E2E encryption: Should big tech be able to read people's messages?

Cyber correspondent Joe Tidy explains how end-to-end encryption works

Meta's Mark Zuckerberg is on a collision course with the UK government over continued plans to build super-secure messaging into all his apps despite a potential landmark law that could effectively outlaw the technology. Around the world, governments that also oppose the popular technology are watching the showdown closely to see who will blink first.

"End-to-end encryption", "backdoors" and "client-side scanning" - the biggest row in technology sounds very complicated.

But really it comes down to a very simple question. Should technology companies be able to read people's messages?

That is the crux of a row that has been brewing for years between Silicon Valley and the governments of at least a dozen countries around the world.

WhatsApp, iMessage, Android Messages and Signal all use the super-secure system called end-to-end encryption.

The technology means only the sender, at one end, and the receiver, at the other, can read messages, see media or hear phone calls. Even the app makers cannot access the content.

Big switchover

In the past 10 years, end-to-end encrypted apps have become increasingly popular, with billions of people using them every day.

Most governments and security agencies reluctantly accepted the technology's rise - until four years ago, when Mr Zuckerberg announced on stage the Messenger app and then Instagram would move to end-to-end encryption as standard.

"We're going to enable more than two billion people around the world to have their most personal conversations with each other privately," he said.

Since then, Mr Zuckerberg and his army of engineers have slowly and quietly been cracking on with the project. The company is refusing to speak to reporters on the record about how the mammoth task is going or when the big switchover will be. "By the end of 2023," is all it will say publicly.

Getty Images Facebook Messenger on a phoneGetty Images
The Messenger app is linked to Facebook and has an estimated 900 million users a month

Meanwhile, the calls to stop the switchover or build in safeguards have been growing louder.

Authorities in the UK, Australia, Canada, New Zealand, the United States, India, Turkey, Japan and Brazil - plus law-enforcement agencies such as Interpol - have criticised the technology.

But no government in the democratic world has risked passing a law that will interfere with these popular apps - until now.

Making technology companies build in some sort of technical backdoor to allow messages to be scanned for illegal material is one of the central tenets of the UK's wide-reaching Online Safety Bill, which looks likely to be passed into law in the near future.

Police officers, if they can no longer ask Meta for the contents of people's messages, will miss out on a key source of evidence they regularly use to convict criminals or terrorists, the government says.

And there is a particular concern about children being groomed online in secret.

End-to-end encryption "will be a huge boon to anyone who wants to hurt a child", Home Secretary Suella Braverman wrote to Mr Zuckerberg on Monday.

PA Media Suella BravermanPA Media
Home Secretary Suella Braverman has led the government's opposition to end-to-end encryption apps

And on Wednesday, the National Society for the Prevention of Cruelty to Children (NSPCC) has released a YouGov survey it commissioned, suggesting the British public wants police officers to be able to access people's messages, to protect children.

Of the 1,723 adults surveyed across the UK, 73% said technology companies should, by law, have to scan private messaging for child sexual abuse and disrupt it in end-to-end encrypted environments.

Most already scanned for child sexual abuse on their services, leading to many successful convictions, the NSPCC said.

"It is now clear that companies who wish to pit children's fundamental right to safety against the privacy rights of adults are out of step with the public and, ultimately, their user base," Richard Collard, at the charity, said.

In response to the survey, a Meta spokesman said the company had "developed safety measures that prevent, detect and allow us to take action against this heinous abuse" - age restrictions for contacting strangers, for example.

'Undermines privacy'

Also on Wednesday, as if to highlight the passions on both sides of the debate, 68 prominent security and privacy researchers have published a letter saying the Online Safety Bill would effectively break end-to-end encryption.

The bill puts the onus on tech firms to find a way to implement child safety measures whilst maintaining privacy for users but the experts say this is impossible.

"Our concern is that surveillance technologies are deployed in the spirit of providing online safety," the letter says.

"This act undermines privacy guarantees and, indeed, safety online."

It also sets a precedent for repressive regimes around the world to monitor and control what people are sharing, experts say.

Rebuilding trust

WhatsApp and Signal, meanwhile, have said they would rather remove their services from the UK than degrade end-to-end encryption security.

And to make matters worse for critics of the technology, Elon Musk announced, in May, he too was building end to end encryption, into Twitter messages.

Switching to the technology is complex and expensive, as evidenced by Meta, but ultimately worth it tech bosses think.

After years of data scandals, big tech sees it as key to rebuilding trust in its services.

And in a happy coincidence, end-to-end encryption makes these embattled companies' tricky job of moderation a lot easier - if they cannot see what users are sharing, then neither can they police it.