Not all encryption is created equal
COMMENTARY | True end-to-end encryption services are robust and hardened enough to meet the complex and stringent security and privacy requirements most government enterprises demand.
End-to-end encryption is by no means a novel idea. The need and value of private and secure communications came of age more than a decade ago when E2EE was proposed as an additional layer of encryption for Global System for Mobile Communication and Terrestrial Trunked Radio mobile communications standards. Today, practically every consumer-oriented information-sharing service offers some form of data encryption, but not all are E2EE, and confusion persists about what true E2EE consists of.
To resolve this confusion, we need only turn to the accepted definition for E2EE that is been in place since 2014: E2EE is a secure communication method that encrypts data at the sender's device and decrypts it only at the recipient's device, making it impossible for anyone in between to read or modify the data. True E2EE provides a very high level of security as it ensures that no unwanted third party can intercept the communication. Further, unlike simpler encryption methods, E2EE can provide mathematical proof of security through the use of public/private key cryptography, algorithms that factor large prime numbers and digital signatures that ensure the authenticity of the sender.
This definition clearly articulates the security functions and requirements that enable government agencies to deploy E2EE services securely. True E2EE services are robust and hardened enough to help organizations meet the complex and stringent security and privacy requirements most enterprises demand. At the same time, they offer the ability to communicate quickly and securely, while allowing agencies to minimize risk and maximize compliance.
Public and private sector organizations can successfully integrate E2EE into their communications and file sharing platforms by embracing best practices. Below are the key attributes of secure communications that enterprises should consider when designing their E2EE models.
- Integrate encryption and data retention into one solution. For some time, data retention was deemed to be at odds with the idea of private, secure communications because—from an adversarial context—retained data was vulnerable data. However, in today’s enterprise-grade E2EE services, encryption and data retention coexist and cooperate. Administrative features should be flexible and designed to safeguard sensitive information and retain data as required for compliance obligations, legal hold, auditing and after-action reporting purposes. Data retention timeframes should be policy-based, so users and administrators can easily set parameters via a dashboard to keep communications data as long as necessary and dispose of it securely when no longer needed.
- Go beyond standard security and privacy. While many messaging apps offer some form of encryption, not all of them use E2EE. Simply using 256-bit Advanced Encryption Standard (AES) at the server or at the endpoints is not enough. To be end-to-end, the service must have full encryption, including during transit. It is the only way to ensure messages, files and voice or video calls are only accessible to their intended recipients.
- Employ zero-trust cryptography to minimize tradeoffs between security, speed and simplicity. The idea that third parties won’t access or leverage encrypted data because there is no economic incentive to do it is weak, if not faulty, reasoning that will not satisfy enterprise rigor. Secure E2EE embraces a zero trust model, in which no third party can access the data because the encryption only allows the people who are transacting to touch it. Eliminating adversarial concerns, zero trust cryptography allows organizations to deploy and modify services in real time, use bots to automate processes and provide flexible, multidevice access.
- Build a fluid, federated network. Users on one agency network can send and receive messages with users on other networks, without having to switch to a different service or platform. Agencies retain the ability to administer services to internal users or create a federated system based on short- and long-term needs. In almost any multiagency effort, federated networks can be quickly configured, deployed and decommissioned when they are no longer needed. Data retention is also becoming fluid, with retention policies and periods that can be assigned to individuals or groups based on their roles or varying legal requirements.
- Design for data sovereignty. Individuals and organizations retain control over their data and how it is used, stored and shared. Information can be logged to a private, customer-controlled data store for retention and auditing purposes. Agencies that want full control of the system can create isolated virtual machines that are separate, hardened, highly constrained and can provide mathematical proof of security on the software, encryption and infrastructure. Users have comprehensive administrative control over data, which includes setting permissions, configuring ephemeral messaging options and defining security groups.
These E2EE best practices reflect the brave new world of enterprise-grade secure communications—where encryption and data retention coexist and cooperate. It’s a world in which government agencies no longer have to accept tradeoffs between protecting the confidentiality of sensitive information, reducing the risk of data breaches and complying with data retention requirements. While they are not a be-all and end-all solution to every agency challenge, E2EE is usable, effective, efficient and secure. Embracing enterprise-grade E2EE as their default encryption standard will allow agencies to carry out their work with confidence, knowing that their communications are protected and that they are accountable to the public.
Arvind Muthukrishnan is the head of product and design for AWS Wickr.