Why encrypted messaging is more important than ever
MESSAGING ENCRYPTION is far and away becoming an integral part of our personal security lives, and the fact that plenty of platforms are implementing the feature is a good thing, no matter what governments may say.
Encryption technology has become the favored scapegoat for recent terrorist attacks, and messaging services have been accused of facilitating terrorist communication thanks to their pro-privacy features. However, as our digital lives become increasingly enmeshed with our personal ones, it’s more important than ever before that that our work and personal conversations are protected with encryption, especially if we’re discussing sensitive information.
More companies are beginning to use messaging platforms and group chat functions as proxies for in-person conversations, largely because of its convenience factor. As such, it’s really important that our platforms of choice are secured against breaches or snoops, especially if our economy becomes ever more reliant on knowledge and data.
Encryption is an effective way to protect messaging content as they travel over the Internet. Before the emergence of widespread use, information could be pulled as it moves between two points, making our data vulnerable to hacking or spying.
“If you knew that every piece of mail you sent was opened at the post office, read, and resealed before it was delivered, would you still feel comfortable divulging personal information in those letters?” wrote the Toronto Citizen Lab in a post on the issue.
“Unfortunately, SMS text messages that we send and receive may be subject to this exact type of inspection.”
The Lab explained in its post that end-to-end encrypted messaging employs scrambling technology that allows only the sender and recipient of the messages to access the messages. The encryption scrambles a message into a code that is difficult to crack (think of this as the “lock”), and to which only the recipient has a “key” to unscramble it.
“This is a powerful method to ensure that third-party actors can’t access your communiques and that service providers can’t read or give up any information that you send or receive,” the Lab said.
The Citizen Lab produced a one-stop Net Alert resource which is aimed at helping users understand how encryption works. The project, entitled “Secure Your Chats” includes resource material aimed at helping both consumers and app businesses understand how encryption works, and also provides information about available platforms.
“Many existing resources that explain end-to-end encryption are designed to make the technical side of encryption more accessible, provide detailed how-to guides, or are fairly text-heavy,” explains Andrew Hilts, senior researcher and developer at the Citizen Lab, in the post.
“We identified an area where we could make a valuable contribution: an easy-to-understand, visual resource explaining why everyday people should use end-to-end encryption.”
The resource was developed in partnership with various security trainers who have identified gaps in available material, as well as the best ways of conveying complicated information. According to the Lab, without good information users will never be able to fully grasp the full extent of end-to-end encryption’s importance or the cryptography that makes such technology functional.
Jedidiah Crandall, University of New Mexico Professor and consultant on Secure Your Chats, said that the cryptographic research behind encryption was crucial for any app designer, and everyone from top-level executives to the average developer must take note of best practices.
“[When] cryptography engineers don’t follow best practices, it makes it impossible for independent cryptography engineers to attest to its security,” he said.
While as much security is built into encryption as possible, there is no surefire guarantee that your data will be protected by cryptography alone. The Lab advised that devices need to remain secure throughout the day with password protection and regular security updates.
The Lab also warns users to be careful about metadata, which can be just as informative as the content itself. Metadata is like “the address information and stamp on an envelope”, and it’s not guarded by encryption which only covers the contents of a message.
“[A] lot can still be learned just from metadata (the data about the message), like when it was sent, to whom it was sent, and what application was used to send it,” the post said.
The post also included information and audits of various encrypted messaging platforms, such as the South Korean LINE, and recommendation to try out secret services such as Signal, WhatsApp and Facebook Messenger’s Secret Conversations.