Privacy Dilemmas of (In)Secure Messaging Apps

Criminals, government officials and privacy conscious citizens share a fondness for secure communications.

Users of secure messaging apps may be plotting election campaigns, planning terrorist acts, conspiring other illegal activities or simply seeking to fulfil their human right to privacy online with assurance of confidentiality in their lawful and well-intended communications.

Secure messaging apps, also known as encrypted messengers, have grown in popularity. The demand has tremendously increased following the Snowden revelations in 2013. The demand is fuelled by concerns over government mass surveillance programs, state sponsored espionage, snooping from ISPs, intelligence and law enforcement agencies, and simply by a rightful appetite for privacy.

Conversely, governments are facing significant obstacle to the lawful access of communications by law enforcement and national security agencies. They fight back the challenges posed by encryption with regulation, such as with The Assistance and Access Bill 2018 in Australia, which is designed to require both domestic and foreign companies supplying services to Australia to provide greater assistance to agencies endeavouring to reveal communications of interest.

Before you continue reading, how about a follow on LinkedIn?

Secure messaging apps

Secure messaging apps are often used in the form of mobile apps that essentially provide a means to communicate with instant messages, voice or video in a format that is encrypted end-to-end. The end-to-end encryption means that only the legitimate parties of the communication can decrypt the messages destined to them. No other parties, not even the developer of the apps, should be able to eavesdrop in communications. Some apps provide additional controls such as message expiry and progressive text reveal to further improve message secrecy.

There is a wide and growing number of secure messaging apps available, such as Signal, Wickr, Confide, WhatsApp, SudoApp, ChatSecure and Telegram just to name a few. Most of them are free.

Encrypted political turmoil

Some top government officials fervently use secure messengers amongst themselves, at the risk of breaching regulations and arguably at the risk of putting their nations at risk. Yet, some of those fervent users also ironically lobby for a crackdown on encrypted communications.

The French government finds no further appeal in free and foreign encrypted messenger apps such as WhatsApp, owned by Facebook whose privacy practices have been severely exposed and questioned (e.g. Cambridge Analytica case), and Telegram, an app based on a proprietary encryption service created by a Russian entrepreneur who is reported to be pressured by Russian government entities.

The French government is resisting, and it is taking the lead in protecting the communication of its officials and public servants.

“We need to find a way to have an encrypted messaging service that is not encrypted by the United States or Russia.”

French government spokesperson

Reuters reported that the French government has identified a key risk with the protection of its communications. None of the world’s major encrypted messaging apps are based in France and would raise the risk of data breaches abroad. Privacy concerns have grown, and security tools installed on French officials’ work smartphones would now prevent the use of apps such as WhatsApp or Telegram.

The French government still acknowledges the need for secure communications, but within risk tolerance. It is now building its own encrypted messenger service and app, to ease fears that foreign entities could spy on private conversations between top officials.

The app is designed by an anonymous state-employed developer based on open source technology, with the aim to mandate its use for the whole French government by the summer of 2018. The upcoming app is also considered to be later made available to all French citizens.

French government officials are not the only politicians having grown fond of encrypted messengers and to be scrutinised for it.

In the land Down Under, also known for its ambiguous definition of communication metadata and where the laws of cryptographic mathematics would not prevail, the Australian government has been grilled over the subject.

“Turnbull government risking national security, cabinet material by using WhatsApp.”

Mark Dreyfus

In March 2015, the ABC reported that Turnbull, at the time Australian Communications Minister, had confirmed he used secret messaging apps including Wickr and WhatsApp for being “superior over-the-top messaging platforms”. Anecdotally, Business Insider Australia reported a few months later that Wickr downloads had increased by 700% following news that Turnbull was using it.

However, in October 2016, Mark Dreyfus alleged that the Turnbull government was risking national security by using WhatsApp for communications supposedly involving cabinet material. The government was reported to be grilled on the subject. Dreyfus added that the government was “treating security with contempt”.

The Office of the Australian Information Commissioner (OAIC) had also warned Federal ministers that their smartphone app messages could be released publicly under Freedom Of Information (FOI): “All communications or records of a minister which relate to his or her duties are potentially subject to FOI” and added the case applied independently as to whether the communications were transmitted via a government or non-government server.

The applicability of enforcing such a FOI request involving encrypted messengers would certainly remain to be seen.

In the U.S., the Wall Street Journal podcast ‘An App All the Rage Among Hack-Fearing Politician’ reported in January 2017 a similar trend with the mobile app Signal used by top US politicians for the same reason as in Australia and France. Trump and aides were mentioned in the podcast. The download of the Signal app was also reported to increase by 400% during the 2016 USA presidential elections and was even further boosted following the DNC email server hack. In addition, Wired reported in February 2017 that Confide was also a popular encryption app amongst white house staffers and that the app would help in leaks and in breaking the law.


Leave a Reply

Please Login to comment
Notify of

Follow CPO Magazine