Need help dealing with violent or distressing online content? Learn more

Encryption

Encryption can be a secure way to send and store information so only intended people can access it. Being aware of the benefits and risks of this feature can help you stay safe online.

On this page:

What is encryption?

Encryption is a method used to keep digital information private by making it unreadable to everyone except those who have the code to unlock it.

Encryption is used in everyday activities such as:

  • using messaging apps – when you send a message, encryption makes sure only you and the person you’re chatting with can read it (this is called end-to-end encryption)
  • shopping online – websites use encryption to protect your credit card information when you buy something online
  • banking apps and websites – most banks use strong encryption to protect your account information and transactions.

How does encryption work?

When something is encrypted, it changes from normal writing (called plaintext) into scrambled writing (called ciphertext). This is done using cryptographic algorithms, which are special mathematical formulas designed to protect data.

To turn an encrypted message back into normal writing, you need a ‘key’. This isn’t a physical key, it’s a mathematical code or formula. It’s what unlocks the scrambled message and turns it back into normal writing.

Here’s how it works when you send a message using WhatsApp:

  1. You send a friend a message: ‘I’m on my way!’
  2. Before that message leaves your phone, WhatsApp encrypts it – turning it into something like ‘62jcksHtsje7’.
  3. That encrypted version is sent through the internet. Even if someone tries to intercept it (like a hacker), all they’ll see is gibberish.
  4. When your message reaches your friend’s phone, their phone has the right ‘key’ to decrypt it and turn it back into ‘I’m on my way!’

Types of encryption

Almost all online communication is encrypted ‘in transit’, which involves protecting the information as it travels over the internet – for example from your mobile device to a company’s servers. There is also encryption to protect data ‘at rest’ – for example on a hard drive, mobile device, or in cloud storage.

Some types of encryption can confirm that a message really came from the person or system claiming to send it. This is called ‘data authentication.’ Others can detect if even a single part of the message has been changed along the way. This is called ‘data integrity’.

End-to-end encryption (sometimes called ‘E2EE’) can provide additional protection. It allows only the people who are communicating with each other to see or listen to the content that is being exchanged. No one else – not even the app or service used to send the content – can see what it contains. A growing number of messaging services are including this feature for users, including WhatsApp, Signal, iMessage (between Apple devices only) and Facebook Messenger.

The benefits of encryption

Encryption is useful for sending and storing private or sensitive information. For example, doctors and hospitals use encryption to keep your medical history confidential, while banks and online stores use encryption to keep your credit card details secure and reduce the risk of fraud.

Encryption also helps to protect your personal information when you browse the internet. Websites that have HTTPS at the start of their URL (online address) encrypt your data so that no one can spy on your online activity, like when you’re logging into accounts or filling out forms.

In addition, it’s useful for protecting communication with people who need to keep their identity hidden – for example, human rights activists or whistle-blowers who could be punished if they’re exposed. Defence forces and intelligence services also use it to make sure important communications are kept secret.

Newer laptops and mobile devices often have built-in encryption, providing an extra layer of security for the data stored on them if they are lost or stolen. Without a passcode or biometric ID such as a fingerprint or faceprint, it’s almost impossible to unlock the device and access the data.

Learn more in our page on how to manage your digital safety settings.

The risks of encryption

While encryption can stop unauthorised people such as cyber criminals from seeing sensitive information, it can also prevent online service providers, governments, regulators and law enforcement agencies from investigating harmful or illegal content and activities.

Spread of illegal content

End-to-end encryption can make it difficult to detect and stop illegal activity, such as the sharing of terrorism material and child sexual abuse images and videos. For this reason, abusers and other criminals are known to use end-to-end encrypted services to communicate and share content.

Because end-to-end encryption blocks access to the information, online service providers are limited in what they can do to find out if it contains anything illegal. They mostly rely on user reports or insights from the ‘metadata’ related to the content, such as the sender and recipient details and how often messages are exchanged. In some cases, tools can scan messages on a device before or after they’ve been sent, but this approach is controversial because it can be seen as a breach of security that ‘breaks’ encryption.

Difficulty moderating abuse

End-to-end encryption makes it harder for online services to moderate their platforms and apply their community guidelines. This means they often can’t help people experiencing abuse, unsafe contact, or inappropriate content, unless it’s reported. For example, end-to-end encryption can allow an abuser to hide contact with a child, including messages used to groom the child for sexual abuse online.

How to get help on end-to-end encrypted services

It’s important to take extra care when communicating on services that use end-to-end encryption, particularly if you don’t know the person you’re communicating with. It’s especially important for parents and carers to remember that any form of end-to-end encryption can heighten the risk of concealed online contact between adults and children.

Detecting abuse, harmful activity and illegal content on end-to-end encrypted services often relies heavily on users reporting it. Some platforms have in-app reporting tools to make this easier.

If you encounter an image or video that shows or encourages child sexual abuse or other illegal content such as material showing or encouraging self-harm, terrorism or other extreme violence, report it to the relevant service and eSafety.gov.au/report.

If you suspect a child is a victim of online child exploitation and abuse, including sexual grooming and sextortion, report it to the Australian Centre to Counter Child Exploitation (ACCCE). If the child is in immediate danger, call the police on Triple Zero (000).

If you encounter other abuse on end-to-end encrypted services where there is an Australian connection, including serious child cyberbullying, adult cyber abuse, and threatened or actual sharing of intimate images, you can follow the steps for collecting evidence, reporting it and preventing further contact.

More information

Visit The eSafety Guide to find out more about specific online services, platforms and games that use encryption.

More information is available in eSafety’s position statement on end-to-end encryption.
 

Last updated: 17/04/2025