End-to-end Encryption (Messaging)

From SI410
Revision as of 18:23, 26 January 2023 by Benproe (Talk | contribs) (Initial draft... general structure creating)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

End-to-End encryption (E2EE) is quickly being adopted by more messaging applications as users become more conscious of how secure their digital communications become. The cryptography of each application works differently, but the concept of E2EE is similar for each application. When two users begin a conversation on an E2EE application, a private/public key combination is generated; when messages are sent, the message is encrypted using the public key on the senders' device [1]. Now the encrypted packet can be sent to the server to be delivered to the recipient; only when the message reaches the recipient with the correct private key can the message be decrypted and read. Most End-to-End encrypted messaging applications claim that “Messages are end-to-end encrypted. No one outside of this chat, not even [messaging service], can read or listen to them, ” each service has a different privacy policy that fundamentally changes the amount of privacy afforded to the users. There is little clarity given to the consumer on how secure their data is after it has reached the recipient and, for example, how each company deals with violations of their terms of service or if there are governmental requests for the information. This article seeks to provide information to potential users about the fine print contained within the privacy policy of the applications that promise to keep our messages and personal data safe.

Signal

Signal messenger was initially released on iOS in 2014 and Android in 2015 by Open Whisper Systems (OWS) after combining their existing technologies of RedPhone and Text Secure . Signal was the first free service to allow users to make end-to-end encrypted calls, something that would have cost ~4¢/minute on the next cheapest service in 2014.

Privacy Policies

From the outset, Open Whisper Systems was committed to keeping its users' information private and secure. The service was designed so that OWS could only see when a users’ account had been created, the phone number linked to the account, and when they had last connected to the Signal Servers . Signal can offer privacy that other end-to-end encrypted messaging platforms cannot because it is built as an open-source project; collectively built by developers who are concerned about their privacy and will look for bugs and loopholes that are present within the service.

Governmental Pressures

OWS stood firm on their core values, and in October of 2016 when they received their first subpoena for data on one of their users . The Federal Bureau of Investigation subpoenaed Signal for the records of two individuals who were using Signal as their main form of communication to run a crime ring. Signal did comply with the demand for information, but they were very limited in the information that they were able to provide. Signal only collects data on

  1. The phone number used to create the account,
  2. The time that the account was created and,
  3. The last time that the account was connected to the Signal Servers
    1. [1], IBM. (2022). What is encryption? Data Encryption defined. IBM. Retrieved January 24, 2023.
    Retrieved from "http://si410wiki.sites.uofmhosting.net/index.php?title=End-to-end_Encryption_(Messaging)&oldid=112343"