Comment by Stefan-H
2 days ago
When the server is the final recipient of a message sent over TLS, then yes, that is end-to-end encryption (for instance if a load balancer is not decrypting traffic in the middle). If the message's final recipient is a third party, then you are correct, an additional layer of encryption would be necessary. The TEE is the execution environment that needs access to the decrypted data to process the AI operations, therefore it is one end of the end-to-end encryption.
This interpretation basically waters down the meaning of end-to-end encryption to the point of uselessness. You may as well just say "encryption".
E2EE is usually applied in contexts where the message's final recipient is NOT the server on the other end of a TLS connection, so yes, this scenario is a stretch. The point is that in the context of an AI chat app, you have to decide on the boundary that you draw around the server components that are processing the request and necessarily need access to decrypted data, and call that one "end" of the connection.
No need to make up hypotheticals. The server isn't the final destination for your LLM requests. The reply needs to come back to you.
If Bob and Alice are in an E2EE chat Bob and Alice are the ends. Even if Bob asks Alice a question and she replies back to Bob, Alice is still an end.
Similarly with AI. The AI is one of the ends of the conversation.
So ChatGPT is end-to-end encrypted?
6 replies →