Insist on End-to-End Encryption: Don't Settle for Less

Nations across the globe have been striving to eradicate end-to-end encryption from messaging applications for years to monitor communications for illicit content—predominantly child sexual abuse imagery—and data that could assist in law enforcement.

Historically, the discourse primarily focused on the feasibility of introducing “backdoors,” or access points that would allow law enforcement agencies to tap into encrypted communications. However, in recent years, client-side scanning has surfaced as a promising alternative, capable of scrutinizing messages while preserving the security of encryption.

This technology operates by inspecting messages on your device before their transmission, flagging any potentially suspicious content for additional scrutiny.

Utilizing encryption significantly bolsters security measures, rather than compromising them.

End-to-end encryption (E2EE) particularly underscores a critical obligation that businesses are expected to uphold – the non-retention of individual messages.
A prevalent concern that individuals harbor regarding their online activities is the potential for personal information to fall into the hands of nefarious hackers. Experiencing the breach or loss of messages from a server is, in fact, a more dreadful consequence than any presumed risks associated with the implementation of E2EE.
Messaging companies employ various strategies to ensure safety, such as allowing users to flag suspicious accounts and implementing bans on those accounts found violating terms of use.
Advocate for digital rights, Meredith Whittaker, has pointed out the conspicuous absence of any historical evidence suggesting that mass surveillance has ever rendered safety. Moreover, the current era is witnessing an unprecedented level of centralized surveillance, making it more ubiquitous than ever before.

Despite the implementation of encryption, client-side scanning continues to compromise its effectiveness.

The simultaneous use of encryption and client-side scanning is contradictory.
This is because the scans erode the integrity of the encryption, making it impossible to uphold privacy through this method. Whittaker argues that believing otherwise is a form of irrational idealism, partially propelled by narratives on the sophistication of artificial intelligence.
Politicians have been persuaded into thinking that these scans can be relied upon to criminalize individuals – a significant achievement by the corporations producing the scanning technologies.

Everyday users deeply appreciate and cherish the sanctity of private communications.

Conceptualizing the act of probing for ‘undesirable’ content in messaging applications can be likened to engaging in face-to-face conversations within the scrutinizing gaze of an AI-driven CCTV camera, persistently monitoring your every move.
It’s crucial to assist the average individual in grasping the potential implications of dwindling encryption in an approachable and tangible manner. Such implications could be perceived in the form of compromised security within various sectors, including journalism, governmental entities, and corporate establishments.
Matthew Hodgson, in a recent revelation, stated that according to a survey carried out by his company, an overwhelming majority of 83% of UK survey participants expressed their desire to utilize End-to-End Encryption (E2EE) as a robust shield for their communications.

Navigating Privacy in the Era of Artificial Intelligence

Artificial Intelligence (AI) necessitates colossal volumes of data, an aspect which predicates extensive surveillance measures to accumulate this data. This intertwines AI with a surveillance-centric business model, cementing its position and providing a rationale for its existence.
End-to-end encryption (E2EE) communication serves as a countermeasure, functioning as a safeguard to protect data from the prying eyes of AI surveillance. However, it isn’t the definitive solution, as there is an abundance of information about us that’s gathered without our explicit consent and remains beyond the preventative reach of E2EE.
The narrative perpetuated by tech conglomerates, that portrays AI as supremely intelligent or even mystical, bolsters inflated perceptions of the potential capabilities of technology. This, in turn, prompts the endorsement of tech-focused legislation, such as client-side scanning.
Therefore, we must challenge and resist these narratives that propagate magical thinking about technology. Only by removing these rose-tinted glasses can we truly comprehend and address the complex issues surrounding the intersection of privacy and AI.

Here’s an in-depth look at the legislation in Western nations that poses a threat to E2EE.

These laws potentially necessitate companies to design or employ third-party technologies to scrutinize messages on devices if they aim to maintain their use of E2EE. The scanning process already raises serious privacy issues, but another significant problem could arise if companies find themselves unable to integrate such technology – they would be compelled to dismantle E2EE to adhere to legal norms.

The Online Safety Bill of the United Kingdom, which is likely nearing the final phase of becoming a law, stipulates that messaging companies should identify and flag child abuse content in their transmissions. Notably, Signal has expressed its intent to exit the UK market if the law mandates a compromise on privacy measures, and WhatsApp has also been actively contesting the legislation.
In the United States, the EARN IT Act was tabled for the third time in April of the current year, having failed to materialize into law on two previous occasions. The Act proposes the establishment of a national commission tasked with curating a list of best practices for technology companies. These measures aim to curb the circulation of child sex abuse material.
During the previous year, the European Union proposed the Chat Control law, mandating messaging services to implement scans for material associated with child sex abuse and terrorism. However, a leaked internal legal advisory suggested that these regulations would likely be deemed unlawful.
In 2018, Australia took a significant step with the passage of the Assistance and Access Act, providing the government with the power to compel companies to surrender user data, even if it is safeguarded by encryption.