End-to-end encryption, guaranteeing digital sovereignty

Olivier AZAN NewsEN

 FORUM – by Renaud Ghia, Tixeo CEO

Encouraged by the health crisis, teleworking and the massive use of digital collaboration tools (such as videoconferencing) have enabled many companies to continue their business. This unprecedented situation has also made it easier to shed light on the problems linked to the confidentiality of information exchanged and has provoked a real craze for the use of end-to-end encryption in online meetings.

In this context, accentuated by the economic crisis, protection against industrial espionage has become essential for companies. End-to-end encryption is the only guarantee against eavesdropping. But what is this mechanism, the definition of which is unfortunately too often distorted?

Tixeo end-to-end encryption

War against industrial espionage necessarily requires real end-to-end encryption

End-to-end encryption of videoconferences is a data transmission process (video, audio, data) that only allows the transmitter and the receiver(s) to decrypt this data without any decryption phase between the correspondents. It must prevent any electronic eavesdropping, including by telecommunications providers, Internet access providers and even by the publisher of videoconferencing solutions. Thus, no one is able to access the encryption keys needed to decrypt the conversation.

Unfortunately, and especially since the beginning of the health crisis, too many videoconferencing editors claim end-to-end encryption, but in the end only encrypt the flows passing between the user and the communication server! They can thus very easily access the decrypted data when it is passing through their servers. In addition, most of the time, these publishers are subject to foreign legislation that requires them to obtain the users’ encryption keys from the authorities upon request. Under these conditions, the level of security is far from that announced.

Fortunately, it is still possible in France to access reliable solutions offering effective protection against any spying attempt. To help companies see more clearly, organizations such as the ANSSI (National Cybersecurity Agency of France) can guide them in their choice. An organization opting for an ANSSI-labeled end-to-end encryption mechanism is always guaranteed to use a reliable and perfectly secure solution

Independence and digital sovereignty: the two bulwarks of data protection

Above and beyond the health crisis, true end-to-end encryption helps to guarantee true independence for companies.In Europe, such a choice is a prerequisite for the digital sovereignty of our industries and economies. Today, it is vital to think European when it comes to setting up our digital ecosystem. Technology, R&D, support and, of course, hosting must be developed and consumed locally to prevent any risk of dependence on non-European powers. But the influences are still very strong and continue to weigh heavily… In fact, just a few days ago, the organizers of the Paris Olympic Games in 2024 chose China’s Ali Baba solution for their Cloud. The battle is far from being won.

Vigilance is still called for when it comes to end-to-end encryption: it is always useful to remember this in a context where some powers (governments, authorities, etc.) sometimes seek to limit its use in order to have ever greater control over communication flows in the name of security and the fight against terrorism. Some countries, such as Australia, require publishers to integrate backdoors to help authorities intercept and read messages sent by suspects. Still, it is important to remember that even by prohibiting end-to-end encryption, malicious individuals will still be able to circumvent the rules to achieve their ends.

Prohibiting this mechanism will in no way solve the problems linked to terrorism, but it will increasingly expose European industry to the plundering of its data, which will have more to lose than to gain. In France, even if some would be tempted to outlaw this mechanism, the legislation does not impose any constraints on publishers. This legal context is clearly favorable to encryption technologies and thus guarantees their effectiveness in the fight against industrial espionage.