I was asked this question, and it’s a good one, speaking clearly to “what is the value proposition of robust end-to-end encryption that is worthy of the name?”
I have written on an abstract level on this topic before, but my questioner is looking for a concrete checklist so I am hastily thrashing out some thoughts before bedtime, and will come back / update this later, with suggestions from Twitter and Facebook (if any).
Some thoughts and simple bullet points follow; I welcome comments and suggestions either below, or on the related Twitter thread.
What is End-to-End Security?
The value of end-to-end encryption is that only entities which can, are, and are visible as part of a group, have access to data shared with the group that is contemporaneous with their membership.
Therefore the baseline for any crimes which are enabled by lack of robust end-to-end security, are crimes which break this model; there certainly are more, but these are the low-hanging fruit.
In all instances we will use PLATFORM — rather than Facebook, Twitter, WhatsApp, Google, E-mail, Parler, Yahoo, AOL, etc, — as our hypothetical messaging platform, because it’s less emotionally charged to speak generically. In all scenarios, imagine what would happen / how much worse the situation would be, if the hypothetical PLATFORM was not end-to-end encrypted.
Data-Access Hacks
- Cloud Storage Leak: the PLATFORM development team decide to “move to the cloud” but they mess up their storage access controls, so that all user message databases are available to the whole internet.
- Cloud Hack and Exfiltrate: cloud service provider infiltration occurs, and cleartext chats and compromising pictures are exfiltrated from PLATFORM, leading to individual blackmails and suicides.
- Platform Infra Hack & Leak: someone somehow breaks into PLATFORM infrastructure and steals the conversations of several thousand people and corporate-ransoms those and all the other data for bitcoin.
- Platform API Scrape & Leak: there’s an authentication hole in the PLATFORM API and the conversations and locations of several thousand people are posted onto Bittorrent.
- Platform Auth Scrape & Leak: somebody guesses your (and others’) PLATFORM password and exfiltrates all the nude shots that you sent to your boyfriend; extortion or corporate ransom follows.
- Network Scrape & Leak: cleartext network traffic is surveilled, tampered, repeated, redirected, etc.
- Client Scrape & Leak: hypothetical: PLATFORM introduces ephemeral photo-messaging but doesn’t encrypt the image data “at rest”; scraper apps are written to recover & exfiltrate boob-flashes, dick-pics and other major teen embarrassment.
Data-Value Hacks
- Insanely unwisely, PLATFORM hosted voice recordings of children to support IoT toys, which subsequently get leaked
- Insanely unwisely, PLATFORM would host the British Prime Minister and their cabinet colleagues for both text-messaging and video-conferencing during lockdown
- It turns out that some companies want you to send them Passport and Drivers-License images over PLATFORM; and some countries also permit you to apply for visas via this mechanism, too
- It turns out that some companies want you to send them Credit Card details via PLATFORM.
- Basically: anything where you want to send valuable private data from A to B, is at risk from C, D, or E dropping in and stealing the data.
- Are you aware of the prevalence of mortgage deposit fraud and have you considered how much of that risk is due to use of unauthenticated e-mail for communication?
Opportunity-Cost Hacks
- Wouldn’t it be nice if banks had the option of replacing insecure SMS with secure E2EE chats for transactions and/or didn’t have to rely upon custom-app chats?
- Are you aware that Apple basically stitches together all of a users’ devices in a tiny cloud of end-to-end encryption, and uses that to (e.g.) synchronise payment details and browser bookmarks between all devices?
Leave a Reply