End-to-end encryption (E2EE) involves encrypting data and information between sending and receiving devices, so no other interceptors without the correct decryption keys can see the original contents. While this approach to cybersecurity offers many benefits, there are still some drawbacks in areas like consumer-provider relationships.
Portions of this definition originally appeared on CIO Insight and are excerpted here with permission.
In this definition...
How does end-to-end encryption work?
With the rise of cybersecurity threats, E2EE is one of the surest ways of protecting data so it doesn’t get into the wrong hands.
To keep data encrypted while it travels, two cryptographic keys (public and private) are generated on the sender’s device. While the public key can be generated by anyone, the paired private key can only be generated by the sender and can only be used to decrypt data for the designated recipient device.
Hackers can theoretically intercept the message, but it will remain completely illegible because when end-to-end encryption is applied to data in transit, the data is encrypted or jumbled on the sending device. The message cannot be decrypted until it is received by the recipient end device.
What are the benefits of end-to-end encryption?
- Protection of Privacy: E2EE offers a high level of privacy since intercepted messages cannot be easily read by any outside viewers.
- Integrity of Data: Unlike other security setups, E2EE prevents outside users from being able to gain access to, manipulate, or even stop data before it reaches the recipient.
- Highly Sensitive Data Exchanges: E2EE ensures no one outside the sending and receiving parties can spread highly sensitive data since it prevents unauthorized access to messages and makes messages indecipherable to those without permission who do manage to access them.
- Device Level Over Server Level: Device-level hacks can be more difficult and time-consuming, which makes E2EE at the device level more secure compared to encryption at the server level.
- Avoiding High-Cost Attacks and Reputation Damage: Using Yahoo’s 2013 data breach as an example, older and outdated encryption methods can lead to serious and massive data breaches that can affect the reputation and acquisition power of an industry.
What are the drawbacks of end-to-end encryption?
WhileE2EE offers several advantages, it still suffers from several shortcomings, which has led to some public safety concerns:
- Ledger is Still Available: End-to-end encryption doesn’t hide the fact that data is being transferred, so attackers can still find records of transactions and possibly deduce the contents based on the sending and receiving parties.
- Unreliable Receiving Devices: End-to-end encryption doesn’t guarantee data protection once it has been received, so the data can be viewed by anyone who has access to the receiving device.
Law enforcement and surveillance concerns
End-to-end encryption can be a hindrance in serious legal investigations, leading some countries to create the International Statement on End-to-End Encryption and Public Safety on October 11, 2020. The statement called for a ban on end-to-end encryption in apps like WhatsApp and pushed for technology companies to allow greater data access to international law enforcement.