End-to-end encryption (aka E2EE) is one of those technologies that's easy to take for granted. Apps you probably use daily like Signal, WhatsApp and even iMessage use E2EE. It helps sex workers and clients communicate with peace of mind that their discussions are private. It's not a stretch to say that without end-to-end encryption, sex work would be orders of magnitude riskier than it already is.
That's also the reason cops hate end-to-end encryption. I'm not just guessing that they hate it, they've been telling us for years that they hate it.
Giving an uncommon statement to the media, the UK's MI5 chief labelled E2EE in 2021 as "giving those rare people – terrorists or people who are organising child sexual abuse online, some of the worst people in our society – a free pass where they know that nobody can see into what they are doing in those private living rooms".
The director of the FBI told Texas A&M University in 2023 that E2EE enables "an entirely unfettered space that’s completely beyond fully lawful access — a place where child predators, terrorists, and spies can conceal their communications and operate with impunity — and we’ve got to find a way to deal with that problem".
Addressing the Australian Press Club in 2024, the boss of ASIO said that "unaccountable encryption is like building a safe room for terrorists and spies, a secure place where they can plot and plan", and went on to compare E2EE messaging apps to "a section of a city where violent extremists could gather with privacy and impunity".
Noticing a theme here? All of the most powerful cops in the UK, USA and Australia wheel out the usual cliches, including conflating sex work and sex trafficking, to scare us into thinking E2EE is something evil rather than a tool used every day by ordinary people just doing their jobs. In those speeches and comments are also excuses like "we're big fans of encryption, and want people and companies to be able to keep their data safe", "asking the tech companies to do more" and they only want to read our messages on "rare occasions".
Do their claims have any merit? Is it possible, like law enforcement insists, to retain the privacy afforded by E2EE while also giving them a way to intercept and monitor the communications of "bad guys"?
How end-to-end encryption works
The core concept of E2EE is that when a message leaves your device and arrives on the other person's device, that message is encrypted the entire way. The contents are never revealed until the other person opens their device and reads it, because only the people involved in the conversation have the keys to unlock those messages. Police can ask the service operator to give them the keys, but the operator doesn't have them so has nothing to hand over.
An extra layer of privacy - referred to as "encryption at rest" - means that the messaging service stores messages on their servers encrypted as well. This allows users of the service to access their messages on multiple devices. In this scenario you also have the key used to encrypt this data, so if the police ask for records or chat logs of conversations, the operator of the service can say "bro, we legit can't see these messages, yeah they're on our servers but they're encrypted and we don't have the keys and we also don't know how to crack the encryption used".
Why do cops hate E2EE?
People organising their crimes on the internet has made life easy for law enforcement. Instead of boring stakeouts and difficult surveillance, they get a warrant, serve it to an ISP and sit in a comfy office to collect information on suspects. In some circumstances and jurisdictions, they don't even need a warrant. Hell, with the current state of advertising driven data collection and systems like Palantir and Auror, surveillance data is handed to law enforcement on a silver platter.
E2EE makes life difficult for law enforcement. They can't tap someone's phone to hear what they're saying. They can't read their emails. They can't access chat room logs. All that stuff has migrated to E2EE apps now. Obtaining hard evidence, like written proof that someone admits to doing something, is no longer an option if E2EE is used instead of traditional internet communications.
For possibly the first time since the invention of mass communication, the regular person has an upper hand over law enforcement and a way to genuinely have private conversations. Previously such technology was too difficult to use, but now it's everywhere. The information power dynamic flipped and that scares the shit out of law enforcement, the government, and other powerful entities, so of course, it has to be squashed so us proles don't get too uppity.
Can't we give cops access without compromising privacy?
The simple answer is no. The two concepts are total opposites. There's no combination of privacy and surveillance that are compatible with each other when it comes to E2EE.
Law enforcement talks about "key escrow" (registering your encryption keys to the government so they can have a poke at your messages at their leisure), "ghost users" (silently adding a law enforcement participant to a group chat) or "automated on-device scanning" (literally scanning everything that appears on your device's screen and flagging anything suspicious), but these are unserious ideas from unserious people.
From a technical perspective, as soon as you integrate a third party into E2EE, that encryption is no longer "end to end", is it? Someone not involved in the conversation suddenly has an unencrypted copy of the messages and then it's game over for privacy. There's also the inevitable external compromise and internal staff abuse of whatever half-arsed system is built by a government contractor for access to the unencrypted messages.
What law enforcement doesn't say is that by sticking their beaks into everyone's business, they're disproportionately violating our human right to freedom of opinion and expression. The United Nations said way back in 2015 that "encryption and anonymity enable individuals to exercise their rights to freedom of opinion and expression in the digital age and, as such, deserve strong protection". Compromising E2EE compromises freedom for all of us.
Join the fight to protect E2EE
Governments all over the world are listening to the complaints of their law enforcement agencies who are demanding not only legislation to allow them access to E2EE messages (many already have this legal right!) but to start forcing and punishing tech companies for not bending to their will.
The good news is that tech companies do fight back when pushed into compromising security for their users. When the UK forced Apple to give them access to information encrypted by the Advanced Data Protection feature, Apple didn't give in, but instead removed the feature for new customers in the UK, avoiding compromising it for the entire world. WhatsApp and Signal have said they'll do the same in the UK if they are put in the same position.
While it's great that some tech companies have grown a spine, it's better for everyone if the laws that enable governments and law enforcement to force tech companies compromise E2EE aren't created in the first place.
We can support the great organisations doing the hard work of talking to policy makers, educating them about why E2EE is vital for everyone, including sex workers, and dispelling the myths law enforcement uses to sway politicians and their staffers.
- Electronic Frontier Foundation
- Digital Rights Watch
- Access Now
- Fight For The Future
- Electronic Frontiers Australia
Got a tech question for Ada? She wants to hear from you!
Ada answers all your questions about tech, the online world, and staying safe in it. No question is too silly, no hypothetical is too far-fetched! Learn to leverage devices, systems, and platforms to your benefit.
