In many of our in-depth studies we have highlighted several times that the crittografia end-to-end it’s a real achievement. In digital communications, when end-to-end encryption is active, well implemented and has no backdoor (whose inclusion is increasingly requested also by the governments and police forces of Western countries…), only the sender and the recipient have the keys necessary to encrypt and decrypt the message.
No intermediary, including telecommunications service providers, can access the content of messages exchanged during an end-to-end encrypted conversation. Since encryption is implemented from one end of the communication to the other, users can enjoy the highest level of privacy and security possible, excluding the risk of interceptions by third parties.
We have seen what encryption is and how it works: End-to-end encryption is often used in applications for instant messagingfor exchanging email messages on some platforms (think for example of ProtonMail and Tutanota) and with certain protocols (PGP, OpenPGP, S/MIME), in many other contexts in which privacy is an absolute priority.
European Court of Human Rights upholds end-to-end encryption
Do you remember the unfortunate European proposal which would have effectively introduced a mass surveillance system on all communications between normal citizens, even those who are not subject to restrictive measures or subjected to police checks? Baptised Chat Control 2.0the proposed law should have come into force in recent months throughout the European territory.
The mobilization of many associations involved in the defense of fundamental rights and the opposition expressed by several European member states made it possible to avoid the worst. After the “danger escape”, Tuta (the company that supports the development of Tutanota) named the names of those who supported Chat Control 2.0 and underlined the reasons why Europe was about to commit a very serious mistake.
Now there European Court of Human Rights adds a further formal conclusion pointing out that end-to-end encryption is to be considered a widely acceptable tool for protecting the right to respect for private life and confidentiality of online correspondence. “In the digital age, technical solutions to ensure and protect the privacy of electronic communications, including encryption measures, help to ensure the enjoyment of other fundamental rights, such as freedom of expression“, observes the Court in paragraph 76 et seq. in this decision.
Measures aimed at weakening cryptographic mechanisms, including end-to-end encryption, are not permissible
All possible measures that aimed to weaken encryptionwe read again in the assessment of the international judicial body, are in short not justifiable precisely on the basis of the benefits that encryption places in the hands of citizens and businesses.
And this is the concrete case of the so-called Telegram secret chats. The Telegram messaging app does not use end-to-end encryption for all conversations but only for those initiated as secret chats. The Court observes that “to allow the decryption of communications protected by end-to-end encryption, (…) it would be necessary to weaken the encryption for all users. These measures presumably they cannot be limited to specific individuals and would target everyone indiscriminately, including individuals who pose no threat to a legitimate government interest“. In short, such approaches are therefore not proportionate to the legitimate aims pursued, for example, by governments, public bodies and law enforcement agencies.
Not only. The possible inclusion of backdoor in messaging applications”would make systematic, general and indiscriminate surveillance of personal electronic communications technically possible. Backdoors could also be exploited by criminal networks and would seriously compromise the security of all users’ electronic communications“. Conclusions that the Court elaborated making its own hazard analysis resulting from the limitation of encryption described by many industry experts.
It is certainly true that encryption can be and is also used by criminals, which can complicate criminal investigations, but alternative solutions that do not lead to the weakening of encryption-focused protection mechanisms must be favored.
Opening image credit: iStock.com – filo