Nowadays most of our communication is conducted online using messaging apps and services on our smartphones and computers. However, ensuring our messages remain private and secure has become increasingly difficult which is why business users and consumers alike are now turning to encrypted messaging apps.
At the same time though, the intelligence-sharing alliance Five Eyes and other national governments continue to call on tech companies to create backdoors which would give them access to user’s end-to-end encrypted communications. This would defeat the purpose of using encrypted messaging apps and services in the first place and put the security and privacy of users worldwide at risk.
To learn more about the benefits of encrypted messaging and how these tools can benefit remote workers, TechRadar Pro spoke with the co-founder and CTO of Wickr Chris Howell.
What are the benefits of using end-to-end encrypted messaging apps?
As a class, they represent the state of the art in privacy and security. The biggest thing end-to-end encryption (E2EE) does is it takes the app or service provider out of the equation from a message privacy perspective. If the service provider’s systems can’t read your messages, then neither can one of their rogue employees or someone who manages to compromise their servers.
Many businesses use end-to-end encryption to protect their communications but should consumers do so as well?
For one thing, the line between business and personal isn’t so clear now that people are all reachable 24/7. Personal business is just as important as company business to most of us. Both aspects have suffered equally due to the industry’s failure to provide meaningful security for communications applications over the years. E2EE was first popularized in consumer apps, and it’s only because it was so easy to use there that the demand for business use grew and more enterprise-grade tools like Wickr evolved.
There is sometimes confusion over precisely what is meant by E2EE and which collaboration services offer this level of protection. How would you define it?
Simply ensuring that data is “always encrypted” doesn’t count. It has to be a form of encryption that can’t be decrypted by anyone or anything other than the sender and receiver. If any system or device in the message delivery path between the sender and receiver can decrypt and read it (and use of technologies like HTTPS or TLS is a dead giveaway for this), it’s not E2EE.
Can you tell us a bit more about your company’s work with the US Department of Defense and how the military is using encryption to secure its communications?
The U.S. Air Force has a particularly strong vision to offer the warfighter a highly secure collaboration solution that can support the mission all the way out to the tactical edge. Of course, there are some specialized use cases out there, but at a base level, the military needs the same thing we all need – an easy to use unified communications tool they can count on to secure their sensitive communications.
Wickr recently appointed former DoD employee Blake Moore as its VP of Strategy and Operations. How will his experience with the DoD help your company further pursue its work with the US military?
We’ve been fortunate in the past year or so to add smart folks like Blake and others to the team who bring with them decades of military experience from headquarters to harm’s way. If we’re going to serve the warfighter, we’d better understand what our product needs to meet the mission, how it will be used and on what systems, and how it will be tested, deployed and scaled. Their perspective is invaluable and is really helping us make our product the best it can be.
Do you think demand for secure communications will continue to grow and what factors have led to its recent growth?
Most people are still shocked at just how insecure the communication tools we “grew up on” have always been. To some extent, the tide is turning, and I think more and more, the expectation will be that our communications – business or private – should be secure vs. the alternative. Demand in business will especially grow as private business is increasingly faced with more advanced threats, including international organized criminal hacking groups and even nation-states. The fact that E2EE solutions like ours can also now support regulatory compliance/message archival regimes and operate at an enterprise-scale has contributed to its growth as well.
What has the rise of remote working meant for the threat landscape and the importance of secure communications?
More people working from home means more sensitive business is being conducted in virtual versus traditional conference rooms. The more we shift to virtual, the more data that’s at risk to remote attackers. We saw it play out in the scramble to remote conferencing solutions last spring. Not long after the scramble came the uptick in security incidents as attackers exploited the weaknesses in solutions that frankly weren’t suited for many of the use cases being thrust upon them. The ordeal of the past year educated a lot of people in the importance of secure communications.
What advice would you give to an organization looking to implement an encrypted communications platform?
The main thing to keep in mind is different services offer different levels of protection. Most services will say they are secure and encrypted, but virtually all of them still have access to your data, I.e., are not E2EE. More and more services are seeing the light and adding E2EE, which is great, but not everyone can do it well, and there’s more to security than just plugging in an encryption library. If security is an important requirement, make sure it’s even more important in the eyes of the service provider. It takes more than a checkbox to do it right.
- We’ve also highlighted the best VPN services