Privacy and data protection advocates never tire of emphasizing that end-to-end encryption makes a significant contribution to a secure Internet. Law enforcement authorities see it differently: They think criminals can be better prosecuted if the encryption can be overridden or at least circumvented. In today’s blog post, we show the different points of view.
Backdoor – Right or Wrong?
The backdoor can be translated as “backdoor” – and that shows what law enforcement agencies are after when they demand backdoors: programs should be given alternative access methods, and conventional security mechanisms, such as end-to-end encryption, should be circumvented. Authorities such as the BKA repeatedly emphasize how vital access to encrypted communication is in the fight against criminal offenses in general and child pornography and terrorism in particular.
The terms “backdoor” and “trojan” are often used in the same breath, but they differ in their function. A Trojan is a program often disguised as a helpful tool but performs other functions. Cybercriminals often use Trojans to install a backdoor in the first place. Therefore, the Trojan is the tool for attackers who want to gain unauthorized access. The backdoor itself enables alternative access to the system.
End-To-End Encryption – Arguments From Data Protectionists
Data protectionists reply to those demanding backdoors that weakening the end-to-end encryption through a backdoor would no longer protect users but endanger them. If messages are not encrypted, they are transmitted in plain text and can be read by anyone – not just investigators. This means that criminals or foreign intelligence services could also exploit backdoors.
Advocates of encryption see both human rights and democratic values at risk. A surveillance state could emerge from the softening of end-to-end encryption, for which access to public communications could become a matter of course. One thing is clear for data protection officers: It is entirely pointless to create weaknesses in the currently secure transmission that both authorities and criminals could exploit.
Lots of Ideas For Decryption
Accepting the arguments of data protection advocates and privacy experts, authorities want to bypass end-to-end encryption without breaking the security that encryption brings. To do this, you rely on various ideas:
The Apple group has been arguing with the FBI for years: the law enforcement agency wants to access encrypted communication to put a stop to criminals. However, Apple claims that backdoors have no place in end-to-end encryption. You can read the full story behind the dispute between Apple and the FBI in this post.
PhotoDNA With Inconsistent Encryption
The remarkable thing about end-to-end encryption is that only the sender and the recipient can read the content of the communication. This is also referred to as end-to-end encryption. In the case of non-encrypted contact, on the other hand, there are various options for decrypting – one of them is PhotoDNA, developed by Microsoft in 2009. This is already being used by Facebook, Twitter, Google, and Microsoft.
With this tool, photos or videos are converted into a unique hash value, i.e., into a checksum. This checksum is compared in the database in which known media with criminal offenses such as child pornography are stored. The messages are checked manually or forwarded directly to the responsible authority when the system responds.
As mentioned, the PhotoDNA method only works if the encryption is not consistent. With end-to-end encryption, only cryptic data salad runs through the servers. Experts are now thinking that the checksum and comparison process could affect the sender’s end device before end-to-end encryption, but this is not particularly practical. A hybrid variant would also be conceivable: the hashes could be created entirely or partially on the sender’s smartphone. The checksum is then compared on high-performance servers or in the cloud. A comparison on several servers from different operators would also be conceivable – there would then be no central points of attack.
Upload Filter Against End-To-End Encryption
Another way to circumvent the end-to-end encryption is so-called upload filters – they work similarly to the PhotoDNA method from Microsoft. Both variants aim to recognize content using comparison databases automatically. Upload filters work as follows: content should be analyzed by the messenger either before end-to-end encryption or after decryption by the recipient on the respective end device. The resulting fingerprint is to be compared with the database. This comparison can take place locally on the device or provider servers or servers of third parties.
If there are matches between the fingerprint and the database, the actual end-to-end encrypted communication should be forwarded either to the provider or directly to the government agency. This means that content no longer stays with both ends – the sender and the recipient. Depending on the result of the automated analysis, they also end up with third parties. The bottom line is that one can also speak of a backdoor here.
The End of End-to-End Encryption?
In addition, there is the imponderability of automation using artificial intelligence (AI): Experts expect high false-positive or false-negative rates when recognizing the content. An example of matching using the PhotoDNA method clarifies: what if the criminals change just one pixel in an image? The hash value varies immediately so that recognition by the database fails. The papers repeatedly suggest detection of suspicious content by AI,
In the encrypted room, not only child pornographic and thus, of course, highly illegal and despicable content is exchanged. There are also journalists in this room who report from countries that are not democratic – and they can only do this because of the end-to-end encryption. It also contains countless private communications from ordinary people. That would mean: Critics in dictatorships would no longer have a chance to communicate, activists would no longer be able to network, sensitive data could no longer be exchanged securely. End-to-end encryption would be nothing less than the nail in the coffin for accessible communication.