What is End-to-End Encryption?

Today we will discuss what is End-to-End Encryption in our today's edition of Current Affairs. Read further to upgrade your UPSC CSE knowledge and also understand the topic’s relevance to the UPSC syllabus.

For Prelims: General Science

End-to-End Encryption, Data breaches, Internet service providers (ISPs), Cybercriminals.

For Mains: GS Paper III-Awareness in the field of IT

About End-to-End Encryption, Working of End-to-End Encryption, Usage of End-to-End Encryption, Advantage of end-to-end encryption, Cons of end-to-end encryption, Encryption Laws in India.

Context

Apple has recently announced that it will be increasing the number of data points protected by end-to-end encryption on iCloud from 14 to 23 categories. 

Probable Question

What is end-to-end encryption and why are tech companies focusing on it? (150 words, 10 marks)

Background

• Apple in a data breach research cited that between 2013-2021, the total number of data breaches more than tripled. 
• To address the threat of data breaches the company is implementing end-to-end encryption. 
• As per Apple, end-to-end encryption will protect users' data, even if it is breached in the cloud.

About End-to-End Encryption (E2EE)

• Meaning: It is a communication process that encrypts data being shared between two devices. 
• Significance: It prevents third parties like cloud service providers, internet service providers (ISPs), and cybercriminals from accessing data while it is being transferred. 

Working of End-to-End Encryption

• The process uses an algorithm that transforms standard text into an unreadable format. 
• This format can only be unscrambled and read by those with the decryption keys, which are only stored on endpoints and not with any third parties including companies providing the service. 

Usage of End-to-End Encryption

• End-to-end encryption has long been used when transferring business documents, financial details, legal proceedings, and personal conversations. 
• It can also be used to control users’ authorization when accessing stored data, which seems to be what Apple intends to do.
• End-to-end encryption is used to secure communications. 
• Some of the popular instant-messaging apps that use it are Signal, WhatsApp, iMessage, and Google messages. 
• It is also used to secure passwords, protect stored data and safeguard data on cloud storage.

Advantages of end-to-end encryption (E2EE)

• Extra layer of protection: Apple also said that E2EE will add an extra layer of protection that would be valuable to targets of hacking attacks launched by well-funded groups. 
• Additional advantage: The focus on E2EE seems to stem from the company’s desire to position itself as a provider of secure data storage and transfer services. 
• Prevent Snooping: E2EE is also seen as a technology that secures users’ data from snooping by government agencies, making it a sought-after feature by activists, journalists, and political opponents.
• Unwarranted Parties: E2EE protects data from unwarranted parties including service providers, cloud storage providers, and companies that handle encrypted data.
• Prevention from Sharing Information: The technology also makes it harder for service providers to share user information from their services with authorities.

Cons of end-to-end encryption (E2EE)

• No Security to Metadata: E2EE does not protect metadata, which includes information like when a file was created, the date when a message is sent and the endpoints between which data was shared.
• Lack of full Security: While E2EE protects user data, it still remains deeply concerned with the threat end-to-end and user-only-access encryption pose.
• Over Protectiveness: The legislation allowing law enforcement secret access to messages on platforms is necessary  for the government to prevent “terrorists” and other serious criminals from hiding from the law, but tech companies have strongly resisted this.

Also Read : UPI: The Dawn of Digital Fintech Nirvana 

Encryption Laws in India

• Currently, India is devoid of any substantive provision or policy on encryption. The Central Government has not enacted any rules under this provision yet.
• In India, there are a number of industry rules that require minimum encryption standards to be utilized in protecting transactions, such as telecommunications, banking, and finance industries.
• Section 84A of the Information Technology Act of 2000, delegates the Central Government the authority to frame any rules on the use and regulation of encryption.

News Source: The Hindu

https://www.thehindu.com/sci-tech/technology/what-is-end-to-end-encryption-and-why-are-tech-companies-focusing-on-it/article66251153.ece#

Also watch a detailed video on Internal Security by Siddharth Singh Sir and enhance your IAS Preparation:

https://youtu.be/qYmOncbOw8M

If you want to enhance your civils preparation and crack the UPSC CSE examination, download the PrepLadder app and get access to the finest study material curated by India’s top UPSC faculty.

You can also join our Telegram channel for UPSC coaching and to stay updated with the latest information about the UPSC exam.