End-to-end encryption, guaranteeing digital sovereignty

1 Sep 2020

TRIBUNE – By Renaud Ghia, CEO Tixeo

Favored by the health crisis, teleworking and the massive use of digital collaboration tools (such as video conferencing) have allowed many companies to continue their activity. This unprecedented situation has also facilitated the highlighting of issues related to the confidentiality of exchanged information and caused a real craze concerning the use of end-to-end encryption in online meetings.

In this context, accentuated by the economic crisis, protection against industrial espionage has become paramount for companies. End-to-end encryption is the only guarantee against eavesdropping. But what is this mechanism whose definition is unfortunately too often distorted?

The fight against industrial espionage requires true end-to-end encryption

The end-to-end encryption of videoconferences is a data transmission process (video, audio, data) that only allows the sender and the receiver(s) to decrypt these data without any decryption phase between the correspondents. It must prevent any electronic eavesdropping, including by telecommunication and Internet access providers and even by the videoconferencing solution editor. Thus, no one is able to access the encryption keys needed to decrypt the conversation.

Unfortunately, and especially since the beginning of the health crisis, too many videoconference editors claim to offer end-to-end encryption but are content to encrypt only the flows passing between the user and the communication server! They can thus very easily access the decrypted data when it passes through their servers. Moreover, these editors are for the most part subject to foreign legislation that requires them to obtain the users’ encryption keys on request from the authorities. Under these conditions, the level of security is far from the one announced.

Fortunately, it is still possible in France to access reliable solutions offering effective protection against any attempt at espionage. To help companies see more clearly, organizations such as the ANSSI (Agence nationale de la sécurité des systèmes d’information) can guide them in their choice. An organization opting for an ANSSI-labeled end-to-end encryption mechanism is always guaranteed to use a reliable and perfectly secure solution.

Digital independence and sovereignty: the two bulwarks of data protection

Beyond the health crisis, true end-to-end encryption helps guarantee true independence for businesses. On the scale of France and Europe, such a choice conditions the digital sovereignty of our industries and our economies. It is now vital to think European when setting up our digital ecosystem. Technology, R&D, support and of course hosting must be developed and consumed locally to prevent any risk of dependence on non-European powers. But the influences remain very strong and continue to weigh… Moreover, only a few days ago, the organization of the Paris Olympic Games in 2024 chose the Chinese solution Ali Baba for its Cloud. The battle is far from being won.

As far as end-to-end encryption is concerned, vigilance is still required: it is always useful to remember this in a context where some powers that be (governments, authorities…) sometimes try to limit its use to have more control over communication flows in the name of security and the fight against terrorism. Some countries like Australia require editors to integrate backdoors to help authorities intercept and read messages sent by suspects. However, it is important to remember that even if end-to-end encryption is banned, malicious people will still be able to circumvent the rules to achieve their ends.

Prohibiting this mechanism will not solve the problems related to terrorism, but it will expose the European industry to the plundering of its data, which will have more to lose than to gain. In France, even if some would be tempted to proscribe this mechanism, the legislation does not impose any constraint on publishers. This legal framework is clearly favorable to encryption technologies and thus guarantees their effectiveness in the fight against industrial espionage.