End to End Encryption or E2EE is a communication system in which only the users that are communicating can read the messages sent.
This is used for most ‘Direct Messages’ or ‘DMs’.
E2EE is there to prevent data breaches and ensure that there are no changes made to the data by anyone other than the sender and recipient.
The messages are encrypted by the true sender; however, third parties are unable to decrypt the messages, and they are also stored encrypted.
As the messages are still encrypted when they are stored, only the sender and recipient know the contents of the messages.
This means that companies who provide E2EE services cannot share these messages with other customers, or with the authorities.
Earlier this year, the Information Commissioner’s Office in the UK, said that those opposing E2EE were misinformed and the debate on the matter was unbalanced as E2EE “Helped keep children safe online”.
Other messaging systems like emails, pass their messages to a ‘middleman’ and have a third party store the emails, the recipient will then retrieve the message from there.
Some of these messages are encrypted but only while being sent, meaning, they are accessible to the company providing the service.
This allows third parties to scan for potentially illegal content, or content deemed as ‘unacceptable’.
As an example, the police could gain access to the messages if there was suspicious activity being flagged.
On the other hand, if they have access, other third parties could use the information maliciously.
E2EE doesn’t guarantee security on its own, data could be stored unencrypted on the user’s device.
Nowadays, most server-based communications systems don’t have E2EE, which means that the systems can guarantee the protection of communications only between clients and servers.
E2EE is labelled as safer as it minimises the number of other parties who may be able to break the encryption.
E2EE doesn’t address risks at communications endpoints.
A user’s device can still be attacked to steal their cryptographic key (this is used for Man in the Middle attacks) or to read the recipient’s decrypted messages, not just from message logs but in real-time as well.
In 2015 and 2019, the FBI asked for a backdoor entrance to Apple’s iOS software.
Apple denied the request saying that they were concerned a backdoor would pose a risk to their customer’s privacy.
If you need help or advice on cyber security for your business, contact our team of experts.
Itek provides IT solutions for your entire IT infrastructure. Your business can experience a cost-effective service at a predictable fixed rate, removing the burden from you and your team and freeing you to focus on your goals.