Once you send the datapackets of your voice call, chat, email, or credit card number over the internet, that information is vulnerable to various threats, including theft. Your data pass through many unknown servers, routers and devices where any hacker, government agency, or rogue agent can intercept them. To protect your data, you need encryption.
Encryption is the process of scrambling data such that it is impossible for any party intercepting it to read or understand. Only the intended recipient of the content can "unscramble" the data. When it reaches them, the scrambled data is changed to its original form, making it readable and understandable. This latter process is called decryption.
Let's complete the glossary. Unencrypted data is called plain text. The encrypted information is called ciphertext. And, the computer mechanism or recipe that runs on the data to encrypt it is called an encryption algorithm—software that works on data to scramble it.
An encryption key is used with the algorithm to scramble the plain text. That the correct key is used along with the algorithm to decrypt the data. Thus, only the party who holds the key can access the original data. The key is a long string of numbers that you do not have to remember or care for, as the software takes care of that.
Secure Socket Layer (SSL), or its latest updated version Transport Layer Security (TLS), is the standard for web-based encryption. When you enter a site that offers encryption for your data—usually, these sites handle your private information like personal details, passwords, and credit card numbers—some signs indicate security and safety.
Encryption, or known before the digital age, cryptography, has been used for millennia before our time. Ancient Egyptians used to complicate their hieroglyphs to prevent lower-level people from understanding privileged information. Modern, scientific encryption came in the middle ages with Arab mathematician Al-Kindi, who wrote the first book on the subject. During World War II, the craft reached a new level with the Enigma machine and Allied efforts to "decrypt" Nazi communications.
Here's an example to illustrate how encryption works: Tom wants to send a private message to Harry. The message is passed through an encryption algorithm and using a key, and it is encrypted. While the algorithm is available to anyone, the key is a secret between Tom and Harry. If a hacker intercepts the message in cyphertext, they can't decrypt it back to the original message unless they have the key, which they do not.
This method is called symmetric encryption, in which the same key is used to encrypt and decrypt on both sides. Symmetric encryption poses a problem as both legitimate parties need to have the key, which may involve sending it from one side to another, potentially compromising the key. It is, therefore, not effective in all cases.
Asymmetric encryption is the solution. Two types of keys are used for each party, one public key and one private key—that is, each party has a public key and a private key. The public keys are available to both parties and anyone else, as the two parties mutually share their public keys before communication. Tom uses Harry's public key to encrypt the message, decrypted using Harry's public key and Harry's private key.
This private key is only available to Harry and to no one else, not even to Tom, the sender. This key is the one element that makes it impossible for any other party to decrypt the message because there is no need to send the private key.
End-to-end encryption is an example of asymmetric encryption. End-to-end encryption protects data, such that it can only be read on the two ends—by the sender and by the recipient. No one else can read the encrypted data, including hackers, governments, and the server through which the data passes.
End-to-end encryption implies some other essential details. Consider two WhatsApp users communicating through instant messaging. Their data passes through a WhatsApp server while transiting from one user to the other. For other services that offer encryption, the data is encrypted during transfer but is protected only from outside intruders like hackers. The service can intercept the data at their servers and use them. They can potentially hand the data to third parties or to law enforcement authorities.
End-to-end encryption keeps the data encrypted, without any possibility of decryption, even at the server. Thus, even if they want to, the service cannot intercept or do anything with the data. Law enforcement authorities and governments are also among those who cannot access the data, even with authorization. Theoretically, no one can, except the parties at the two ends.
The user does not manually implement end-to-end encryption. Encryption services and software take care of the web security mechanisms.
For instance, your browser is equipped with end-to-end encryption tools, and they get to work when you engage in online activity that requires securing your data during transmission. Consider what happens when you buy something online using your credit card. Your computer needs to send the credit card number to the merchant. End-to-end encryption makes sure that only you and the merchant's computer can access this confidential number.
In your browser's address bar, the URL starts with https:// instead of http://, the additionals standing for secure. You also see an image somewhere on the page with the logo of Symantec (owner of TLS) and TLS. When clicked, this image opens a pop-up certifying the authenticity of the site. Companies like Symantec provide digital certificates to websites for encryption.
Voice calls and other media are also protected using end-to-end encryption. You benefit from the privacy of encryption by using these apps.
The above description of end-to-end encryption is simplified and illustrates the fundamental principle behind it. In practice, it is more complex, with competing standards and protocols. People spend their lives and careers studying and perfecting encryption.
You may be wondering: "Do I need encryption?" Not always, but yes, you probably do. You may need encryption less often than it is actually used, but that's how security works. It also depends on the type of data you're transferring in your communications. If you have things to protect, then you will be thankful for end-to-end encryption.
Many people don't find encryption necessary for WhatsApp and other messaging apps. But we all need encryption when doing banking or e-commerce transactions online. In any case, encryption usually occurs without your knowledge, and most people don't know and don't care when and how their data is encrypted.