Balancing End-to-End Encryption and Public Safety

Over the last decade, there has been a significant debate around end-to-end encryption (E2EE) and its implications for public safety. At the forefront of the discourse is a false dichotomy between protecting privacy and ensuring national security. At the extreme ends of this deeply polarised debate are two key arguments. On the privacy side, it is believed that governments and law enforcement agencies desire unrestrained exceptional access to E2EE communications to spy on their citizens. On the security side, it is maintained that obtaining lawful exceptional access is the only way to protect citizens and uphold national security. The debate has reached a deadlock, with both sides perpetuating zero-sum views.However, experts are calling for a more nuanced conversation about possible solutions to the criminal use of E2EE services. It is vital that a range of views are considered in order to identify the key issues and inform a more productive debate. Through a review of the existing literature and insights from 22 semi-structured interviews, this paper balances the perspectives from a range of relevant stakeholders on the main elements of the E2EE debate and presents some key takeaways in an effort to move away from a crude privacy-versus-security binary.The paper presents the following key findings:There are clear and significant cyber security and privacy benefits to E2EE. Efforts to weaken or restrict its access would be a net loss for all.Criminal use of E2EE is a significant risk to public safety and solutions are vital. Yet, it should also be acknowledged that technology is an enabler of criminal and harmful activity and should not be treated as the root cause.The possibility of developing technical tools which could assist law enforcement investigations should not be categorically ruled out, but future proposals must be measured against the principles of proportionality, legality and technical robustness.Alternative options for law enforcement investigations such as metadata analysis and legal hacking should be considered, but they are not without their drawbacks. Legal hacking could be proportionate but its reliance on software vulnerabilities is largely at odds with strong cyber security. Metadata analysis is promising but more research is needed to determine the extent to which it can be used to aid law enforcement investigations.Industry do have a responsibility to make their platforms safer and free from criminal abuse. This requires implementation of safety-by-design principles and the provision of resources for better digital literacy and education. Governments must have oversight over the technical tools developed.A more nuanced debate must continue which actively moves away from zero-sum views of absolute privacy versus absolute security, and focuses more on how the risks to public safety can be reduced in proportion with the need to protect citizens' rights and freedoms

Beyond Encryption: Our Vision for Trustworthy Messaging in a Viral World

Private messaging platforms like Messenger, Signal, Telegram, WeChat, and WhatsApp are seminal technologies. By assuring private communication on a global scale, these innovations expand and protect democracy as well as our human rights. They have fundamentally reshaped human connection.Omidyar Network believes in the promise of this type of technological innovation. We also believe tools with this depth of political, economic, social, and cultural influence must be held to the highest standards of trustworthiness and safety.For the past three years, we have invested in individuals and organizations that are working to make private messaging platforms more trustworthy (and as a result, safer). We have seen firsthand the pivotal role of private messaging platforms in empowering diverse ideas and social movements. And we have witnessed the inequality, injustice, and trauma that result from risky design choices which preference the technology's scale, virality, and monetization over its users' well-being. To preserve the best qualities of these innovations, all stakeholders must engage in renovating the product designs, policies, and incentives that introduce and increase risk

Privacy Intelligence: A Survey on Image Sharing on Online Social Networks

Image sharing on online social networks (OSNs) has become an indispensable part of daily social activities, but it has also led to an increased risk of privacy invasion. The recent image leaks from popular OSN services and the abuse of personal photos using advanced algorithms (e.g. DeepFake) have prompted the public to rethink individual privacy needs when sharing images on OSNs. However, OSN image sharing itself is relatively complicated, and systems currently in place to manage privacy in practice are labor-intensive yet fail to provide personalized, accurate and flexible privacy protection. As a result, an more intelligent environment for privacy-friendly OSN image sharing is in demand. To fill the gap, we contribute a systematic survey of 'privacy intelligence' solutions that target modern privacy issues related to OSN image sharing. Specifically, we present a high-level analysis framework based on the entire lifecycle of OSN image sharing to address the various privacy issues and solutions facing this interdisciplinary field. The framework is divided into three main stages: local management, online management and social experience. At each stage, we identify typical sharing-related user behaviors, the privacy issues generated by those behaviors, and review representative intelligent solutions. The resulting analysis describes an intelligent privacy-enhancing chain for closed-loop privacy management. We also discuss the challenges and future directions existing at each stage, as well as in publicly available datasets.Comment: 32 pages, 9 figures. Under revie

Forensic Analysis of the ChatSecure Instant Messaging Application on Android Smartphones

We present the forensic analysis of the artifacts generated on Android smartphones by ChatSecure, a secure Instant Messaging application that provides strong encryption for transmitted and locally-stored data to ensure the privacy of its users. We show that ChatSecure stores local copies of both exchanged messages and files into two distinct, AES-256 encrypted databases, and we devise a technique able to decrypt them when the secret passphrase, chosen by the user as the initial step of the encryption process, is known. Furthermore, we show how this passphrase can be identified and extracted from the volatile memory of the device, where it persists for the entire execution of ChatSecure after having been entered by the user, thus allowing one to carry out decryption even if the passphrase is not revealed by the user. Finally, we discuss how to analyze and correlate the data stored in the databases used by ChatSecure to identify the IM accounts used by the user and his/her buddies to communicate, as well as to reconstruct the chronology and contents of the messages and files that have been exchanged among them. For our study we devise and use an experimental methodology, based on the use of emulated devices, that provides a very high degree of reproducibility of the results, and we validate the results it yields against those obtained from real smartphones

Perceptions and experiences of students on the use of interactive online learning technologies in Mauritius

With the advent of e-learning, advocates use the term interactivity instead of interaction among students, and between the teacher and the students. Many universities use Moodle for online teaching and learning. This paper explores the perceptions and experiences of students in three Higher Education Institutions (HEIs) in Mauritius. A mixed-methods approach was used, with an online survey questionnaire administered to 600 students and focus group discussions were conducted with 15 students from these institutions. It was found that 68.4% of respondents used WhatsApp compared to only 23.6% of them who used the e-learning platform, Moodle. There were no associations between the use or frequency of using WhatsApp or Facebook and the types of HEI to which the students belonged. Students preferred WhatsApp due to its facility for knowledge sharing and construction, its interactivity, its usability, respect for privacy and instant communication. From the findings, it is recommended that HEIs bring a shift in their approaches to teaching and learning from cognitivism to socio-constructivism, connectivism and heutagogy

The role of mobile health technologies in promoting COVID-19 prevention

Background: Researchers have found innovative ways of using mobile health (mHealth) technologies to prevent the spread of coronavirus disease 2019 (COVID-19). However, fewer studies have been done to determine their adoption and effectiveness. Objective: This review summarises the published evidence on the effect of mHealth technologies on the adoption of COVID-19 preventive measures, prevention knowledge acquisition and risk perception as well as technology adoption features for COVID-19 prevention. Methods: PubMed, IEEE and Google Scholar databases were searched for peer-reviewed literature from 1 January 2020 to 31 March 2022 for studies that evaluated the effect of mHealth technologies on COVID-19 preventive measures adoption, prevention knowledge acquisition and risk perception. Thirteen studies met the inclusion criteria and were included in this review. All the included studies were checked for quality using the mHealth evidence reporting and assessment (mERA) checklist. Results: The review found out that the utilisation of mHealth interventions such as alert text messages, tracing apps and social media platforms was associated with adherence behaviour such as wearing masks, washing hands and using sanitisers, maintaining social distance and avoiding crowded places. The use of contact tracing was linked to low-risk perception as users considered themselves well informed about their status and less likely to pose transmission risks compared to non-users. Privacy and security issues, message personalisation and frequency, technical issues and trust concerns were identified as technology adoption features that influence the use of mHealth technologies for promoting COVID-19 prevention. Conclusion: Utilisation of mHealth may be a feasible and effective way to prevent the spread of COVID-19. However, the small study samples and short study periods prevent generalisation of the findings and calls for larger, longitudinal studies that encompass diverse study settings.Peer Reviewe

Challenges in using cryptography - End-user and developer perspectives

"Encryption is hard for everyone" is a prominent result of the security and privacy research to date. Email users struggle to encrypt their email, and institutions fail to roll out secure communication via email. Messaging users fail to understand through which most secure channel to send their most sensitive messages, and developers struggle with implementing cryptography securely. To better understand how to support actors along the pipeline of developing, implementing, deploying, and using cryptography effectively, I leverage the human factor to understand their challenges and needs, as well as opportunities for support. To support research in better understanding developers, I created a tool to remotely conduct developer studies, specifically with the goal of better understanding the implementation of cryptography. The tool was successfully used for several published developers studies. To understand the institutional rollout of cryptography, I analyzed the email history of the past 27 years at Leibniz University Hannover and measured the usage of email encryption, finding that email encryption and signing is hardly used even in an institution with its own certificate authority. Furthermore, the usage of multiple email clients posed a significant challenge for users when using S/MIME and PGP. To better understand and support end users, I conducted several studies with different text disclosures, icons, and animations to find out if users can be convinced to communicate via their secure messengers instead of switching to insecure alternatives. I found that users notice texts and animations, but their security perception did not change much between texts and visuals, as long as any information about encryption is shown. In this dissertation, I investigated how to support researchers in conducting research with developers; I established that usability is one of the major factors in allowing developers to implement the functions of cryptographic libraries securely; I conducted the first large scale analysis of encrypted email, finding that, again, usability challenges can hamper adoption; finally, I established that the encryption of a channel can be effectively communicated to end users. In order to roll out secure use of cryptography to the masses, adoption needs to be usable on many levels. Developers need to be able to securely implement cryptography, and user communication needs to be either encrypted by default, and users need to be able to easily understand which communication' encryption protects them from whom. I hope that, with this dissertation, I show that, with supporting humans along the pipeline of cryptography, better security can be achieved for all