E2-Chat: A Web-Based End-to-End Encrypted Messaging Service; Framing Public Policy for Internet Data Privacy

Bevara, Saiteja, School of Engineering and Applied Science, University of Virginia
Sun, Yixin, EN-Comp Science Dept, University of Virginia
Behl, Madhur, EN-Comp Science Dept, University of Virginia
Rogers, Hannah, EN-Engineering and Society, University of Virginia
Foley, Rider, EN-Engineering and Society, University of Virginia

The popularity of the internet and the development of new technologies and communication tools has allowed for the rapid growth of internet data. Along with the growth in the amount of data has come concerns over protecting this data, particularly following revelations of its misuse such as the Cambridge Analytica scandal. This thesis explores the issue of protecting internet data from both a technical perspective and a social one. The technical project involves the creation of a web-based end-to-end encrypted messaging platform (E2-Chat). The research paper discusses the issue of framing comprehensive internet data privacy policy in the United States.
The technical project, E2-Chat, is a complete web-based end-to-end encrypted messaging platform. End-to-end encryption (E2EE) allows for the encryption of content during communication, such that content is only readable by communicating parties. E2EE services are especially relevant today as communication platforms such as social media messaging services are a large contributor to the growth of internet data. The majority of these messaging services do not offer E2EE, or are only mobile-based services which excludes those without smartphones from encrypted communication. E2-Chat implemented a completely web-based messaging service that allows users to communicate with others on the internet without fear of third parties accessing their messages.
The research paper discusses the issue of framing public policy for internet data privacy. There is currently a lack of comprehensive data privacy legislation in the United States. However, internet data as a technology is shaped by many social groups in individuals, companies, and governments. This paper analyzes how internet data is shaped by these social groups using the Social Construction of Technology (SCOT) framework. Then, the GDPR is analyzed from a SCOT lens as example legislation to understand how it affects each of the relevant social groups that interact with internet data. This analysis is used to discuss how the US can proceed in crafting data privacy legislation, and the likely direction of privacy moving forward.
These two projects in conjunction are beneficial in researching how to protect internet data. From a technical perspective, technologies such as E2EE services provide one avenue to increase data privacy for individuals as their messages become encrypted and thus only readable by those in direct communication. However, delegating all data privacy to technological solutions is not practical and cannot be guaranteed, and thus policy is a necessary complement. Policy specifically related to E2EE services is also a concern, as some argue for technological workarounds into encrypted communication called backdoors to be a legal mandate for national security reasons. Understanding how data privacy policy can be appropriately formulated is necessary to create a fair internet data environment for all stakeholders in ways that technology cannot. Therefore, completing both these projects together allowed for valuable insight into how technology and policy can provide varying approaches to the common goal of protecting internet data.

BS (Bachelor of Science)
Privacy, End-to-End Encryption, GDPR, Internet Data, Privacy Policy

School of Engineering and Applied Sciences
Bachelor of Science in Computer Science
Technical Advisor: Yixin Sun
Technical Advisor: Madhur Behl
STS Advisor: Hannah Rogers
STS Advisor: Rider Foley
Technical Team Members: Ashwin Pathi, Phillip Phan, Rithik Yelisetty

Issued Date: