Thomas Bandt

End-to-End Encryption: A Socio-Technical Perspective

This post aims to unravel the socio-technical aspects of end-to-end encryption, tracing its historical roots and adoption barriers to modern-day legal challenges and the pivotal role of guidelines and norms in shaping encryption practices.

Published on Wednesday, 28 February 2024

Acceptance And Proliferation

Encryption has been used for a long time by those concerned about the exposure of their important information (Spitz et al., 2011, p. 3). Even modern asymmetric encryption has been securely possible since the mid-1970s, with the development of the Diffie-Hellman key exchange (Diffie & Hellman, 1976; Schmeh, 2013, p. 736). Since the introduction of Pretty Good Privacy (PGP) in 1991, encrypted digital communication has become theoretically accessible to users without in-depth cryptographic knowledge (Ermoshina et al., 2016, p. 3).

However, despite the availability of PGP before the widespread use of the Internet, including popular services like email and the World Wide Web, the use of encryption, particularly secure end-to-end encryption, remained rare for a long time. Stransky et al. showed that only 5.46% of about 82 million emails sent between January 1994 and July 2021 by more than 30,000 students and 5,000 staff of a large German university were end-to-end encrypted (Stransky et al., 2022, p. 7).

Many potential reasons for the low adoption of E2EE are discussed in the literature. These include poor usability of available software solutions (Reuter et al., 2021; Ruoti et al., 2015; Whitten & Tygar, 1999), high heterogeneity of used clients (Dechand et al., 2019, p. 411; Stransky et al., 2022, p. 13), and unrealistic or incorrect perceptions and low problem awareness among users (Abu-Salma et al., 2017, p. 151; Dechand et al., 2019, p. 410; Schaewitz et al., 2021, p. 129).

The breakthrough for widespread application of E2EE came in the 2010s with its implementation in instant messaging apps, notably WhatsApp, which already had over a billion active users when adopting E2EE (Greenberg, 2014). However, WhatsApp's transparent communication and media's keen attention to the implementation of the Signal protocol from 2014 changed little in many users' attitudes toward the topic. While many were unaware of the ongoing encryption, others assumed that their messages could still be monitored in case of necessity, and that the offered technology could not help them with this issue (Dechand et al., 2019, p. 401).

The implementation of E2EE by service providers like WhatsApp is somewhat ironic, as these providers are often seen as central antagonists in many threat models, needing to be secured against (Balsa et al., 2022, p. 168). According to these models, users would need to encrypt and decrypt their messages with independent software, compatible with their provider, to maintain control over the encryption process. However, as of today this is still practically infeasible as users cannot install the necessary software plug-ins on iOS and Android, as these systems do not allow it (Balsa et al., 2022, p. 168).

Ultimately, the implementation of E2EE by service providers, who control both the encryption implementation and the clients, is a necessary compromise for the time being. Creating an independent, user-friendly encryption solution that works across different operating systems, client applications, and providers, and their protocols, making it practical for the mass of users, has not yet been achieved (Dechand et al., 2019, p. 411).

Legal And Regulatory Challenges

The implementation of encryption by service providers not only poses theoretical risks but also practical ones. Dominant market players are traditionally prime targets for government intervention. This is particularly true in the context of the decades-long, behind-the-scenes "Crypto-Wars" – attempts by governments to interfere with data encryption. Jarvis categorizes, from a U.S. perspective, three major "wars," with the current one, revealed by Snowden in 2013, still ongoing. A common thread in all Crypto-Wars is the attempt to weaken or manipulate encryption mechanisms at various levels – from legislation to the standardization of cryptographic procedures – to ultimately produce results easily decryptable by state actors (Jarvis, 2020).

A practical example is the case of Switzerland's Crypto AG. In the 1970s, the company was covertly acquired by the German Federal Intelligence Service (BND) and the American Central Intelligence Agency (CIA). Crypto AG supplied many governments worldwide with cryptographic equipment. The information encrypted with these devices could thereafter be decrypted and analyzed by the involved intelligence agencies. It took decades for this operation to be exposed and for Crypto AG to be dissolved (G. Miller, 2020).

Another example is the Dual Elliptic Curve Deterministic Pseudo Random Bit Generator (Dual-EC-DRBG), used for generating random numbers and forming the basis for many cryptographic algorithms. It was suspected to be compromised by the National Security Agency (NSA). Despite these suspicions, the method was standardized by the National Institute of Standards and Technology (NIST), the International Organization for Standardization (ISO), and the American National Standards Institute (ANSI) – without proof of security – and widely used in practice. It wasn't until Snowden's revelations in 2013 that NIST reacted and removed the generator from its standard (Gottwald, 2017).

However, risks arise not only from intelligence operations but also through legislation in many countries, which repeatedly attack cryptographic methods. For designing and implementing an E2EE system for the German market, for example, it is relevant to focus primarily on legislative procedures at the federal and EU levels, which can directly or indirectly affect the encryption of information. A current specific example is the "Proposal for a Regulation of the European Parliament and of the Council on preventing and combating child sexual abuse" (European Commission, 2022). In this context, there is a discussion about obliging communication providers under certain conditions to analyze end-to-end encrypted data and, if necessary, to pass it on to the competent authorities (Global Encryption Coalition, 2020; Voge, 2022).

Guidelines, Standards, And Norms

Beyond legislative mandates, standards and norms can frame the development of systems with cryptographic components. The specifics depend on each individual case.

An approach to designing a standards-compliant system might involve Common Criteria protection profiles (Common Criteria, 2022), certified in Germany by the Federal Office for Information Security (BSI). However, Lunkeit and Zimmer note that these profiles can be quite abstract, and their concrete implementation can be challenging even for experienced users (Lunkeit & Zimmer, 2021, p. 269).

In Germany, the BSI also provides guidelines for cryptographic systems. The guideline BSI TR-02102-1 "Cryptographic Procedures: Recommendations and Key Lengths" includes examples of symmetric and asymmetric encryption methods and hash functions (BSI, 2022). This guideline can guide the design of a system and assist in selecting suitable approaches and excluding outdated ones (Lunkeit & Zimmer, 2021, p. 269).

Another resource is the Requests for Comments (RFCs) managed by the Internet Engineering Task Force (IETF), which cover not only classic Internet standards like the Internet Protocol (IP) but also cryptographic issues. RFCs are widely accepted and considered de facto norms due to their broad implementation (Lunkeit & Zimmer, 2021, p. 270).

At the EU level, the European Telecommunications Standards Institute (ETSI) standardizes telecommunications. For example, ETSI TS 199 312 provides a standard for cryptographic algorithms supported by electronic signatures and their infrastructures (ETSI, 2017). Considering ETSI norms is sensible when interoperability between systems is desired. However, as they are industry norms, their specifications are often vague, allowing significant leeway in implementation (Lunkeit & Zimmer, 2021, p. 270).

The Cryptographic Technology Group (CT) at the US National Institute of Standards and Technology (NIST) also addresses issues such as hash algorithms and key management. While their guidelines are not usually binding for solutions targeting the German market, CT documents can provide guidance in the design and development of a system. An example is SP 800-175B Rev. 1, the "Guideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates, and Policies" (Barker, 2020).

References

What do you think? Drop me a line and let me know!