The Encrypted Messaging Dilemma: Balancing Censorship and Freedom

Published at: July 11, 2020

Encrypted messaging services have always presented a tough challenge for government agencies all over the world. On one hand, they allow for freedom of speech, but on the other, they enable miscreants and bad actors to facilitate nefarious deeds. In this regard, on July 2, European law enforcement authorities arrested over 800 individuals that were allegedly partaking in shady activities through the use of an encrypted chat service called EncroChat. 

The messaging platform has servers based out of France and claims to provide users with “worry-free secure communications.” According to the BBC, EncroChat has a customer base of more than 60,000 people, more than 10,000 of whom are based in Britain. Immediately after the incident came to light, EncroChat’s official website and messaging service were put on temporary hold. To gain a better overview of the matter, Cointelegraph reached out to Tim Mackey, principal security strategist for design automation company Synopsys, who said:

“Authorities likely balanced the future value associated with identifying additional criminals against the already identified criminal activity. In effect, they may have determined that stopping a specific impending crime outweighed any potential returns from keeping EncroChat operational.”

A similar outlook is also shared by Brian Kerr, CEO at Kava, a multi-chain DeFi Lending platform, who said that the government was right in accessing Encrochat’s servers to put an end to the criminal activities happening on the network.

Encryption still on the menu?

As issues related to data leakages — especially those in regard to various mainstream messaging services (such as Whatsapp, TrueDialog and Telegram) — continue to surface on a regular basis, many experts believe that it is worth exploring the subject of whether or not most encryption platforms today lay enough importance on privacy and customer security. 

On the subject, John Jefferies, Chief Financial Analyst of CipherTrace, a crypto forensics firm, told Cointelegraph that customer privacy should always be taken into prime consideration by platform developers of such end-to-end encryption messengers. He further emphasized the point by saying that it was especially important to focus on privacy during times like these (i.e., the COVID-19 pandemic), where increased usage of digital platforms could lead to more instances of hacks, privacy invasions and data leaks. Jefferies further added:

“Encrypted communication is nuanced so platforms must ensure they have effective implementation of SSL with certificates issued from a known root of trust utilizing strong cipher suites. To further improve security, multi-factor authentication should be available for users joining conferences and the system should double-check users on unknown devices.“

Similarly, Jonathan Zerah, head of marketing for Status Network, an encrypted messenger, told Cointelegraph that despite there being many “so-called privacy and security-oriented” communication tools available in the market today, most of the security features being offered were built atop protocols that place a large amount of ownership and responsibility on centralized companies.

He further added that more often than not, these centralized communication tools employ a client-server model to transport and route messages throughout the world as well as require users to input their phone numbers or email addresses to set up and create an account — sensitive data that most firms usually store and manage using lax security protocols. Zerah added: “This places a massive responsibility on the companies managing these platforms to protect that data and the servers that store it.”

Lastly, to mitigate privacy issues related to popular messaging apps, experts like Zerah agree that it is time to establish newer safety protocols that return ownership of data to the individual, remove centralized chokepoints and attack vectors seamlessly.

Governments purging encryption-based tech?

Recently, a bill was introduced into the United States Senate that effectively seeks to put an end to using end-to-end encryption in messaging services. A similar issue was also raised in the ministerial meeting of the nations that make up the “Five Eyes” intelligence community comprising Australia, Canada, New Zealand, the United Kingdom and the United States. These developments seem to suggest that law enforcement agencies all over the world are making a concerted effort to eliminate encryption-based privacy technologies.

In Mackey’s view, due to the growing number of data breaches in the world today, there is a steady increase in the volume of data protection legislation being set into motion. These legislative efforts aim to limit the range of data that businesses can collect while increasing the security of any sensitive information that businesses process and retain. 

However, even though it may be appealing for governments to attempt to limit the use of encryption technologies under the auspices reducing criminal activity, the situation around EncroChat clearly shows that criminal groups can easily create their own workarounds if the need arises. In this regard, the recently tabled Lawful Access to Encrypted Data Act — which would require companies to implement ways to decrypt data upon court order — could become a viable way through which a fine balance between regulation and encryption could be established.

That being said, Chris Hauk, a consumer privacy advocate as well as author for Pixel Privacy, an online privacy and security blog, believes that no government agency should ever have the legal right to outlaw encrypted messaging platforms. Furthermore, he believes that providing any sort of backdoor access to law enforcement agencies could end up opening new avenues for bad actors to exploit, thus defeating the primary goal of any encrypted messaging platform.

Collaboration between governments and service providers possible?

While the idea of encryption service providers and government agencies coming to a common consensus on handling privacy-related matters sounds like a perfect outcome on paper, in actuality, such a vision seems far-fetched because any review of “harmful content,” by default, requires platform operators themselves to have direct access to their customer information. 

Moreover, once such a backdoor is opened, there will be nothing stopping governments from having the ability to go through everyone’s personal correspondence under the guise of public safety — something that has already been suggested by whistleblower Edward Snowden and his team. Leaks in recent years have showcased how governments all over the world, particularly the United States, have been proactively working with tech companies to harvest data in a totally indiscriminate manner.

It’s also worth mentioning that implementing a blanket ban on end-to-end encryption isn’t really possible. While certain legal roadblocks can definitely be deployed, if developers continue to use and devise apps using the technology, there’s not much that anyone can really do. Thus, in essence, government agencies should try and come to an agreement with businesses running such services in order to curb illegal activities on their platforms.

Lastly, providing his point of view on this situation, Chris Howell, co-founder and chief technology officer of Wickr, a messenger with end-to-end encryption, told Cointelegraph that any encryption service can be used for good or bad. 

Although it is disappointing every time that criminals exploit privacy-oriented messengers for their personal gains, he does believe the answer is not to ban such services or destroy encryption, privacy and security for everyone through the use of backdoor gateways. He said, “Our ability to protect data and intellectual property from these same bad actors via strong encryption, solid security products, etc. does far more good for mankind than harm,” adding that: 

“I think when a service has privacy and security issues, its legitimate users suffer far more than its bad actors. Of course, no legitimate service wishes to be a haven for bad actors. Most of us expend significant resources honoring law enforcement information requests and believe it is our responsibility to do so. But the reason we build things is for customers and their needs, and I’m not hearing a lot of them ask us to weaken our security so that bad actors might suffer.”

Tags
Related Posts
The global corporate tax rate: Crypto savior or killer?
At a meeting in London earlier this month, the finance ministers from the G7 — the United States, Japan, Britain, Germany, France, Italy and Canada — unanimously agreed to begin creating the framework for a global corporate tax rate. The framework laid out a “two pillar” principle. The first pillar ensures that companies that make a 10% profit margin would be subject to the tax rate. The second pillar ensures that countries will charge a 15% minimum tax rate. Under all of this, the new rules will focus on where the profit was made and not where the company is …
Regulation / June 10, 2021
Expect even more oversight of crypto from regulators, says eToro
Crypto-friendly trading platform eToro is expecting regulators to ratchet up their oversight of the crypto industry, given the increasingly high levels of participation by retail traders and smaller investors. In comments for the Financial Times, eToro CEO Yoni Assia said: “We are seeing a significant increase in the interest of retail investors and traders in the crypto market. As a part of that growth we should expect also regulators to carefully look at this growing business of retail investors in the crypto markets.” At the start of this year, eToro had itself struggled to keep up with “unprecedented” demand from …
Regulation / June 29, 2021
More than half of all crypto exchanges have weak or no ID verification
More than half of all exchanges worldwide have weak KYC identification protocols — with exchanges in Europe, the U.S. and U.K. among the worst offenders, according to a new study by blockchain analysis firm CipherTrace CipherTrace analyzed more than 800 decentralized, centralized, and automated market maker exchanges and found 56% of them did not follow KYC guidelines at all despite anti-money laundering (AML) regulations. The highest number of such exchanges are in Europe — a region renowned for stricter regulations. However, 60% of European Virtual Asset Service Providers have deficient KYC practices. The U.S. U.K and Russia are the three …
Regulation / Oct. 2, 2020
World governments agree on importance of crypto regulation at G7 meeting
Digital-asset regulation has been a hot topic in 2020 and shows no signs of cooling. A recent G7 meeting concluded that the sector faces an ongoing need for regulation. In addition to talking about COVID-19 and economic issues, the group “also discussed ongoing responses to the evolving landscape of crypto assets and other digital assets and national authorities’ work to prevent their use for malign purposes and illicit activities,” according to a public statement from the United States Department of the Treasury on Monday: “There is strong support across the G7 on the need to regulate digital currencies. Ministers and …
Regulation / Dec. 7, 2020
Coinbase Takes on Cryptocurrency Gift Cards With Limited Rollout
Major U.S. cryptocurrency wallet and exchange Coinbase has entered the crypto gift card market, allowing customers in certain countries to exchange coins for brand e-certificates, according to their July 25 blog post. In the post, Coinbase confirmed the new option was made possible through a partnership with UK-based startup WeGift, and will effectively allow cryptocurrency holders to pay for goods and services through brands such as Nike, Tesco, Uber, Google Play, Ticketmaster, and Zalando: “Starting today, Coinbase customers in the EU and Australia are able to instantly spend their cryptocurrency balances on e-gift cards, making us the first trading platform …
Adoption / July 25, 2018