Group of young adult friends using secure messaging app on smartphones in the subway
Privacy Dilemmas of (In)Secure Messaging Apps by Guillaume Noé, General Manager at Pirean

Privacy Dilemmas of (In)Secure Messaging Apps

Criminals, government officials and privacy conscious citizens share a fondness for secure communications.

Users of secure messaging apps may be plotting election campaigns, planning terrorist acts, conspiring other illegal activities or simply seeking to fulfil their human right to privacy online with assurance of confidentiality in their lawful and well-intended communications.

Secure messaging apps, also known as encrypted messengers, have grown in popularity. The demand has tremendously increased following the Snowden revelations in 2013. The demand is fuelled by concerns over government mass surveillance programs, state sponsored espionage, snooping from ISPs, intelligence and law enforcement agencies, and simply by a rightful appetite for privacy.

Conversely, governments are facing significant obstacle to the lawful access of communications by law enforcement and national security agencies. They fight back the challenges posed by encryption with regulation, such as with The Assistance and Access Bill 2018 in Australia, which is designed to require both domestic and foreign companies supplying services to Australia to provide greater assistance to agencies endeavouring to reveal communications of interest.

Secure messaging apps

Secure messaging apps are often used in the form of mobile apps that essentially provide a means to communicate with instant messages, voice or video in a format that is encrypted end-to-end. The end-to-end encryption means that only the legitimate parties of the communication can decrypt the messages destined to them. No other parties, not even the developer of the apps, should be able to eavesdrop in communications. Some apps provide additional controls such as message expiry and progressive text reveal to further improve message secrecy.

There is a wide and growing number of secure messaging apps available, such as Signal, Wickr, Confide, WhatsApp, SudoApp, ChatSecure and Telegram just to name a few. Most of them are free.

Encrypted political turmoil

Some top government officials fervently use secure messengers amongst themselves, at the risk of breaching regulations and arguably at the risk of putting their nations at risk. Yet, some of those fervent users also ironically lobby for a crackdown on encrypted communications.

The French government finds no further appeal in free and foreign encrypted messenger apps such as WhatsApp, owned by Facebook whose privacy practices have been severely exposed and questioned (e.g. Cambridge Analytica case), and Telegram, an app based on a proprietary encryption service created by a Russian entrepreneur who is reported to be pressured by Russian government entities.

The French government is resisting, and it is taking the lead in protecting the communication of its officials and public servants.

“We need to find a way to have an encrypted messaging service that is not encrypted by the United States or Russia.”

French government spokesperson

Reuters reported that the French government has identified a key risk with the protection of its communications. None of the world’s major encrypted messaging apps are based in France and would raise the risk of data breaches abroad. Privacy concerns have grown, and security tools installed on French officials’ work smartphones would now prevent the use of apps such as WhatsApp or Telegram.

The French government still acknowledges the need for secure communications, but within risk tolerance. It is now building its own encrypted messenger service and app, to ease fears that foreign entities could spy on private conversations between top officials.

The app is designed by an anonymous state-employed developer based on open source technology, with the aim to mandate its use for the whole French government by the summer of 2018. The upcoming app is also considered to be later made available to all French citizens.

French government officials are not the only politicians having grown fond of encrypted messengers and to be scrutinised for it.

In the land Down Under, also known for its ambiguous definition of communication metadata and where the laws of cryptographic mathematics would not prevail, the Australian government has been grilled over the subject.

“Turnbull government risking national security, cabinet material by using WhatsApp.”

Mark Dreyfus

In March 2015, the ABC reported that Turnbull, at the time Australian Communications Minister, had confirmed he used secret messaging apps including Wickr and WhatsApp for being “superior over-the-top messaging platforms”. Anecdotally, Business Insider Australia reported a few months later that Wickr downloads had increased by 700% following news that Turnbull was using it.

However, in October 2016, Mark Dreyfus alleged that the Turnbull government was risking national security by using WhatsApp for communications supposedly involving cabinet material. The government was reported to be grilled on the subject. Dreyfus added that the government was “treating security with contempt”.

The Office of the Australian Information Commissioner (OAIC) had also warned Federal ministers that their smartphone app messages could be released publicly under Freedom Of Information (FOI): “All communications or records of a minister which relate to his or her duties are potentially subject to FOI” and added the case applied independently as to whether the communications were transmitted via a government or non-government server.

The applicability of enforcing such a FOI request involving encrypted messengers would certainly remain to be seen.

In the U.S., the Wall Street Journal podcast ‘An App All the Rage Among Hack-Fearing Politician’ reported in January 2017 a similar trend with the mobile app Signal used by top US politicians for the same reason as in Australia and France. Trump and aides were mentioned in the podcast. The download of the Signal app was also reported to increase by 400% during the 2016 USA presidential elections and was even further boosted following the DNC email server hack. In addition, Wired reported in February 2017 that Confide was also a popular encryption app amongst white house staffers and that the app would help in leaks and in breaking the law.

Australian, French and U.S. top government officials can rightly be scrutinised over using non-government-vetted secure messaging apps to communicate amongst themselves to mitigate risks of eavesdropping and politically damaging leaks. It would certainly seem that the option is better than using emails for them (lessons learnt from the DNC hack).

However, the issues include:

  1. Complying with relevant data protection government requirements, especially for cabinet material and other classified data; and
  2. Complying with Freedom Of Information requirements.

While avid seekers of secret instant messaging communication for themselves and their teams, and at the risk of breaching the data protection regulations of their own countries, Turnbull, Macron and other worldwide government leaders are lobbying for a crackdown on encrypted messengers to prevent terrorists and criminals to evade intelligence and law enforcement monitoring.

For example, the idea of selective banning for secure messengers is making headways in Australia. In New South Wales, bikie gangs have been reported to using apps such as Snapchat for encrypted communications and evade law enforcement monitoring. In a developing case, landmark crime prevention orders against 10 bikies would include a provision to forbid them the use of any encryption in communications.

In addition, the Australian government is pressing for regulation to “engage with domestic and international communication providers” for law enforcement to effectively investigate serious crime.

The enforcement of such provisions would present challenges. After all, the laws of mathematics are universal and mainly open source, even in Australia.

How private are secure messaging apps?

In my opinion, privacy is a dark side of secure messengers.

When we eagerly install and use secure communication apps, we may feel like entering a privileged super-private zone where we can freely and carelessly communicate, for free.

I would argue that there is no such thing as a free privacy and it is always a good idea to read the apps’ privacy policies.

All private communication apps have their own specificity, in features, in how they secure messages, in being open-source or not for example. They however all have something in common. While the apps’ providers may not be able to know the content of the encrypted messages you exchange, they gather information about their users, including for example:

  • Your personal information on registration (email address, phone number, etc.);
  • Who you communicate with and additional metadata on your communications (e.g. date & time);
  • Your address book (everybody in your contacts list); and
  • A whole raft of other data.

The Confide app privacy policy states that:

  • “When you access and use the Service, you will be asked to grant us the right to collect the data stored in the address book on the Device from which you are accessing and using the Service…” – The policy then mentions the information is stored in an anonymised form, but it does not stipulate any controls or constraints on further processing the data; and
  • “Like most organizations, we rely on automatic data collection … when you visit our Website or use our Service. These technologies may collect information on our behalf such as IP address…information about your device…” and a long list of other data.

The Confide Privacy Policy gave me a shiver. However, to Confide’s credit, their privacy policy is very well written, very clear and very easy to find. It is probably the clearest privacy policy I have come across amongst the secure messenger app providers that I have checked.

How secure are secure messaging apps?

Erica Portnoy from the Electronic Frontier Foundation (EFF) argues that it would be challenging to achieve a consensus on what a “secure” messenger must provide, because people’s and community’s security needs are different. She also adds that “a messenger that’s perfectly secure for every single person is unlikely to exist”.

While the EFF does not provide any app benchmarking (which would be great), Portnoy identifies the following key criteria:

  1. End-to-end encryption;
  2. Code quality;
  3. User experience; and
  4. Service availability.

“There’s a big difference between the theoretical and practical security messengers provide.”

Erica Portnoy, EFF

Portnoy argues that encryption is the easy part because most algorithms are standards and using one or another of the key algorithms would not make much of a difference. However, the other criteria are hard to perfect. Programmers may make mistakes when translating the encryption math into actual code for the secure messaging apps.

In addition, Portnoy refers to examples of poor practices that may completely bypass the good security of encryption algorithms, such as apps storing conversation history unencrypted in the Cloud or not having secure auto-updating to patch vulnerabilities.

She also advocates for apps with:

  • High popularity;
  • Alias, and not phone numbers, as user identifier;
  • Indicative of compromise; and
  • Fingerprint verification to get assurance on the other person.

Conclusion

Whether you are a president, a prime minister, a criminal or a law-abiding citizen valuing your right to privacy online, secure messengers can provide you with a great means of communicating securely and privately, but only to a degree.

I personally look for secure messengers that minimally provide:

  • End-to-end encryption;
  • Satisfactory privacy policy (to my satisfaction);
  • Open source code;
  • High popularity (i.e. less suspicious and more chances bugs are detected); and
  • Self-destructing messages.

I would also further value secure messengers originating from countries where privacy regulations are stronger, such as in the EU, and from home countries.