Acasă Computing A new era of attacks on end-to-end encryption

A new era of attacks on end-to-end encryption

De către
StiriDigitaleRo
-
cyber security concept

The UK, France, Sweden, and EU have made fresh attacks on end-to-end encryption. Some of the attacks are more “crude” than those in recent years, according to ”wired.com” .

Over the past decade, encrypted communication has become the norm for billions of people. Every day, Signal, iMessage, and WhatsApp keep billions of messages, photos, videos, and calls private by using end-to-end encryption by default.

Nevertheless, over the past few months, there has been a surge in government and law enforcement efforts that would effectively undermine encryption, privacy advocates and experts say, with some of the emerging threats being the most “blunt” and aggressive of those in recent memory. Officials in the UK, France, and Sweden have all made moves since the start of 2025 that could undermine or eliminate the protections of end-to-end encryption, adding to a multiyear European Union plan to scan private chats and Indian efforts that could damage encryption.

These latest assaults on encryption come as intelligence agencies and law enforcement officials in the United States have recently backtracked on years of anti-encryption attitudes and now recommend that people use encrypted communication platforms whenever they can. The drastic shift in attitude followed the China-backed Salt Typhoon hacker group’s widespread breach of major US telecoms.

“The trend is bleak,” says Carmela Troncoso, a longtime privacy and cryptography researcher and the scientific director at the Max-Planck Institute for Security and Privacy in Germany. “We see these new policies coming up as mushrooms trying to undermine encryption.”

End-to-end encryption is designed so only the sender and receiver of messages have access to their contents—governments, tech companies, and telecom providers can’t snoop on what people are saying. Those privacy and security guarantees have made encryption a target for law enforcement and governments for decades.

Broadly, the recent threats to encryption have come in three forms, says Namrata Maheshwari, the encryption policy lead at international nonprofit Access Now. First, there are those where governments or law enforcement agencies are asking for backdoors to be built into encrypted platforms to gain “lawful access” to content. At the end of February, for example, Apple pulled its encrypted iCloud backup system, called Advanced Data Protection, from use in the UK after the country’s lawmakers reportedly hit the Cupertino company with a secret order demanding Apple provide access to encrypted files.

Meanwhile, lawmakers in Sweden are also considering legislation that would require encrypted messaging companies, such as Signal and WhatsApp, to keep copies of messages that people send on their platforms so they could allow law enforcement to access suspects’ histories. Signal has said it would pull out of Sweden if the potential law goes ahead. While in France earlier this year, a proposed amendment to a drug trafficking law outlined plans to require encrypted messaging services to hand over decrypted chat messages within 72 hours of a request or face fines of up to 2 percent of annual global revenue.

In January, the head of EU law enforcement agency Europol told the Financial Times that tech companies have a “social responsibility” to provide access to encrypted messages. “Anonymity is not a fundamental right,” Catherine De Bolle told the publication. The comments expanded upon a previous statement from European police chiefs saying “we do not accept that there need be a binary choice between cybersecurity or privacy on the one hand and public safety on the other.”

The second threat, Maheshwari says, relates to an increase in proposals related to a technology known as “client-side scanning.” The process, which is sometimes called “on-device scanning,” involves scanning messages locally on a person’s device before they are encrypted, and comparing them against a database of prohibited content that is held elsewhere. Client-side scanning is an effort to contort encryption backdoors into something more palatable to privacy proponents by keeping people’s personal data on their own devices.
Ultimately, though, cryptographers and digital rights advocates have repeatedly warned that client-side scanning does not sidestep the fundamental dangers posed by creating a way for a third party to access encrypted data. The Internet Society’s Voge describes such efforts as a more “sophisticated” way that democracies have been trying to circumvent encryption in recent years.
Finally, Maheshwari says, there is always the looming threat of potential bans or blocks for encrypted services.
In December, two officials from the US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI, encouraged more people to use encrypted communications systems after China’s Salt Typhoon hackers gained deep access to US telecoms providers, exposing unencrypted calls and texts. “Encryption is your friend, whether it’s on text messaging or if you have the capacity to use encrypted voice communication,” one of the officials said.

Read the full art. on ”wired.com” .

Related art.:
– 28.12.2024: Cele mai bune aplicații de comunicare securizată și criptată – 2024 – ”stiridigitale.ro” (ro/en)
– 29.11.2024: Top 10 furnizori de servicii de e-mail privat și securizat 2024 – ”stiridigitale.ro”
– 29.11.2024: Cele mai bune VPN-uri gratuite în 2024 – ”stiridigitale.ro”

Foto: ”freepik.com” .

ȘTIRI SIMILAREDE ACELAȘI AUTOR