Easy guide to encryption and why it matters
What’s the definition of encryption? Why should messaging apps use it to protect our personal chats, pics and videos? We explain all the technical terms and the jargon.
What is encryption?
Encryption is a powerful way of helping to stop our text messages, emails, phone calls and video chats from being accessed by anyone we don’t want to see them. When encryption is in place someone intercepting internet communications would just see a long string of random characters.
What is end-to-end encryption?
When communications are encrypted a secret key is used to unscramble the text. Very often, with other forms of encryption, this key is held by the company that provides services such as email or website hosting. But with end-to-end encryption you’re the only one who has the key, not the company, and the key never leaves your device, so your communications stay private between you and the people you’re talking to. End-to-end encryption therefore provides strong privacy protection.
What other forms of encryption might be used?
Apps that don’t offer end-to-end encryption usually offer “transport encryption”. This protects data as your messages travel across a network. However, that data is decrypted once it arrives at the server of the company providing the service, because the company holds the encryption key. That means governments can force the company to hand over personal information.
Why is end-to-end encryption important?
End-to-end encryption is important because it protects your personal data even as it passes through the company’s servers. It means that the company is not able to decrypt your messages or see the content. It recently emerged that Yahoo allowed US intelligence officials to scan hundreds of millions of YahooMail accounts. This could easily happen with instant messaging too, if it’s not end-to-end encrypted.
Who can see my messages if they aren’t encrypted?
As more of our communications happen online, governments and other authorities around the world are relying more on intercepting online messages to monitor people’s activities. Our communications are also at risk from malicious hackers and cybercriminals, who may use our personal details for bank fraud, money laundering and identity theft.
Which companies are best and worst?
We ranked 11 of the companies behind the most popular messaging apps. We assessed each company’s key policies and practices in relation to encryption. We have not assessed other privacy aspects of the apps or their overall security. Only three offered end-to-end encryption by default on all their apps.
Facebook, which owns Facebook Messenger and WhatsApp, is doing the most out of the 11 companies to use encryption to respond to human rights threats, and is most transparent about the action it’s taking; however even Facebook has a lot of room to improve. Chinese firm Tencent was ranked as the company taking least action on messaging privacy, followed by Blackberry and Snapchat. The non-profit Signal app is considered by many cyber security experts to be the gold standard in terms of security.
What do governments say about encryption?
Encryption protects our online information but some governments do not want us to use it. In 2015, then UK Prime Minister David Cameron asked: “Do we want to allow a means of communication between people which we cannot read?” Some countries including Pakistan, India, Turkey and China have already enacted legislation restricting access to and use of encryption. But security experts have pointed out that if governments succeed in pressuring companies to build “backdoors” into their apps, these backdoors could also be used by other governments, hackers and cybercriminals.
What do companies say about encryption?
Many of the companies we assessed have taken a strong public stance in support of privacy and security, and some have defended their use of encryption tools in the face of pressure from governments. But even the top-ranked companies have room to improve, and must be more transparent with their users and the wider public about their use of encryption. In some countries companies are legally obliged to comply with government requests to access user data.
Doesn’t encryption support criminals and terrorists?
It’s really important to challenge the myth pushed by governments that reducing the security of our information online will keep us safe. The opposite is true. If you weaken our online security, you expose us all to information theft.
The main reason governments are trying to stop encryption is because it is a barrier to them indiscriminately monitoring all our personal data. But many security experts will tell you that making the haystack bigger will not help find the “needle” of terrorism. Even if governments banned certain kinds of encryption on consumer apps, this will not stop criminals from using encryption technology, which is widely available and free; it will just weaken security for everyone else who obeys the law.
What’s more, encryption does not stop the authorities from carrying out targeted surveillance of specific targets. Governments have a range of tools at their disposal for this, including analyzing metadata and location information.