End-to-end encryption is the technology that keeps messages sent on WhatsApp, iMessage and other secure platforms. It is also becoming a major battleground in deciding the future of the internet.
On one side stands many of the most powerful people in the UK and US governments. On the other is some of the largest technology companies in the world.
And between them is the fight for whether communications over the internet should be able to be read by security services and the police, and whether it is worth weakening the protections that keep the private to do so.
The debate has been revived by senior politicians on either side of the Atlantic. Most recently, new home secretary Priti Patel suggested that encryption on Facebook-owned platforms was hindering investigations by law enforcement.
What are backdoors?
To stretch the not especially good metaphor of their name, it is as if every phone that sends a message is a key, and every phone that receives one is a lock. Messages will only work if those two things match up exactly – and without the two coming together, the key and the lock are entirely meaningless.
A backdoor is another lock, and one that governments can open in every case. Rather than having to ensure the key and door match up in every case, they can simply use that backdoor to circumvent the encryption and read whatever is being passed between the two.
More precisely, and a little more technically, it is a kind of master key. It means that encrypted messages can be intercepted and opened, no matter who they were sent by and meant for.
When an encrypted message is sent, the phone that is doing so scrambles up the message so that it looks meaningless to anyone who would see it. The only way to unscramble that nonsensical message is to use the recipient’s key to put it back together again, which ensures that messages are protected as they are passed between devices.
The backdoor can unlock any message. In doing so it undermines the promise of end-to-end encryption – the message can be read in the middle – but theoretically means that messages could still be kept safe.
Why do people want them?
Supporters of backdoors, who oppose strong encryption, argue that it is unsafe to allow people to send messages completely privately. The government needs a backdoor so that it can monitor people’s conversations, they argue, because those conversations could be used to plan criminal activity or recruit people into it.
Why do others oppose them?
As long as these kind of backdoors have been discussed, technology companies and privacy advocates have opposed them. They argue that it is not only bad to provide a backdoor into encryption but technically impossible – and that there is no way to weaken encryption for the government without weakening encryption for everyone.
Any backdoor that is added can potentially be opened for anyone, they argue. The tools to read messages could quickly fall into the wrong hands, and as a result would make anyone using those chat apps unsafe.
Last year, for instance, a coalition that calls itself “Reform Government Surveillance” – which includes Apple, Facebook, Google, Microsoft and a host of other technology companies – once again dismissed talk of backdoors.
“We have consistently raised concerns about proposals that would undermine encryption of devices and services by requiring so-called ‘exceptional access’ for law enforcement,” it wrote in a statement in May, during one of the previous discussions over backdoors.
“Recent reports have described new proposals to engineer vulnerabilities into devices and services – but they appear to suffer from the same technical and design concerns that security researchers have identified for years. Weakening the security and privacy that encryption helps provide is not the answer.”
But it is not simply technology companies and privacy advocates who argue that weakening encryption is not the approach.
This month, Michael Hayden – who served as director of the National Security Agency as well as in many other senior roles in the US establishment – suggested on Twitter that he too did not think the the security risks of giving governments backdoor access to private communications were worth it.