What is E2EE?

The world of online security involves a lot of potentially intimidating jargon and acronyms, but one of the most important ones to know is E2EE – which stands for End-to-End Encryption).

This is especially important when it comes to messaging apps and communication services like Telegram, Discord, WhatsApp, and even Facebook Messenger, as it's what these services use to protect your messages and ensure that any nosy third parties can’t see what you're talking about.

With E2EE, any messages you send are encrypted on your device and only decrypted once they reach your recipient's device. EE2E is the cornerstone of secure messaging over the internet, and in this article, I'll take a closer look into how it works, what the advantages are, and why some governments are looking to ban and weaken its protection.

What is E2EE?

Let's dig into the core ideas behind E2EE. We'll talk about what encryption is, why it matters, and what exactly "end-to-end" means for you when you're using the internet.

Encryption lies at the heart of everything that you do online, whether you realize it or not. Without it, the internet as we know it today couldn't function.

Without encryption, anyone could see your banking transactions, read your messages, or steal your personal data. By encrypting all this data, it is made unreadable to unauthorized parties.

E2EE is a method of encryption where data is encrypted at every point along its journey from one device to another.

"End-to-end" is a reference to the start and end destinations of the data. If you're sending a Whatsapp message, for example, the starting destination would be your device, and the end destination is the recipient's device.

“End-to-End" means that your data is protected during transmission as well as while it's on a server. Nobody else, not even the company that owns the messaging product you're using, can see the contents of the message because only the recipient has the right key to decrypt it.

How does E2EE work?

Now we know what E2EE is and why it's important, it's time to take a look at just how it works. Don’t worry, we won't get into the nuts and bolts, but it's important to have a basic understanding of how it works so you know what to look for when choosing a product or service.

Here's how the process plays out (in a nutshell):

• E2EE works by using cryptographic keys. These are made up of a public and a private key. Public keys can be shared, but private keys must be kept private as these are what will be used to decrypt the message.
• These keys are kept at the endpoints. When we talk about an "endpoint", this can be anything from a server in a data center to a desktop PC or even your mobile phone.
• The public key is used to encrypt messages. Once that key has been shared anyone can use it.
• Once a message has been encrypted, it's scrambled into random numbers, letters, and symbols. This protects it as it travels through servers belonging to third parties, like your ISP or social media platform, where it may be targeted by snoopers or criminals.
• What this all means is that once an encrypted message has been sent, only the person with the matching private key can decrypt and open it at the other end.

What is E2EE used for?

As mentioned before, the internet as we know it today would be a very different place without end-to-end encryption, but there are some places where it’s more vital than others.

E2EE’s primary use is to enhance security. This makes it key for industries such as finance, communications, and healthcare. Keeping data safe is absolutely paramount here, and any data breach carries the risk of hefty financial and reputational damage to the company.

E2EE is important for data storage uses as well, as it ensures that data kept on devices at rest is kept secure, even if they are not being actively used.

Password managers such as 1Password and Bitwarden use E2EE to protect the information you share with them – like your credit card and login details.

When sharing files online, E2EE ensures that your important personal or professional files are kept safe, preventing leaks of sensitive data should they be intercepted or downloaded by someone who shouldn't have access.

What are the advantages of E2EE?

We’ve talked about what E2EE is and what it does, as well as a little about the things it's good for, but now we’ll look more closely at those specific benefits before we talk about some of the conversations and controversies you might have seen about this technology in the news.

• Compliance: E2EE ensures that companies are able to safely comply with data protection laws like GDPR, and avoid the weighty legal problems and hefty fines that result from leaking or losing customer data.
• Privacy: E2EE prevents third-party snooping, giving users better control over who receives their communications. Messages encrypted in this way can’t be read by anyone, not even the service provider itself.
• Defeating hackers: E2EE ensures that hackers can't gain unauthorized access to your data while it's in transit – and even if they did manage to somehow extract or download anything, they still wouldn't be able to read it without also having the private key.
• Preventing tampering: E2EE ensures the security and integrity of data throughout its journey from endpoint to endpoint. If a message is intercepted in transit, for example, by someone using a compromised Wi-Fi point, the recipient won't be able to decrypt it as they won't have the necessary matching private key. This is also why we strongly recommend using one of the best VPNs when connecting to any public Wi-Fi point.
• Freedom of speech: E2EE prevents government overreach and allows democracy and freedom of expression to thrive by ensuring that everyone from regular citizens to activists, reporters, and political dissidents living under strict regimes can communicate and express themselves in safety.

Controversy about E2EE

Even though E2EE is accepted by IT professionals as being a necessity for protecting user data online, there are some governments, and government agencies, that are unhappy about the level of security it offers.

They argue that not being able to access communications makes it easier for criminals and terrorists to plan and coordinate, unimpeded by government oversight, threats of law enforcement, or security agencies intercepting their communications.

Some governments are even trying to put legislation in place, like the UK’s Online Safety Bill which became law in 2023, and Sri Lanka’s Online Safety Bill which threatens to compromise E2EE.

Others even insist that any new encryption that is developed should have a backdoor installed in it by default, ensuring that enforcement agencies and government bodies will always be able to access everyone's messages and communications.

The problem with putting any sort of intentional weakness into encryption is that you are opening that up to abuse by more than just government agencies who might want to set their net far too wide and profile innocent people.

You're giving malicious actors a foot in the door to subvert and break that encryption. There are also concerns that any changes to E2EE will simply make it easier for already repressive states around the world to probe even further into the actions and habits of their citizens. 

While E2EE might, on the face of it, make it more difficult for government agencies to snoop on criminals there are plenty of other ways to expose their activities. There are companies around the world, such as UK-based Darktrace and Searchlight Cyber, who specialize in hunting down criminals of all stripes, are they're highly successful in finding ways to expose them that don’t put ordinary citizens at risk through compromised security.