The importance of end-to-end encryption to protect personal information within app

Privacy is a basic human right. End-to-end encryption (E2EE) is a widely-used technology that protects the privacy and many other human rights of billions of people every day. It is more than a buzzword that has serious effects on user privacy in a world where messaging platforms are a standard part of everyday life.

Fundamentally, encryption prevents conversations from being surveilled by the messaging platform, sold to third- parties for monetary gain, or being exposed in the event of a company data breach. These are very important and essential attributes for a country like Myanmar where new cyber laws and regulations are being drafted and also across the globe, privacy policy acts are popping up such as the European Union’s General Data Protection Regulation, then why didn’t messaging apps start making end-to-end encryption the default?

All country’s regulations aim to safeguard the personal information of its citizens, but one common thread throughout all of them is that no regional privacy regulation obligates the use of end-to-end encryption by companies. It is purely up to the messaging platforms if they chose to implement it. Although the regulations have immensely improved the protection of user data from being collected and shared, there are still cracks within the laws that are beginning to show. Photo Source thantsettun@mangomyanmargroup.com

We have seen that non-encrypted platforms don’t protect against crime. Hackers and rogue players are continually improving their abilities to breach personal data and exploit it by either selling it into the wrong hands or using it for fraud and other criminal activity. If the data isn’t accessible at all, the risk of any sort of breach is removed entirely. Therefore, companies should continue to invest in protecting personal data and minimizing the amount of personal data they hold internally. Having end-to-end encryption by default in communications platforms in fact offers users another layer of protection from cyberattacks like identity theft, fraud, and stalking.

Messaging apps are not intended to serve criminals, but in today’s world, criminals have many means of communication beyond messaging platforms. The communication for a terror attack in London was handled through drafts in a shared email account. Criminal organizations can, without too much effort, even create a messaging app of their own. The truth is, criminals will find ways to be criminals, and stripping the privacy of other users won’t change that.

Crime can still be prevented even with end-to-end encrypted messages, as the victim can consensually share their communication directly with the authorities. When the criminal is detained and their device is confiscated, the authorities could gain access to the encrypted communications that way, as well. End-to-end encryption can still be applied, and authorities can use other methods to fight crime.

Unfortunately, it doesn’t look like end-to-end encryption will be incorporated into global privacy regulations anytime soon for a number of reasons. Current privacy regulations don’t implement exact methods for protecting personal data, but just a general rule, which is open for interpretation. Having no specific checklist leaves many corporations skirting the line of what’s allowed.

For now, the responsibility of being end-to-end encrypted falls with the providers of messaging apps and the consumers opting to use those services. With more consumers pushing the providers of messaging platforms to offer it by default, this will reduce sensitive personal data from falling into the wrong hands, and consumers will limit the risk of their personal conversations being exposed or exploited by malicious players or used for profit.

Until we reach a point where end-to-end encryption is incorporated into our privacy laws, consumer education will be key in the progress of privacy protection. Many consumers do not make an informed decision as to which service to use, but only care when it’s too late and their data has been breached. The hope is that, with time, the future of privacy regulations will be end-to-end encryption as the default setting for everyone.