There has been lots of discussion in the past two weeks, which is sure to continue; about the role that end-to-end encryption plays in criminal and terrorist activity around the world. One of the common misconceptions in these stories is that end-to-end encryption technology can effectively allow people to ‘go dark’ and communicate invisibly. In the below comment Jonathan Parker-Bray, CEO of Criptyque, makers of the newly launched, secure communications solution Pryvate, explains why this is not the case and proposes a radically different approach for addressing malicious mobile phone use in the UK.
[su_note note_color=”#ffffcc” text_color=”#00000″]Jonathan Parker-Bray, CEO of Criptyque, Makers of Pryvate :
Following the saddening events in Paris, the debate on end-to-end encryption has intensified. Many people in governments and the media are calling end-to-end encryption to task and saying that once these apps are installed on people’s devices, that these people ‘go dark’ and become invisible.
The fact is that this is untrue, there will always be meta-data available to law enforcement such as what number called what other number and which devices are communicating. This is generated because of the nature of the mobile phone networks and the internet, whereby this information is required to connect the devices in the first place and therefore it cannot be obfuscated or hidden, even for encrypted communications solutions. The real issue is that often this data is meaningless due to the ability of malicious actors to purchase disposable mobile devices freely. It allows anyone who wishes to make a secure call to buy a ‘burner phone’ with cash and discard it immediately afterwards.
Rather than weakening encryption, which will harm secure communications for the public and businesses by creating a backdoor that allows the content to be decrypted, what is needed is a national internet-device database which keeps a record of the purchaser/owner of every internet-enabled device. This would also include legislation on the supply of these devices which requires purchasers and re-sellers to record the ID of the purchaser and forces mobile operators/ISPs to require a license number before providing connectivity services. This would be a similar national licensing service to the one applied to cars/TVs, simply requiring registration for any that is in use in the country. By using this data, law enforcement would be able to obtain the paper trail they are hoping for, and draw connections when persons of interest communicate. It would also remove the capabilities for terrorists and criminal gangs to use burner phones and communicate freely over the telephone.
Interestingly there is precedent for this approach as the government has always placed restrictions and regulations on other devices capable of transmission of content, like TV and radio stations. If we look back to the radio and television eras, any device capable of broadcasting to a large number of people was regulated and licensed – so why should internet-enabled devices be any different?
A mobile phone, a tablet or a laptop in a digital society has the power to send a message to anyone anywhere in the world, and it is possible to find the originating device. It is perfectly reasonable for the police to be able to track who sent it, or who is talking to whom, but the answer isn’t access to the content en masse, it is better knowledge of the devices themselves. This proposed solution would enable tracking and group chat identification and is surely a much stronger and more robust solution than attempting to monitor the masses when in fact it’s the few that need this level of control.[/su_note]
[su_box title=”Jonathan Parker-Bray, CEO at Criptyque, Makers of Pryvate” style=”noise” box_color=”#336588″]Jonathan Parker-Bray, is CEO at Criptyque, makers of Pryvate. Pryvate is the only fully secure mobile platform that allows all business and personal communications to remain private and free from hacking. Pryvate’s Triple Layered RSA 4096, AES 256 and Dh encryption and industry leading encrypted architecture ensures it is impossible to leak or hack into its users’ email, Instant messages, video and voice calls.
The Pryvate platform consists of three products: Pryvate, Pryvate Premium and Pryvate Enterprise. Pryvate Consumer is a network agnostic app that provides totally secure communication services available across voice calls, conference calls, video calls, instant messenger and email at a low cost. Pryvate Premium adds anti-blocking and secure file storage, GUI multi-account management tools, on line support that provides companies with truly secure accounts for their employees. Pryvate Enterprise provides users with a secure IP desktop phone to ensure all voice and video calls remain private plus the advantages of Pryvate Premium.
Pryvate was founded by CEO Jonathan Parker-Bray and is fully owned by Criptyque Limited, a privately held company incorporated in Jersey, placing it outside the jurisdiction of the United Kingdom.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.