FAQ

What is End-to-End Encryption?

We discuss what end-to-end encryption is, how it works and what it means to you, the user.

We often hear the term end-to-end encryption (often abbreviated to E2EE), especially in relation to the on-going debate about a government’s capacity of being able to spy on people for reasons of national security. But what does it really mean?

End-to-end encryption is a method used to encrypt messages sent between recipients whereby only the people involved in a chat can decrypt and read the messages. As such, only the sender and recipient can read chat messages and no one else, not even the platform on which the messages are sent.


Sponsored Content. Continued below...




This can be achieved by using both a public and private key that are assigned to every user in a chat. When user A sends a message to user B, the messages are encrypted with user B’s public key to, and that message can only be decrypted with user B’s private key, which is stored on user B’s device, and nowhere else.

End-to-end encryption is considered extremely both secure and private because it prevents attacks such as eavesdropping (i.e. “man-in-the-middle attacks”) since data sent between two devices is encrypted and the decryption key is stored only on the recipient’s device. It also prevents messages being seen by whoever operates the messaging platform (for example through a data breach or through legal instruments such as subpoenas) since even the messaging platform do not have the private key needed to decrypt messages.

WhatsApp, for example, use end-to-end encryption.


Sponsored Content. Continued below...




The only way to read messages that use end-to-end encryption is to be in logged into the accounts involved in a chat. For WhatsApp, this means in possession of the sender or recipient’s device and past the unlock screen.

End-to-end encryption has been a subject of controversy in national security focussed debates since governments and law enforcement argue that offering people a way to communicate so privately that even the platform operators cannot access messages that are exchanged is likely to provide a refuge for criminals.

Technology companies, on the other hand, argue that the right to absolute privacy is a human right, and building “back-doors” into their encryption undermines that human right and would inevitably run the risk of being exploited by criminals.

It’s likely that more and more companies will adopt E2EE as time goes on, but as it stands most do not. E2EE is most popularly available on WhatsApp, Signal and PreVail. Services that do not offer E2EE includes traditional SMS messaging, Instagram and Twitter. Facebook Messenger has a limited “Secret Conversations” mode, but by default chat messages are not protected with E2EE.

If chats are not protected by E2EE they can potentially be leaked online in data breaches, computer intrusions and possibly handed over to authorities if the messaging platform is legally compelled to do so.

Share
Published by
Craig Haley