End-to-end encryption for civilian messaging services is a dearly-held dream of many outside the intelligence and security communities. It certainly isn’t something that I myself disagree with; I’d like to think that the messages I send to my loved ones are, in fact, being read only by my loved ones. However, every time that somebody uses an app with E2EE to send a message or make a call, members of the worldwide intelligence communities cradle their heads in their hands and cry.
Yesterday, Google jumped on the ‘encryption-for-all!’ bandwagon, announcing their new messaging service Allo, messages sent through which not even Google itself will be able to decrypt (theoretically, and for now) when the app is operating in Incognito mode. After all, to the average citizen it is perfectly reasonable to take steps to ensure one’s privacy, especially when you know good and well that there are those out there with the capacity to intercept and read your unencrypted (and therefore insecure) messages should they choose to.
In fact, Google is actually late to the game on this one. As Wired pointed out earlier today, Facebook (with Messaging and Whatsapp) as well as Apple (iMessage, Facetime) have been quietly encrypting your communications for some time now. More people are aware of this now, due both to the consequences of the Snowden revelations and the extremely public throw down between Apple and the FBI over getting into the iPhone of the San Bernadino shooter. And that’s the real rub. For all that we are entitled to privacy (and so we should be, not disagreeing with that!), our intelligence services and security organizations have the duty to protect against threats to the security of the State and the citizens therein (that would be us). Of course, the problem with that is privacy for everyone means privacy for everyone….including criminals and terrorists. Apple cannot build the FBI a backdoor into an iPhone, because that sets a dangerous precedent for the future. Not to mention, once that capacity exists it can’t be taken back, and absolutely nobody can guarantee that it won’t eventually trickle down to some who will use it negatively. This is an ethical as well as legal dilemma, and there really is no simple (or, so far, complex) solution.