August 17, 2023
A typical smartphone user may receive hundreds of SMS messages each week. Social media services keep their users engaged by pushing dozens more direct messages every day. Globally, some messaging applications like WhatsApp handle more than 100 billion messages daily.
But are these messages private?
That’s where end-to-end encryption comes in. In practice, it ensures that only two parties – a sender and a receiver – can access the data. And, as data is transferred, it cannot be read or tampered with by an Internet Service Provider (ISP), application service provider, hacker or any other entity or service.
Many companies and platforms are now touting end-to-end (E2E) encryption as a core safety and privacy feature. And it’s not just for messaging and social media. Many online shopping sites use E2E to keep payment data secure.
But consumers are often unfamiliar with what E2E encryption does, and how it can protect ordinary people. So we’ve compiled some frequently asked questions about this privacy technology.
- Who uses E2E?
“End-to-end encryption is generally agreed upon as being a useful technology for protecting the data of businesses and consumers,” said IEEE Senior Member Kayne McGladrey. “Online shopping, for example, would not be as popular or feasible if a consumer’s payment information could easily be intercepted. Similarly, private video calls over the internet by senior executives or government officials would be far too risky if anyone could watch.”
- Is E2E encryption universal?
Some messaging services and social media applications don’t use E2E encryption. And while some messaging services enable it automatically, others require users to enable encryption manually, which has gotten easier over the past few years, but is still a roadblock. As writers in a new edition of IEEE Security and Privacy magazine put it “every step required by a security mechanism reduces the number of users willing to use it.”
Users should review the terms of service of their messaging app or social media accounts to understand what level of privacy protection the service offers.
- What’s behind the rise of E2E encryption?
Until a few years ago, it was possible to encrypt messages, but it was too difficult for average consumers. One study found that these older forms of encryption suffered from usability problems, and that the majority of users made catastrophic errors when using them.
“In simple terms, E2E encryption involves the use of public-key encryption, where both the sender and recipient generate a pair of encryption keys composed of a public key and a private key,” McGladrey said. “While this process used to be technically difficult and time-consuming, technological advancements in the past 20 years have made it imperceptible to end users.”
- Does E2E encryption protect everything?
“It is important to note that while end-to-end encryption secures the content of communications, it does not protect other metadata, such as sender and recipient information or message timestamps,” said IEEE Senior Member Kevin Curran.
That means that, while it may not be possible for prying eyes to know what two people talked about, it is possible to know that two people communicated, and judging by the frequency of communications, it might also be possible to infer that the communication was important.
- Are there any pitfalls to using E2E?
“One crucial element is that the keys typically only exist on the devices,” McGladrey said. “While this means that threat actors, service providers or government entities cannot read the encrypted data, it also means that losing the device with the key will functionally make the data inaccessible to one of the parties involved.”
- Is E2E encryption different from other forms of encryption?
“End-to-end encryption is different from other forms of encryption such as TLS (Transport Layer Security) and SSL (Secure Sockets Layer). They serve different purposes and operate at different layers of communication. End-to-end encryption focuses on securing the content of the communication itself, while TLS and SSL secure the communication channel between a client and a server,” said Raul Colcher, IEEE Life Senior Member.
- What is the state of E2E encryption and what does the future hold for it?
“End-to-end encryption can pose challenges for law enforcement agencies in investigating criminal activities. Balancing privacy and security with lawful access requirements remains an ongoing debate in the context of end-to-end encryption. However, end-to-end encryption is a powerful technique for protecting consumer data, ensuring confidentiality, privacy and data integrity throughout the communication process,” Curran said. “Governments and regulatory bodies will continue to shape the future of end-to-end encryption through policy decisions and legal frameworks. Balancing privacy rights, lawful access and public safety considerations will be key in shaping the regulatory landscape.”
Learn more: We’ve all been using video conferencing a lot more since the pandemic. But is your connection secure and private? A recent article in IEEE Access explores that question.