Privacy, we don't know - Intelligence agencies and governments are looking for solutions to access the encrypted communications of the population. In their sights are the tech companies that produce end-to-end encryption tools.

The Five Eyes call for the end of end-to-end encryption
FVEY (Five Eyes) is the alliance of the intelligence services of the United States, the United Kingdom, Canada, Australia and New Zealand.

This supranational alliance calls on technology companies to cooperate with governments. FVEY expects these firms to provide access to the encrypted content being exchanged on their platforms.

Five Eyes

The international declaration, dated Sunday 11 October, is also signed by government representatives from India and Japan.

"Particular implementations of encryption technologies pose significant challenges to public security, including highly vulnerable members of our societies, such as sexually exploited children. We urge the industry to address our concerns when encryption is used in a way that completely excludes legal access to content. »

The "reasonable and technically feasible" solutions proposed in this statement are as follows:

Firstly, companies must design communication systems that enable them to act effectively against illegal content and activities. These systems should facilitate investigation and prosecution, while protecting vulnerable persons;
Second, law enforcement authorities should be able to access the content of these systems, in a readable and usable format (subject to legally issued authorisation);
Finally, technology companies should engage in consultations with governments to design such systems.
In concrete terms, this means setting up backdoors. These secret breaches in the encryption functions would allow the authorities to access the content of exchanges.

The European Union has the same desire
The EU also wants to put an end to end-to-end encryption.

It wants to combat child exploitation and paedophile crime. On 9 June, the European commission and the parliament's intergroup on the rights of the child hosted a webinar on the subject.

Ylva Johansson, EU Commissioner for Home Affairs, called for "technical solutions" to the "encryption problem".


The Politico website leaked the document describing these solutions. Paradoxically, the idea is to access encrypted data ... while keeping the benefits of encryption.

Client-side scanning is considered particularly effective. This technique is used before the data is encrypted. The application scans their content in real time, on the user's device, and compares it with a "black list".

First of all, the app hacks the user's data (unencrypted) before sending. Then the hashes are compared with the black list. This database includes hashes of data deemed illegal (e.g. child pornography images). If there is a match, the content of the message is deemed illegal and the application will not encrypt it.

Homomorphic server-side encryption
https://i.goopics.net/97WDg.jpg

A long-lasting war... everywhere
The Chinese government has chosen this approach to combat the use of WeChat. Of course, it is the death knell for end-to-end encryption. End-to-end encryption means that only the sender and recipient of a message can access its content.

By design, this technique does not allow the contents of the blacklist to be known. Indeed, the hash functions are one-way. As a result, only the holders of the illegal data can know whether the blacklisted hashes are limited to paedo-criminal content.

The American agencies have been leading the fight against end-to-end encryption for several years. Now they can count on allied governments and European authorities.

Of course, the fight against paedo-crime is more than commendable. However, tackling end-to-end encryption is a lost cause in the fight against this scourge. Criminals will only have to go through open source applications, not those of the big companies that will set up these surveillance systems.