E2EE and AEC: Very Seriously Risky

A huge hat tip to Tom Uren and Patrick Gray the writer and editor of the Seriously Risky newsletter, a companion to Gray’s Risky Business podcast. This essay is based on ‘E2EE and Anonymous Payments Don’t Mix’ which appeared in the January 12th newsletter on Substack.

E2EE is an abbreviation for End to (2) End Encryption where messages that are transferred over a network are encrypted and decrypted at the endpoints. E2EE makes it very difficult for anyone who intercepts the message to see the message. Who could intercept that message? In the past law enforcement, governmental, and criminal organizations worked with carriers to ‘tap’ telephonic communications. In the Internet age any Internet access provider ; be it a carrier or just a person with an open wireless access point can intercept communication sessions.

Anonymity-enhanced cryptocurrency (AEC) are anonymous or private coins that attempt to hide information about transactions. The Very Seriously Risky newsletter describes how Signal is working with MobileCoin to enable financial transactions over Signal. The issue here is that this scenario; where parties hold encrypted private communications and then exchange some form of untraceable currency conjures up memories of the days of the first online darknet marketplace Silk Road, where illegal drugs were bought and sold. and murders for hire arranged.

I’m a long time and avid user of the Signal app for iPhone. As a long time network engineer and security professional I know much about how personal communications (often using the SMS protocol) over modern networks can be intercepted and viewed by parties other than the author and intended receiver(s). The folks at Meta behind the E2EE capable WhatsApp app recently (last days of January 2022) started advertising WhatsApp on broadcast and cable television.

Is society ready for anonymous payments over encrypted communications? Based on the capability that these technologies provide for illicit and illegal activities; I don’t believe so. When they are deployed and used every instance of use for an illicit activity will be widely publicized. At the same time that hundreds or thousands of legitimate transactions are completed generating no notice. But I do believe that these technologies should continue and advance.