The UK and EU governments are engaging in a new battle over end-to-end encryption (E2EE) and the issue of backdoors. The primary concern for law enforcement and governments is the potential for criminals to use E2EE to “go dark.” In the EU, the focus is on the Child Sexual Abuse Regulation, while in the UK, it is the Online Safety Bill (OSB). However, the implications of these measures could extend to the privacy of all law-abiding citizens.
A letter signed by 80 technologists and civil rights organizations expressed concern about the potential requirement for encrypted message scanning capabilities, emphasizing the severe privacy and security risks involved.
Apple also raised alarm about the threat to end-to-end encryption posed by the Online Safety Bill, urging the government to protect this crucial capability.
Matrix.org and Element, two organizations founded in the UK, offer E2EE technology that is used by government departments, corporations, and individuals. Matrix is an open protocol for secure communications, while Element is an E2EE company established to support Matrix and showcase its potential.
The system is decentralized, allowing the installation of Matrix servers on individual equipment, and when combined with Element, it creates a secure E2EE network. Matrix/Element has worked with government agencies in France, Germany, and the United States, providing secure communications tailored to their specific needs.
Element’s core encryption is similar to Signal, another prominent E2EE provider. The encryption process involves a series of keys that regenerate to ensure future key predictability is difficult.
Matrix/Element has adopted the double ratchet implementation called “olm,” named after a salamander species. The organizations have also collaborated with the IETF on messaging layer security (MLS), which offers forward secrecy and post-compromise security through key rotation or replacement.
While Matrix/Element maintains a firm stance against introducing government backdoors or scanning capabilities, the impact of the Online Safety Bill on their E2EE services remains uncertain. The details of the bill are still unknown, and concessions may be made, possibly excluding corporate and government communications. However, the implications for personal and enterprise communications in the era of remote work are yet to be determined.
If the bill becomes law, E2EE apps like Element, Signal, and WhatsApp may need to be removed from app stores to prevent the public from accessing secure communication technology. The potential difficulty of distinguishing personal from corporate communication poses a challenge for the UK government.
