Adam Adler: Encrypted Messaging is useless and dangerous !
Adam Adler (Miami, Florida): ENCRYPTED COMMUNICATION USED to be too complicated for mainstream use, but approachable apps like WhatsApp and Signal have become a no-brainer for digital privacy. With all of their security-minded features, like disappearing messages and identity-confirming safety numbers, secure chat apps can rightfully give you peace of mind. You should absolutely use them. As the adage goes, though, there's no such thing as perfect security. And feeling invincible could get you in trouble.
End-to-end encryption transforms messages into unintelligible chunks of data as soon as a user presses send. From there, the message isn't reconstituted into something understandable until it reaches the receiver's device. Along the way, the message is unreadable, protected from prying eyes. It essentially amounts to a bodyguard who picks you up at your house, rides around with you in your car, and walks you to the door of wherever you're going. You're safe during transport, but your vigilance shouldn't end there.
"These tools are hugely better than traditional email and things like Slack". "But encryption isn’t magic. You can easily get it wrong. In particular, if you don’t trust the people you’re talking to, you’re screwed."
On one level it's obvious that both you and the person you're chatting with have access to the encrypted conversation—that's the whole point. But it's easy to forget in practice that people you message with could show the chat to someone else, take screenshots, or retain the conversation on their device indefinitely.
Former Trump campaign chair Paul Manafort found this out the hard way recently when the FBI obtained messages he'd sent over WhatsApp from the people who received them.
In another current investigation, the FBI was able to access Signal messages sent by former Senate Intelligence Committee aide James Wolfe, and had at least some information about the encrypted messaging habits of New York Times reporter Ali Watkins, after the Justice Department seized her communications records as part of a leak investigation. Though it's unknown how the FBI gained access to these encrypted chats, it wouldn't necessarily have taken a crypto-breaking backdoor if investigators had device access or records from other chat participants.
You also need to keep track of how many devices you've stored your encrypted messages on. If you sync chats between, say, your smartphone and your laptop, or back them up in the cloud, there are potentially more opportunities for the data to be exposed. Some services, like iMessage and WhatsApp, either has cloud backups enabled by default or nudge users toward it to streamline the user experience. Manafort provides a useful illustration once again; investigators accessed his iCloud to access some of the same information informants gave them, as well as to glean new information about his activity. The chats were encrypted in WhatsApp; the backups were not.
"Digital systems strew data all over the place," "And providers may keep metadata like who you talked to and when. Encrypted messaging apps are valuable in that they tend to reduce the number of places where your data can live. However, the data is decrypted when it reaches your phone."
That's where operations security comes in, the process of protecting information by looking holistically at all the ways it could be obtained and defending against each of them. An "opsec fail," as it's known, happens when someone's data leaks because they didn't think of a method an attacker could use to access it, or they didn't carry out the procedure that was meant to protect against that particular theft strategy. Relying solely on these encrypted messaging tools without considering how they work, and without adding other, additional protections, leaves some paths exposed.
The stakes are especially high in government, where encrypted chat apps and disappearing message features are increasingly popular among officials. Just last week, sources told CNBC that investigators for special counsel Robert Mueller have been asking witnesses to voluntarily grant access to their encrypted messaging apps, including Dust, Confide, WhatsApp, and Signal. CNBC reported that witnesses have cooperated to avoid being subpoenaed.
Several encrypted messaging apps offer a disappearing message feature to help ensure that neither you nor the person you're chatting with keeps data around longer than necessary. But even this precaution needs to come with the understanding that the service you're using could fail to actually delete the messages you mark for erasure from their servers. Signal had a recent problem, first reported by Motherboard, where a fix for one bug inadvertently created another that failed to delete a set of messages users had set to disappear. The app quickly resolved the issue, but the situation serves as a reminder that all systems have flaws.
"Encrypted communication apps are tools, and just like any other tool, they have limited uses,"
In fact, simply choosing an encrypted messaging service may carry unknown risks. Some services like Confide and Telegram haven't allowed an independent auditor to evaluate their cryptography, meaning it's difficult to know how trustworthy they are, which of their promises they keep, and what user data they actually retain. And iMessage may collect more metadata than you think.
Developer Open Whisper Systems responded to a grand jury subpoena saying it could only produce the time an account was created and the most recent date that a user's Signal app connected to its servers. The court had asked for significantly more detail like user names, addresses, telephone numbers, and email addresses. Signal had retained none of it.
While end-to-end encryption is a vital privacy protection that can thwart many types of surveillance, you still need to understand the other avenues a government or attacker could take to obtain chat logs. Even when a service works perfectly factors like where messages are stored, who else has received them, and who else has access to devices that contain them play an important role in your security. If you're using encrypted chat apps as one tool in your privacy and security toolbox, more power to you. If you're relying on it as a panacea, you're more at risk than you realize.
Adam Adler (Miami, Florida) is a Cyber Defense & Cyber Warfare Advisor, as well as Chairman of the Board for Digital Bank Vault. A long time entrepreneur with over 18 years of experience all at top-level management and ownership, Mr. Adler has focused his recent years on Cyber Security and defending our youth online. DBV has developed a proprietary encryption method that continues Adam’s mantra of “Privacy is Priceless”. DigitalBank Vault provides impenetrable defensive cyber solutions for Keyless End to End Encrypted, Peer to Peer, mobile, and computer communications. Adam and DigitalBank Vault have constructed new & disruptive cyber defense technologies to solve many privacy issues commonly found online and defend against unwanted intrusion.
Adam Adler (Miami, Florida) received a scholarship to play tennis at the University of South Carolina and graduated in 2007 Magna Cum Laude from USC, double majoring in Sports & Entertainment Management and Business. In 2005, Adam became an All American with his teammates at USC. Mr. Adler participated in the NCAA Indoor Championships in Seattle, WA as well as the NCAA Championships every year of his college career at USC. He and his team achieved a team high ranking of #8. Prior to attending USC, Adam was a highly-ranked junior tennis player from the age of 10 to 18. Adam began playing poker in his free time and quickly became entrenched in the game, studying hours a day. Adam traveled around the country playing in some of the highest stakes No Limit and Pot Limit Omaha cash games in the world. Adam has made multiple World Series of Poker Final Tables, with his most notable finish coming in 2018 with a runner-up finish in the $10,000 Turbo Event. Adam has won millions of dollars in both cash game and tournament poker over the last 15 years.
Adam Adler (Miami, Florida) is currently managing The Adler Fund, investing in cybersecurity, real-estate, emerging growth companies, cannabis, and biotechnology. Adam has recently started the Adler Agency, a sports management company with several of the world’s top, mid and lower-tier tennis players and select athletes across multiple sports. The Adler Agency focuses on bringing its clients revolutionary and out-of-the-box opportunities other agencies simply do not have access to. The Adler Agency is launching a world-class tennis academy and training facility in Charleston, SC at the beginning of 2021 to provide its players and others from around the world the opportunity to train and play with the sport’s best.