Your Ultimate UPSC Study Material To Crack IAS Exam
Comprehensive content tailored For Success
What is End-to-End Encryption?
Dec 13, 2022
Today we will discuss what is End-to-End Encryption in our today's edition of Current Affairs. Read further to upgrade your UPSC CSE knowledge and also understand the topic’s relevance to the UPSC syllabus.
For Prelims: General Science
End-to-End Encryption, Data breaches, Internet service providers (ISPs), Cybercriminals.
For Mains: GS Paper III-Awareness in the field of IT
About End-to-End Encryption, Working of End-to-End Encryption, Usage of End-to-End Encryption, Advantage of end-to-end encryption, Cons of end-to-end encryption, Encryption Laws in India.
Apple has recently announced that it will be increasing the number of data points protected by end-to-end encryption on iCloud from 14 to 23 categories.
What is end-to-end encryption and why are tech companies focusing on it? (150 words, 10 marks)
Apple in a data breach research cited that between 2013-2021, the total number of data breaches more than tripled.
To address the threat of data breaches the company is implementing end-to-end encryption.
As per Apple, end-to-end encryption will protect users' data, even if it is breached in the cloud.
About End-to-End Encryption (E2EE)
Meaning: It is a communication process that encrypts data being shared between two devices.
Significance: It prevents third parties like cloud service providers, internet service providers (ISPs), and cybercriminals from accessing data while it is being transferred.
Working of End-to-End Encryption
The process uses an algorithm that transforms standard text into an unreadable format.
This format can only be unscrambled and read by those with the decryption keys, which are only stored on endpoints and not with any third parties including companies providing the service.
Usage of End-to-End Encryption
End-to-end encryption has long been used when transferring business documents, financial details, legal proceedings, and personal conversations.
It can also be used to control users’ authorization when accessing stored data, which seems to be what Apple intends to do.
End-to-end encryption is used to secure communications.
Some of the popular instant-messaging apps that use it are Signal, WhatsApp, iMessage, and Google messages.
It is also used to secure passwords, protect stored data and safeguard data on cloud storage.
Advantages of end-to-end encryption (E2EE)
Extra layer of protection: Apple also said that E2EE will add an extra layer of protection that would be valuable to targets of hacking attacks launched by well-funded groups.
Additional advantage: The focus on E2EE seems to stem from the company’s desire to position itself as a provider of secure data storage and transfer services.
Prevent Snooping: E2EE is also seen as a technology that secures users’ data from snooping by government agencies, making it a sought-after feature by activists, journalists, and political opponents.
Unwarranted Parties: E2EE protects data from unwarranted parties including service providers, cloud storage providers, and companies that handle encrypted data.
Prevention from Sharing Information: The technology also makes it harder for service providers to share user information from their services with authorities.
Cons of end-to-end encryption (E2EE)
No Security to Metadata: E2EE does not protect metadata, which includes information like when a file was created, the date when a message is sent and the endpoints between which data was shared.
Lack of full Security: While E2EE protects user data, it still remains deeply concerned with the threat end-to-end and user-only-access encryption pose.
Over Protectiveness: The legislation allowing law enforcement secret access to messages on platforms is necessary for the government to prevent “terrorists” and other serious criminals from hiding from the law, but tech companies have strongly resisted this.
Also Read : UPI: The Dawn of Digital Fintech Nirvana
Encryption Laws in India
Currently, India is devoid of any substantive provision or policy on encryption. The Central Government has not enacted any rules under this provision yet.
In India, there are a number of industry rules that require minimum encryption standards to be utilized in protecting transactions, such as telecommunications, banking, and finance industries.
Section 84A of the Information Technology Act of 2000, delegates the Central Government the authority to frame any rules on the use and regulation of encryption.