In recent years, the negative impacts of social media and other global technology platforms have become a top concern for people around the world. The danger seems to grow by the day: Recently, we learned that the popular encrypted messaging service WhatsApp has been sharing user data with Facebook since 2016. The news comes as social media giants such as Twitter and Facebook, once lauded for facilitating the free dissemination of ideas, are increasingly seen as having failed to effectively moderate misinformation and conspiracy theories on their platforms. The internet, as currently constituted, has a dark side.
Government action to legislate privacy protection, from Europe to California, is a reflection of the public’s increasing concern for their online safety. But bewilderingly, in the midst of the growing demand for strong privacy protections, governments around the world are also working to kneecap the very encryption that makes true privacy possible in the name of public safety.
When it comes to strengthening digital privacy, the most important technologies are end-to-end encryption and decentralization. They’re even more powerful when they’re combined. Here’s how encryption and decentralization could work together to protect your safety and privacy online.
Not all encryption is created equal
“Encryption” is a widely used and poorly understood term. When we say something is encrypted, what we mean is that its characteristics have been scrambled—encoded—while it is in transit between two places. Only the sender and the receiver have the “key” to unscramble or “decrypt” its contents, meaning hackers or other third parties can’t intercept it and steal the information in transit.
Digital services, particularly those focused on financial transactions and messaging, often use a form of encryption. These include Facebook, WhatsApp, WeChat, PayPal, and Venmo, as well as most major financial institutions. But just because something is encrypted doesn’t make it private.
Many services that advertise themselves as encrypted do not protect their users’ privacy in a meaningful way. Most financial institutions, for example, encrypt the contents of transactions while they are in transit, but then decrypt them when they reach the institution’s online server. As a result, even though information is private while en route from place to place, the records of the activity are ultimately stored in cloud-based databases and are just as susceptible to online threats as any other information.
The claims of many messaging services are similarly misleading. Like big banks, they encrypt messages while they’re in transit but decode them when they reach the companies’ web servers. This means that, encryption or no, these tech giants can see the contents of every message sent over their networks. These messaging services, if they desired or were compelled, could share every message their users have exchanged.
For true privacy, we need to look for services that employ end-to-end encryption. With end-to-end, the contents of communications are not known to anyone except the sender and the receiver. When you send a message over a service that is end-to-end encrypted, it is only decrypted on the device that sends the message and the device that receives it. It doesn’t live anywhere in the online ether; neither the operators of the service nor any other third party can see what the message says. The rapid growth of Signal, an end-to-end encrypted messaging app, demonstrates the surging consumer demand for digital privacy.
The future of end-to-end encryption is uncertain. Over the past year, governments around the world, from the U.S. and E.U. to Russia and China, have introduced or tightened rules that, if fully implemented, would make true end-to-end encryption impossible. Most of these proposed laws would require tech companies to design “backdoors” that would allow authorities to demand that the contents of messages and other activities be decrypted and turned over. Once such backdoor keys exist, it’s a matter of when, not if, they fall into the wrong hands.
The most resilient systems are encrypted and decentralized
In order to have meaningful digital privacy, the world needs end-to-end encryption. And for encrypted systems to be resilient, they should also be decentralized, adopting a key technical foundation of the many blockchain projects promising to reshape finance and other sectors in the coming years.
To visualize the way decentralization works in practice, think of a hard drive. If all your files are stored in a single place, and it fails or is damaged, your files are lost. To mitigate this risk, then, you might back up your files to a cloud server. That way, even if one or all of your physical hard drives fail, your files are safe, stored digitally in the cloud.
But the problem is not solved. What happens if, for instance, Amazon or Google or Apple decides to suddenly deny you access? In that scenario, you are out of luck again: The storage provider, not you, ultimately has control over those files. For true security, you need multiple backups over which you have the ultimate control.
Decentralization applies this approach to all digital activity. Decentralized networks such as blockchains are designed to operate by consensus across many different nodes, removing the risk of a single point of failure. They offer new possibilities around network governance as well, with incentives and standards of behavior that can be implemented by consensus rather than by corporate executives. Given these benefits, mainstream platforms are increasingly looking to decentralized alternatives. Even Twitter has revealed plans for a decentralized open standard for social media.
Blockchains facilitate their users’ privacy through end-to-end encryption. And they are resilient to third-party manipulation because of decentralization. Unlike centralized servers, a blockchain cannot be compromised by a single breach.
This principle can be applied across many different technical areas, including social media, to strengthen and advance digital privacy. There can be no safeguarding privacy without end-to-end encryption; government efforts to undermine this important tool should have us all worried. But as long as there are end-to-end encrypted services, the most resilient will be those that are decentralized. If we work to advance privacy with these two technical concepts in mind, 2021 can be the year people around the world start to truly reclaim their online privacy.
Dr. Steven Waterhouse is the CEO and cofounder of Orchid Labs, which is developing an open-source protocol to open up the entire internet to everyone.