so recently the
home secretary of
the united kingdom government was on
breakfast news or something along those
lines and was talking about how
criminals are using end-to-end
encryption to essentially evade
detection and this is unacceptable
now in some sense that's very much true
it is unacceptable um criminal activity
is unacceptable um but
what they're suggesting is that we find
a way to remove this encryption or we
find a way of only allowing certain
parties like trusted government parties
to have access to it so before we
declare that as insane let's let's look
at what that means and what end-to-end
encryption is
and if that's even feasible
let's imagine that i'm using whatsapp or
facebook messenger or some other
end-to-end encrypted messenger with you
right so you have a phone here right
could be a phone could be a a computer
it's not really important some device
right with a screen this is why i'm not
employed to design these things this is
you but i'm going to call you alice this
time because we always do that uh
does that make you bot it does so we've
got alice and bob here having a
communication between two phones there's
going to be some communication mechanism
between these two devices right it could
be sms or you know gsm phone signal or
it could be something like wi-fi over
the internet in all of these cases
there's usually going to be an
intermediary server handling this
transport these phones aren't capable of
connecting to each other on their own
apart from things like nfc where you
come really close so there's going to be
some server in here which i'm just going
to label s which in the case of whatsapp
will be a whatsapp server and obviously
going to be a server for whatever
product you're using now anytime that
bob sends alice a message it's going to
go via the server by definition because
that's the thing that relays the
messages to alice it knows how to
communicate with alice you know it knows
what her phone number is it has a list
of your contacts and things you know
this is how it works this could be a
phone provider and there's going to be
you know phone antennas and things in
this mix but it's not important so this
message here is going to come in this
way from bob and it's going to go over
to alice like this the issue is if we
want to encrypt this channel right we
want certain people not to be able to
read it if i'm sitting on a router
somewhere on the internet here we don't
want me to go oh that's a nice message
with your credit card details in i have
that right so that's what we're trying
to avoid here because that's how email
works right yeah you could sit there and
absolutely and people do encryption of
channels is nothing new right we've seen
it for a long long time right these
these techniques things like uh public
key cryptography and some of these
cyphers have been around for many years
so how do we do this well there's really
two options the first is that alice
could negotiate some
shared secret key with the server we'll
call that key k
a s so that key there could be used by
alice to talk to the server and she
could send a message encrypted by kas to
the server and say please can you
forward this message to bob bob will
have another key with the server kbs and
that's what he uses to communicate
obviously here alice doesn't know what
kbs is and bob doesn't know what k-a-s
is the server decrypts a message using
kas that it knows and then re-encrypts
it with kbs and forwards it to bob now
this is not end-to-end encryption
because obviously it's been decrypted
halfway through in some sense that's a
good thing right if i'm a terrorist or a
criminal and i send a message this
server could perform some kind of
rudimentary checks to make sure i wasn't
doing anything untoward but for obvious
reasons a lot of people don't like this
idea what entering encryption does is
replace these two keys with a key that
only alice and bob know the idea being
that this server is quite happy to relay
the packets back and forth but it
doesn't have any idea what's in them and
this works out very well for this server
as well because when someone says can
you give us this data they can
reasonably say no not because we don't
want to but because we actually can't
the process we use for this is something
called a key exchange the obvious
problem here is that at some point alice
and his server have got to share a key
without an encrypted channel when she
first ever connects they haven't got
this key yet right and so how do we get
the key there's a sort of chicken and
egg problem
the solution was proposed by diffient
hellman which is the diffie-hellman key
exchange right we're not going to go
into the details of the mathematics of
diffie-hellman in this video but i'll
simply say that alice and bob both have
public and private components of this
key they share the public ones and then
they use the private ones in secret to
create a shared key that no one else can
know that's essentially how it works so
it's a way of even via the server
producing a shared key k
a b
that no one else knows so now they have
this shared communication channel so
when you first connect you will send
some identifiers to the server you will
establish a public and private key pair
and then from then on anytime you want
to connect to anyone new you will
generate one of these keys is called
ephemeral which means that basically you
generate one almost every message if not
every message for some of these apps the
important thing is that the server
although they relayed these messages is
not involved in this key exchange
process and can't
inject itself in the middle which means
that it doesn't know what kab is and it
can't decrypt the message physically
when a minister or someone in the media
says what we really want to do is allow
some kind of entry for government into
this system you can quite reasonably say
that isn't possible because you'd have
to inject something in the middle of
this key exchange which would completely
undo it so let's think about the
different ways we could do it and
discuss whether they're practical okay
so the first one is we could go back to
this system here so we could have alice
talking to the server in a secure way
using a key exchange we could have bob
talking to the server in a secure way to
a key exchange and the advantage would
be that if let's say a judge ordered a
warrant on some of this data the company
would have it on their servers probably
decrypted and they could send it off in
some sense i don't absolutely object to
that because i don't really have
anything to hide right that's the
obvious argument but the problem is that
if this server ever gets hacked
everyone's messages and emails and
pictures get dumped out on the internet
right we've seen that happen lots of
times we can't know for sure but this is
secure right so in in some sense what
we're doing is introducing a very big
point of failure that could be
catastrophic simply so that the very few
people that do things illegally could we
could serve a warrant on those people
another alternative but gets sort of
suggested is this kind of back door now
in some sense this is a back door
already this double key mechanism but
when we talk about a back door what
we're really talking about is some
mathematical property of this key
exchange that no one else knows about
that means that we could actually
decrypt the messages is the idea again
this is a huge problem it's a problem
because if someone else a criminal finds
out this flaw then again all our photos
are dumped out onto the internet and it
seems unlikely to me that
the majority of people who found this
floor would publicize it straight away
right they would quite happily
sit on it and see what interesting
things they could find out that's a kind
of that kind of worrying
so again
i have some concerns about that approach
as long as we don't have a back door
then there's no way for them to get in
there is there uh
well so yes and no right the issue is
that the messages have to be decrypted
somewhere because they have to be
presented onto your screen right so
alice receives this message her mobile
app receives the message
using kab it decrypts it and then
it's on the screen right at this point
someone just steals the phone runs off
and reads the messages or bugs the phone
um and reads the messages routinely has
them forwarded on in this day and age of
quite secure end-to-end encryption
the much more likely target of attack is
not the encryption itself it's just the
end points so i've got your phone here
right which you've kindly left the pin
code off for me and i can just scroll
through your messages and read them all
right they're not encrypted because that
encryption has been removed once it got
to this end point so it's basically
automatically decrypted then well yes to
have a good user experience it's got to
essentially hide all that encryption
away and it presents you with a nice set
of of readable messages so in some sense
then your security relies on your pin
code and the operating system running on
your phone or your laptop device um and
if those are vulnerable then you know it
really the end-to-end encryption is
completely circumvented
this is directly adding content to my
normal vision the problem is the area
that it has to add this content
is really very narrow i think it's the
equivalent of