Rabbit_1990 - Adobe Stock
Why we need a secure side door for encrypted apps, not a back door
Splitting a decryption key into multiple fragments held by 'guardians', including privacy rights group, may be an answer to policing encrypted messages
There has been a significant uptick in interest in e2e encryption as the UK Government tries to establish "back doors" for messaging apps through the controversial Online Safety Bill. Now at the committee stage in the House of Lords, it remains to be seen what the outcome will be. What is certain is that the legislation has stoked the fire that is the privacy versus protection debate.
If the bill is passed, messaging platforms, such as WhatsApp and others, must access messages and decide whether their users’ speech is legal — or not. According to the international human rights organisation, Article 19, the move is deeply problematic as “only independent judicial authorities should be given the power to make such a determination”.
Platforms aren't happy either — WhatsApp, Session, Signal, Element, Threema, Viber and Wire have all signed a letter asking ministers to "urgently rethink" the proposed law. Critics say the bill could undermine end-to-end encryption — the privacy technology these companies provide.
Meanwhile, Tory MP Sajid Javid has labelled end-to-end encrypted online chats a "digital playground for paedophiles" — incendiary language indeed, yet not without elements of truth. The Government has long argued that end-to-end encryption, leveraged by messaging platforms makes it extremely difficult for the police and tech firms to monitor communications, detect child grooming and intercept child abuse imagery. It also makes it easier for terrorist organisations to operate undetected.
In 2014, my firm developed the world’s first and only 'quantum-safe’ instant messaging system. So well encrypted were the users’ messages that not even a mature quantum computer with its vastly more powerful code-breaking capabilities would be able to decipher the text. It was a much-needed victory for privacy in an age where the exploitation of user data was widely agreed to be out of control. However, the reality proved vastly more complex when our application appeared on an Islamic State-recommended technical tools list.
I believe government-sanctioned backdoors in encryption will increase the possibility that anyone can walk through it, whether it’s the intended government agency, a malicious nation or hackers. Social media companies have long argued that they should not hold a golden key as they cannot guarantee if their own platforms are compromised one day. The answer is very simple, the key should not be held by such companies and the key guardians should not have access to the data unless a legal and out-of-band process is performed. Market-ready solutions can create a pre-agreed side door, which offers the data guardians, preferably consisting of privacy groups, the ability to split control and responsibility.
As well as the industry standard threshold cryptography which was not designed for privacy, our Quorum technology combines properties from that with homomorphic cryptography, zero-knowledge proof, post-quantum cryptography and a number of other security layers to achieve total privacy. It works by splitting a decryption key into multiple fragments that are then transmitted to fragment guardians. The message can only be accessed if a pre-agreed quorum threshold is reached from the fragment guardians — for example, 3 out of 5 fragment guardians will need to approve the request before access to the data is granted. By using this technology, there is no leakage of any key fragments and the key is never reconstructed.
Unlike more rigid governance systems such as simple multi-signature schemes, Quorum is flexible, with the ability to recall or reissue key fragments should an individual go rogue or if the governance structure needs to evolve over time. Similarly, each actor within a quorum can be assigned a specific weighting or transciency based on the governance structure you wish to create.
This kind of key splitting technology already exists. Instead of blanket surveillance, this side door approach will serve as a major deterrent to any criminals who will need to move on to a less responsible platform. What we urgently need is for both sides of this polarised debate to come together so that each specific access request can be judged on its merits, by a sensibly organised governance system representing both privacy and law enforcement advocates.
If that is still not palatable, how about giving the quorum access control to just the privacy advocates? That would at least be a start.
Andersen Cheng, Executive Chairman, Post-Quantum
Andersen Cheng is the Founder and Executive Chairman of Post-Quantum, a UK firm developing encryption and ultra-secure products that are resistant to the code-breaking capabilities of quantum computers.
Read more about the debate on end-to-end encryption
- Leaked legal advice warns that European ‘chat control’ proposals to require tech companies to scan private and encrypted messages for child abuse are likely to breach EU law
- Peers hear that the UK government is being deliberately ambiguous about its plans to require technology companies to scan the content of encrypted messages.
- CEO of encrypted messaging service Element says Online Safety Bill could pose a risk to the encrypted comms systems used by Ukraine.
- Tech companies and NGOs urge rewrite of Online Safety Bill to protect encrypted comms.
- Protecting children by scanning encrypted messages is ‘magical thinking’, says Cambridge professor.
- Proposals for scanning encrypted messages should be cut from Online Safety Bill, say researchers.
- GCHQ experts back scanning of encrypted phone messages to fight child abuse.
- Tech companies face pressure over end-to-end encryption in Online Safety Bill.
- EU plans to police child abuse raise fresh fears over encryption and privacy rights.
- John Carr, a child safety campaigner backing a government-funded campaign on the dangers of end-to-end encryption to children, says tech companies have no choice but to act.
- Information commissioner criticises government-backed campaign to delay end-to-end encryption.
- Government puts Facebook under pressure to stop end-to-end encryption over child abuse risk.
- Former UK cyber security chief says UK government must explain how it can access encrypted communications without damaging cyber security and weakening privacy.
- Barnardo’s and other charities begin a government-backed PR campaign to warn of dangers end-to-end encryption poses to child safety. The campaign has been criticised as ‘one-sided’.
- Apple’s plan to automatically scan photos to detect child abuse would unduly risk the privacy and security of law-abiding citizens and could open up the way to surveillance, say cryptographic experts.
- Firms working on UK government’s Safety Tech Challenge suggest scanning content before encryption will help prevent the spread of child sexual abuse material – but privacy concerns remain.
- Private messaging is the front line of abuse, yet E2EE in its current form risks engineering away the ability of firms to detect and disrupt it where it is most prevalent, claims NSPCC.
- Proposals by European Commission to search for illegal material could mean the end of private messaging and emails, says MEP.
Read more on Network security strategy
Chat control: EU lawyers warn plans to scan encrypted messages for child abuse may be unlawful
Government is playing ‘psychic war’ in battle over end-to-end encryption
Online Safety Bill could pose risk to encryption technology used by Ukraine
Tech companies and NGOs urge rewrite of Online Safety Bill to protect encrypted comms