Research and practitioners' insights
End-to-end encryption: the (fruitless?) search for a compromise
This Research and Practitioners' Insight is the text of the lecture delivered by Ciaran Martin, Professor of Practice in the Management of Public Organisations, to the Bingham Centre for the Rule of Law on 9 November 2021.
Before joining the School, Ciaran Martin was the founding Chief Executive Officer of the National Cyber Security Centre, an organisation part of the UK government which provides cyber security guidance and support. For the first time since leaving government, Ciaran speaks about the hotly debated topic of end-to-end encryption.
Governments and tech firms have long been wrestling over end-to-end encryption (E2EE), the process of encrypting data between two devices so that only the sender and the receiver are able to view the contents. From one side, governments are concerned that law enforcement and intelligence capabilities to fight terrorism, online child abuse and other digital harms are diminishing and accuse Big Tech of putting profits before safety. On the other hand, the tech industry accuse governments of using online crime as a cover for the so-called 'mass surveillance'.
In the lecture, after providing some historical background, Ciaran describes the search for a compromise and tests if one is possible. He looks in particular at the UK government's tones. Finally, he sets out his personal view on the matter.
"Post pandemic, when we all went to live and work online in our artificially created digital environment, cyber security is a public good. In societies like ours, it is increasingly hard to think of instances where the benefit of weakening digital security outweighs the benefits of keeping the broad majority of the population as safe as possible online as often as possible. There is nothing to be gained in doing anything that will undermine user trust in their own privacy and security."
A summary of the lecture is available exclusively for Prospect: Ex-security chief: the government must prove its encryption plans work—or abandon them.