End-to-end encrypted platforms have become an important means to establish online trust for businesses and individuals globally – and law enforcement/intelligence services are struggling to keep up.Their unfamiliarity and uncertainty is reflected in the ambiguity of political discourse on the subject. On one hand, the European Union endorses strong encryption within data protection laws such as GDPR. On the other, attempts to intercept end-to-end-encrypted communication between suspicious parties resurface over and over again. The Council Resolution on Encryption, adopted by the Council of the European Union, is the latest example. Politicians continue to strive for both strong end-to-end encryption and getting targeted access to information when – from a security and technology standpoint – the two concepts are at odds. Symbiosis is only possible in political rhetoric.
As the co-founder of an end-to-end encrypted cloud service, I am deeply concerned at how demands for access to encrypted data will affect the security of thousands of businesses and the millions of clients who rely on them in the EU and worldwide.The Digital Economy Is at Risk
Our digital economy depends on the widespread use of strong encryption. This includes end-to-end encryption, within organizations of all shapes and sizes.
As businesses, we depend on strong encryption to manage the data of EU citizens in a compliant and safe manner, and the use of end-to-end encryption is often a key pull factor for companies considering a move to the cloud.
Weakening this encryption protocol would threaten the security – and ultimately the existence – of all of these businesses in the future, preventing decision-makers from opting in for the optimal security and efficiency provided by cloud-based systems.
Businesses Rely on End-to-End Encryption for Multiple ReasonsAccording to a 2020 study on encryption trends by Entrust, almost half of surveyed organizations have already adopted a consistent encryption strategy. Our own survey (commissioned with the help of YouGov) from 2019 demonstrates an increase in awareness around the use cases for encryption, with 50% of respondents from the UK, Germany, and the United States agreeing that end-to-end encryption can help protect their digital privacy.
The applications for end-to-end encryption in a business context are considerable. My company Tresorit, a cloud storage service, has learned of many critical uses from our customers alone. They include a wide range of businesses that handle sensitive data. Their assets, ranging from IP to business secrets, employee information, and healthcare records, must be stored and transmitted confidentially.
Here are just a few examples of why end-to-end encryption is so critical to their needs:Securing Sensitive DataFor companies like PayFit, end-to-end encryption plays a critical role, enabling them to provide a secure environment for their clients’ data. “The data that we store about our clients is, by definition, highly confidential. Think payroll data, identity documents, health information and so on,” says Guillaume Gohin, Head of Information Security. “We wanted to make sure our data is safe at every step of the chain… end-to-end encryption guarantees just that.”
Complying with Data Protection RegulationsWith GDPR coming into force in the EU, a new wave of data protection laws has been triggered globally. Fulfilling the strictest local requirements is a major challenge for most global companies. For companies like DMCC Netherlands and Pelago AB, using a GDPR-compliant technology like end-to-end encryption is a matter of professional credibility. “We ensure that business processes of our clients are in line with European privacy and consumer protection legislation”, says Jitty van Doodewaerd, Director of DMCC Netherlands B.V. “We have to practice what we preach. Therefore, our own data storage has to be compliant.”Pelago AB Founding Partner Christoffer Lindblad says, “Our reputation as a reliable partner is one of our most vital so-called competitive edges. It is thus crucial that we handle all data as securely as possible and encryption offers us one important tool to achieve this.” Protecting IdentitiesEnd-to-end encryption also helps our NGOs and human rights organizations keep critical data secure. Elinor Stevenson, Senior Counsel at Public International Law & Policy Group, a Nobel Peace Prize nominee and global pro bono law firm, reiterates this. “Encryption is critical to the work we do with human rights defenders. It allows us to securely share and store sensitive information in a way that protects the people we work with and the information itself.”
The Problem with Backdoors
The strength of the end-to-end technology is in its structural integrity. Law enforcement calls for businesses to create backdoors to encrypted content are dangerous because it undermines the security of the entire system. It opens up vulnerabilities to malware attacks and unwanted surveillance.
Mandatory third-party access would spell havoc for individuals and businesses alike. With the cost of a data breaches soaring to an average of US$ 3.86m, the risk of an open-door policy is too much to stomach.Backdoor Access Is off the Table
No one can afford to lose encryption. Our digital economy relies on secure and confidential collaboration to thrive. Forcing businesses to create the means for third-party access to encrypted systems would set the scene for dramatic losses. Loss of data. Loss of money. Loss of reputation. Why risk destabilizing the security system and causing a complete loss of trust in the network economy?
Regulators and lawmakers must understand these threats, divert their energy to more pressing matters, and end talk of backdoor coercion for good.Image by kate.sade via Unsplash