Something important has happened. If you follow my work, you know that I find the panopticon that we call the 21st century to be greatly disturbing.
I have been searching for a means of digital communication that is both private and secure. I want something that is well-designed and has a low barrier of entry, so that I can recommend it to the widest possible audience with no reservations. Solutions like Pretty Good Privacy (PGP) exist, but have obvious problems.
It feels like there are new, secure messaging apps every month, and while many are attractive and easy to use, their claims become dubious when placed under increased scrutiny.
However, one group of developers, Open Whisper Systems, seems to be different. Their pace may not be as rapid as many in technology are accustomed to, but the quality of their work is obvious to luminaries in the privacy and security fields.
I have been following them and their software, but have been unable to wholeheartedly recommend their solution. Several hurdles remained, and until the reliability of the app increased (and it was cross-platform), I could not bring myself to post about it. Now, those criteria have been met and the result is glorious.
Cloud === Public
The days when you could just say something and have it disappear into the ether are gone. Now, most meaningful communication occurs digitally, and as more of us are coming to realize, everything is broken.
So, I have been thinking about our digital data in the 21st century and how it relates to the services we rely on. If we want services that offer the maximum amount of convenience, then we would be well served by products from behemoths like Google, or popular (but smaller) companies like Dropbox.
Usually, these companies follow best practices to prevent your data from being acquired by most nefarious types, but you really, really should not consider these services as offering true privacy and security.
You should think of every email you send via Gmail, every photo you post to Facebook, and every file you share with Dropbox to be absolutely, completely public. This is regardless of whatever privacy settings you configure, and no matter what reassurances these companies give you.
You use their services, and your stuff is out there for the world to see, share, and record, forever. Take a moment to think about that. Everything.
Privacy and the Failure of PGP
What about private things?
There was a time when you could send a letter to someone and not have its metadata scanned and recorded, or whisper in their ear and not have to think about all the microphones and cameras that were always surrounding you (i.e., other smartphones, tablets, laptops, CCTV). There was at least some, small hope that privacy actually existed.
Is there any way to maintain privacy and security in a digital medium?
PGP tried to accomplish this, but failed. No matter how many implementations I used over the years (and some were pretty good), they were just too complicated and strange for most people to adopt. More important, they did not provide forward secrecy and your metadata was still unobscured.
Are your readers having trouble understanding the term "metadata"? Replace it with "activity records." That's what they are. #clarity
— Edward Snowden (@Snowden) November 2, 2015
In short, this means that if someone ever obtains the private key on your device, by theft or compulsion, they could decrypt all of the symmetric keys that were used to encrypt past messages to you. In an age where numerous governments and third parties are passively collecting and storing mass communications, this is unacceptable.
PGP is not the answer, and we should come to terms with letting it go. If you really care about people’s privacy and security, and not just the welfare of the digerati, you need to make something all people can use. You need to make your service feel like magic.
The Shape of Things to Come
Going forward, I imagine that privacy and security-focused communication solutions should have at least 5 characteristics:
- End-to-End Encryption At no point, should another party be able to access the contents of your communications. This should be the default and only way to utilize the app. Period. You use it, and your content is encrypted from end-to-end.
- Forward Secrecy A single point of failure is not good enough. Each communication should use one-time, ephemeral encryption keys. Confiscation of a single key should be useless for decrypting prior communications.
- User-Enabled Authentication Each party in a transaction should be able to verify that they are communicating with who they think they are, and if anything about their prior authentication information changes, the user should be notified. This ability is critical for identifying Man in the Middle attacks, and is why Apple’s iMessage ultimately fails as a viable privacy/security messaging solution.
- Obscured Metadata A communication’s metadata should be as obfuscated as possible. As we know, metadata can give you a surprisingly accurate picture of someone’s life, regardless of whether or not you can read the contents of their communications.
- Open Source I have used good, proprietary communication apps that provide the above characteristics, but for something this important, I believe the software should be open source, for both practical and personal reasons.
Lost in Time
Aside from these characteristics, I think the content itself should be ephemeral. Whether you manually delete the content, or an app can be set to automatically do this for you, I think we are better off accepting that our lives are fleeting, and our most personal correspondence should be as well.
There is always going to be a race between those trying to secure their communications and those that want to compromise them, so, in the end, it is probably preferable to make sure that there is nothing left to violate.
In the final part of this series, we are going to talk about Signal, why it is important, and what you should do to contribute to this amazing project.