End-to-End Encryption (E2EE) Tools

End-to-End Encryption (E2EE) Tools

  • Context:

  • Recent investigations into the Red Fort car explosion have revealed the use of advanced digital tradecraft by terrorist modules.

  • The accused allegedly communicated via Threema which is a Swiss-based E2EE app to evade surveillance and coordinate operational planning.

  • Basics of End-to-End Encryption (E2EE):

  • End-to-End Encryption (E2EE) is a method of securing digital communication such that only the sender and intended recipient(s) can read the content.

  • It “restores the benefits of two people talking privately in a field” by ensuring no third party—including service providers—can access the message.

  • It ensures that no third party (including the service provider, government, or hackers) can access the content.

  • It relies on Public-Key Cryptography, which relies on public key

  • Here a public key encrypts the message and a corresponding private key (stored exclusively on the recipient's device) decrypt it.

  • Encryption and decryption occur solely on users’ devices. Even the service provider (WhatsApp, etc.) cannot read the message.

  • Key Apps & Tools:

  • Several messaging apps rely on E2EE, including Signal, WhatsApp, and Threema

  • Threema:

  • Threema is a Swiss-made, privacy-focused messaging app known for its strong security architecture

  • It requires no phone number or email

  • It assigns a random User ID instead.

  • It allows users to run private servers, minimizing metadata retention.

  • Message deletion controls, including removing messages from both ends.

  • Threema is reportedly banned in India (under Section 69A of the Information Technology Act, 2000).

  • Signal & WhatsApp:

  • These are popular apps that implement E2EE.

  • They feature Forward Secrecy (generating new keys frequently to protect past messages) and Safety Numbers to authenticate the identity of the communicators.

  • Concerns:

  • E2EE protects content, but not metadata (who messaged whom, when, etc.).

  • While E2EE protects privacy and human rights, it poses challenges for counterterrorism.

  • Terrorists are leveraging these tools along with tactics like dead-drop emails (saving drafts without sending) to bypass traditional surveillance and minimize digital footprints.