degree that was previously only possible for public authorities or larger companies.
The good thing about it: it ensures safety - completely automatically and on a daily basis. No special knowledge is required. And that's a good thing: after all, data protection is more important than ever. Encrypted communication and data are a defensive measure against cyber attacks. They therefore need other gateways.
The bad thing about this is that it also helps criminals and terrorists. Because even if authorities get a provider like Signal to hand over information, the result is virtually worthless. As the conversations are end-to-end encrypted, even Signal itself cannot read them. Or authorities seize a smartphone from a suspect but cannot search it because it is both locked and encrypted. US Senator Tom Cotton, for example, has stated that technology companies and their services have become a "lawless playground for criminal activity".
Accordingly, there are repeated calls to build "back doors" into services and encryption for such purposes. The idea is that for law enforcement purposes, authorized institutions can request access to the otherwise secure information. Manufacturers and providers would therefore have to find a way to bypass the encryption on request.
However, data protectionists, IT experts and even intelligence services are often strictly opposed to this. A key argument is that it is foreseeable that such a backdoor would sooner or later also be exploited by criminals or foreign intelligence services. This would render the encryption itself obsolete and ineffective.
"Installing backdoors in encrypted apps is like giving law enforcement authorities a key to every citizen's house," wrote several software providers in an appeal to EU politicians. No compromise is possible when it comes to encryption: "Data is either encrypted or not."
And the Swiss software manufacturer totemo ag explained in a press release:
"Exceptional state access would fundamentally weaken encryption and the protection of privacy, as attackers - such as hackers, secret services or authoritarian states - would now only have to start at one central point to obtain the keys."
At the same time, terrorists and criminals would simply switch to other tools. "In many cases, open source projects do not have an official headquarters and therefore cannot be forced to cooperate like companies and corporations.
In other words, such backdoors would primarily weaken data security for citizens, companies and other organizations. "They create a world in which criminals have a higher level of security than law-abiding citizens," explained Riana Pfefferkorn, an expert in surveillance and cybersecurity at the Stanford Center for Internet and Society.
And this is precisely the problem that intelligence services, for example, see: If encryption is weakened, this also affects their own communications. The former General Counsel of the FBI, Jim Baker, writes in an essay:
"It's time for government agencies - including law enforcement - to embrace encryption because it is one of the few mechanisms the U.S. and its allies can use to more effectively protect themselves from existential cybersecurity threats, particularly from China."
Similar sentiments can be heard from Europe. The German Federal Commissioner for Data Protection, Ulrich Kelber, sees a "culture of fundamental encryption" as an important goal. He is in favor of establishing a "right to encryption".
In addition, the security of services and devices is already not as insurmountable as is sometimes discussed. A study by John Hopkins University, for example, found that much of the data on an iPhone is permanently decrypted after it is switched on and unlocked for the first time. Locking the device therefore makes direct access more difficult, but does not always reactivate the encryption everywhere.
In addition, the report explains that Apple makes no clear statements about the form in which "iCloud" backups are secured. One of the authors of the study, Matthew Green, told Wired magazine: "So why do we need a backdoor for law enforcement if the protection these devices actually provide is so poor?"
In addition, there have already been cases in which criminals have been caught using "secure" applications and devices. Malware is often used here that intercepts keystrokes or data traffic directly on the device, for example. However, this approach leads to a further debate, as security vulnerabilities that have not been made public are often exploited - which in turn enables other attacks.
The pros and cons of generally available, secure encryption is ultimately not a topic that can be explained in a few short sentences. As is so often the case, the reality is complicated. Law enforcement agencies naturally have good reasons why they need access to communications and data. At the same time, a compromise or balance does not seem possible, according to many experts. According to them, encryption is either secure or it is not.