13 Tech Experts Share Essential Facts About End-To-End Encryption

Consumers and businesses alike are bombarded by cautionary news stories about the importance of protecting their digital data. While that message may be coming through loud and clear, what may be holding the public back when it comes to fully protecting themselves is a lack of knowledge about the specifics of available security tools and processes, including end-to-end encryption.

E2EE can play an important part in ensuring that your digital messages aren’t accessed and read by anyone but the intended recipients. But how does it work—and is it foolproof? To help consumers and businesses better understand the role E2EE plays in security, 13 members of Forbes Technology Council share essential facts about E2EE, including what it entails, why it’s important and what its limitations are.

1. With E2EE, Only The Sender And Recipient Can Access Transferred Data

E2EE protects data from getting into unwanted or malicious hands by blocking third-party or unauthorized users from accessing the transferred data. E2EE is critical because it provides the necessary data security to both users and receivers from the point a message is sent to when it is received. Only the sender and the intended recipient can access the transferred data via a secure communication line. – Vivian Lyon, Plaza Dynamics

2. E2EE Prevents Hacks At The Server Level

E2EE is the only way to truly protect privacy. It requires hackers to execute attacks at the device level as opposed to the server level, significantly reducing chances of a breach. It also ensures the integrity of the data; a lack of such assurance presents a real fear and hindrance to a good digital experience. However, the data is only as protected as the receiving device. If that endpoint is compromised, the encryption doesn’t help. – John Milburn, Clear Skye

---

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

---

3. Sending Unencrypted Emails Is Like Sending A Postcard

Sending confidential or protected information in a regular email is like sending a postcard; anyone who gets hold of it along the way can easily read the message. End-to-end encryption is like sealing the message in an envelope that requires a special magic wand to open it—a wand that only the intended recipient has access to. Always encrypt protected information when sending it. – Ann Westerheim, Ekaru

4. The FDA Focuses On Encryption In Medical Devices

Remote care and clinical innovations have made connectivity ubiquitous in medical devices, which are increasingly going home with patients. Securing the communication of medical devices is critical to ensure clinical operation and thus, patient safety. Consumers of devices should know that encryption and related cryptography implementation is a focus for the Food and Drug Administration in assessing devices. – Mike Kijewski, MedCrypt

5. Many Service Providers Only Provide TLS

While many messaging and email apps offer some form of encryption, not all of them use true end-to-end encryption, where only the sender and the receiver have the keys needed to decrypt the data (not even the service provider can access it). Many service providers use transport layer security, which is a more common type of encryption where the service providers can still access your data. – Dragos Rus, WeSupply Labs

6. Enterprise Applications Aren’t Protected By E2EE

There is widespread awareness of the need and the availability of end-to-end encryption when it comes to messaging applications, but enterprise applications aren’t protected by E2EE. The connection between the application tier and the database tier is encrypted, and most of the time, the data at rest is encrypted. The gap is when data is processed in the database tier, where it is in the open. – Ameesh Divatia, Baffle, Inc.

7. Without E2EE, You’re Being Tracked Everywhere

We have only the illusion of privacy. Posting on social media and visiting websites allows the collection, storage and tracking of your behavior across sites. Companies buy, sell and correlate that information to get a picture of who you are. When you use end-to-end encryption, the information you send to and from systems is encrypted across the internet, making it more challenging to access. – Sean Barker, cloudEQ

8. It’s Important To Look For Both Data And Channel Encryption

When it comes to end-to-end encryption, two key aspects need to be well understood: data encryption and channel (pathway) encryption. With a good data encryption strategy (whether it’s data at rest or in motion) and a channel encryption strategy, one can be assured of data security. Next time you evaluate a data security service level agreement, you now know the top two items on your checklist! – Shine Xavier , DLTLedgers

9. Some Companies Decrypt Messages On Their Servers

Not all encryption is equal. Some companies advertise end-to-end encryption but actually decrypt messages on their servers before re-encrypting them to send off. Malicious actors can intercept messages and information at this juncture. As a security-conscious consumer, it is important to find companies that offer “true” end-to-end encryption, where there is no way to decrypt messages in transit. – Nicholas Domnisch, EE Solutions (EES Health)

10. E2EE Hides Content But Not Context

Although the use of end-to-end encryption allows you to hide the content of external messages, the very fact that you’re exchanging messages with a specific interlocutor is still available. The server will not know what was in the message, but it will record that on this day and at this time you exchanged messages. In some cases, the fact that you’re communicating with certain recipients may garner unwanted attention. – Vasily Voropaev, Smartbrain.io

11. E2EE Doesn’t Protect Your Behavioral Privacy

End-to-end encryption is an evolutionary step to better protect your data, but it doesn’t fully protect your privacy. Your behavioral privacy—the services you use—can still be identified unless you use a VPN service that anonymizes your activity. – Victor Shilo, EastBanc Technologies

12. E2EE Can’t Protect You From Errors

Encryption is effective when the sender and receiver are trusted sources. But mistakes can be made—for example, something is sent to the wrong receiver—and in those cases, your encryption has zero benefit. As with any security technology, E2EE is just one of the layers that helps keep data and communications secure. Relying on encryption alone will quickly result in a major breach. – Lior Yaari, Grip Security

13. Tokenization Can Provide Better Protection

End-to-end encryption only works if your platform used for encryption is accessible from anywhere. This usually means you want a software as a service solution. On the other hand, with tokenization, more databases and applications along the end-to-end path will accept tokens rather than cipher text. This will ensure better protection for your data. – James Beecham, ALTR