End to End Encryption
News: Apple, on Wednesday, announced it will be increasing the number of data points protected by end-to-end encryption on iCloud from 14 to 23 categories. The company claimed that with end-to-end encryption, user data
will be protected even in case data is breached in the cloud.
What is End to End Encryption?
End-to-end encryption is a communication process that encrypts data being shared between two devices. It prevents third parties like cloud service providers, internet service providers (ISPs) and cybercriminals from accessing data while it is being transferred.
The process of end-to-end encryption uses an algorithm that transforms standard text into an unreadable format. This format can only be unscrambled and read by those with the decryption keys, which are only stored on endpoints and not with any third parties including companies providing the service.
Where is it used?
End-to-end encryption is used to secure communications. Some of the popular instant-messaging apps that use it are Signal, WhatsApp, iMessage, and Google messages.
However, instant messaging is not the only place where user data is protected using end-to-end encryption. It is also used to secure passwords, protect stored data and safeguard data on cloud storage.Advantages of End to End encryption (E2EE)
It ensures that user data is protected from unwarranted parties including service providers, cloud storage providers, and companies that handle encrypted data.
End-to-end encryption is also seen as a technology that secures users' data from snooping by government agencies, making it a sought-after feature by activists, journalists, and political opponents.
With E2EE, the decryption key does not have to be transmitted; the recipient will already have it. If a message encrypted with a public key gets altered or tampered within transit, the recipient will not be able to decrypt it, so the tampered contents will not be viewable.
Many industries are bound by regulatory compliance laws that require encryption-level data security. E2EE can help organizations protect that data by making it unreadable.
Limitations of E2EE:
Some E2EE implementations allow the encrypted data to be encrypted and re-encrypted at certain points during transmission which makes it important to clearly define and distinguish the endpoints of the communication circuit. If endpoints are compromised, encrypted data may be revealed.
Government and law enforcement agencies express concern that E2EE can protect people sharing illicit content because service providers are unable to provide law enforcement with access to the content.
End-to-end encryption does not protect metadata, which includes information like when a file was created, the date when a message is sent and the endpoints between which data was shared.
Encryption in India:
India does not have a specific encryption law. Although, a number of industry rules, such as those governing the banking, finance, and telecommunications industries, include requirements for minimum
encryption standards to be utilised in protecting transactions.
The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 – The new rules have the potential to impact the E2EE techniques of social messaging applications like Whatsapp, Telegram etc.
The IT Act, 2000 is devoid of any substantive provision or policy on encryption.
News: Apple, on Wednesday, announced it will be increasing the number of data points protected by end-to-end encryption on iCloud from 14 to 23 categories. The company claimed that with end-to-end encryption, user data
will be protected even in case data is breached in the cloud.
What is End to End Encryption?
End-to-end encryption is a communication process that encrypts data being shared between two devices. It prevents third parties like cloud service providers, internet service providers (ISPs) and cybercriminals from accessing data while it is being transferred.
The process of end-to-end encryption uses an algorithm that transforms standard text into an unreadable format. This format can only be unscrambled and read by those with the decryption keys, which are only stored on endpoints and not with any third parties including companies providing the service.
Where is it used?
End-to-end encryption is used to secure communications. Some of the popular instant-messaging apps that use it are Signal, WhatsApp, iMessage, and Google messages.
However, instant messaging is not the only place where user data is protected using end-to-end encryption. It is also used to secure passwords, protect stored data and safeguard data on cloud storage.Advantages of End to End encryption (E2EE)
It ensures that user data is protected from unwarranted parties including service providers, cloud storage providers, and companies that handle encrypted data.
End-to-end encryption is also seen as a technology that secures users' data from snooping by government agencies, making it a sought-after feature by activists, journalists, and political opponents.
With E2EE, the decryption key does not have to be transmitted; the recipient will already have it. If a message encrypted with a public key gets altered or tampered within transit, the recipient will not be able to decrypt it, so the tampered contents will not be viewable.
Many industries are bound by regulatory compliance laws that require encryption-level data security. E2EE can help organizations protect that data by making it unreadable.
Limitations of E2EE:
Some E2EE implementations allow the encrypted data to be encrypted and re-encrypted at certain points during transmission which makes it important to clearly define and distinguish the endpoints of the communication circuit. If endpoints are compromised, encrypted data may be revealed.
Government and law enforcement agencies express concern that E2EE can protect people sharing illicit content because service providers are unable to provide law enforcement with access to the content.
End-to-end encryption does not protect metadata, which includes information like when a file was created, the date when a message is sent and the endpoints between which data was shared.
Encryption in India:
India does not have a specific encryption law. Although, a number of industry rules, such as those governing the banking, finance, and telecommunications industries, include requirements for minimum
encryption standards to be utilised in protecting transactions.
The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 – The new rules have the potential to impact the E2EE techniques of social messaging applications like Whatsapp, Telegram etc.
The IT Act, 2000 is devoid of any substantive provision or policy on encryption.