Sharing information with another person takes a wide range of forms. Some are not private: a series of billboards outside a town in Missouri, for example. Some are incredibly private: a whispered communication between two people standing in the Utah salt flats, miles from everything.
Between those are a million other possibilities, landing somewhere on the range from very private to not private at all. In the Internet-connected era, though, it can be hard to tell where on that spectrum a particular conversation lies — and it can be very important that it not be at one end or the other.
Over the past week, for example, we’ve learned of two incidents in which conversations that people thought were private actually were not. In each case, two people were communicating electronically, using applications that allow for end-to-end encryption. What does that mean? It means that each person’s messages were placed into locked digital envelopes that only the other person could open. As a message passed over the Internet, it couldn’t be read, unlike, say, most email messages, which move over the Internet like postcards in the postal system.
The problem in these two incidents, though, wasn’t that those envelopes were somehow opened and the messages read. It is that they were not shredded.
The first incident involves Paul Manafort, the chairman of President Trump’s 2016 campaign. He was indicted by special counsel Robert S. Mueller III on two new charges Friday after WhatsApp messages he had sent suggested — per prosecutors — that he was trying to persuade a third party to tell Mueller something false. WhatsApp messages have end-to-end encryption, but the government apparently gained access to them in two ways. For one, they were backed up online, the equivalent of putting photocopies of a letter in a folder at your house. For another, it seems that the person to whom the messages were being sent turned copies over to investigators.
The other recent incident involves charges filed against a Senate Intelligence Committee staffer named James A. Wolfe. Wolfe communicated with a reporter using the encrypted platform Signal — but the government appears to have found messages on his phone. In this case, it’s a bit like having the opened letter lying on your kitchen table when the police show up with a search warrant.
These are exceptional circumstances involving high-profile national security or political issues. You, Average Joe iPhone, may think that your communications are not quite as important and, therefore, that you do not need to worry about how secure your messages are.
Average Joe iPhone: That’s not really true.
I spoke by phone with Electronic Frontier Foundation senior staff technologist Cooper Quintin. Quintin acknowledged that your normal communications may not be as important to protect as those of the president, but he reinforced that there are standard ways in which protecting your communications simply makes sense. For some readers, those needs will be more urgent: EFF has a tool presenting a range of security scenarios with recommendations for how to keep your information safe, depending on your circumstances.
For the average reader, though, here’s what Quintin said.
“The first question I always ask anybody is: ‘What’s your threat model?’ ” he said. “This is a term of art that means: What risks are you worried about, and how much trouble are you willing to go through to protect against those risks?” For example, the president has two phones, one Internet-connected, one not, that get swapped out monthly (ideally). You yourself probably can land somewhere less dramatic than that — but it’s up to you to determine how to balance security with need.
“People often want this sort of one size fits all security advice, but really the answer is always: It depends,” he said.
So let’s say that you have confidential information that you need to share with someone else — your Social Security number, for example. There are three considerations: the process of transmitting it; who you’re communicating with; and whether a record of that transmission exists.
The best way to transmit confidential information is in a face-to-face conversation, of course, but this isn’t always feasible. An app such as Signal, WhatsApp or even Apple’s built-in messaging system, iMessage, is a decent alternative, because all of those are end-to-end encrypted.
A phone call can work as well — assuming that neither you nor the other person on the phone are, No. 1., being bugged or, No. 2., using a mobile device that includes malware — meaning, in this case, software meant to collect information about your phone surreptitiously.
You’re certainly aware that hackers and thieves may try to install software that gives them access to your phone and, I assume, aware that international espionage involves some of this as well. (Here’s a good James Bond-style read on how China hopes to surveil Americans in Singapore this week.) But there’s a middle tier, Quintin said — what he calls “spouseware.”
“This is spyware that a family member or a stalker or a boss might install on your phone,” he said. “This type of malware is marketed and sold online with the idea that you want to be able to keep tabs on your kids, but it does all of the things I mentioned: reading all of your SMS [text] messages and keeping a log of all of your Web browsing and keeping a log of all your calling.”
Such software can be hard to detect, by design. In the example above, a phone call might be safer than a Signal message, because “a log of your calling” means that the application collects only metadata about your calls — to, from, duration, etc. — and not the contents of the calls. Metadata is less revealing than the contents of messages, but it is still revealing.
The likelihood of your phone having been compromised in this way is very small. We go back to Quintin’s original point: If you have someone stalking you, the likelihood that your phone has malware might be higher than the chances for another person, and so the steps you take to protect your communications might be more significant.
One of the worst ways to share private information electronically is by email, as noted above. Most emails aren’t encrypted, though there are tools that allow you to add end-to-end encryption to the messages you send. There are also email providers that offer secure communications, such as ProtonMail.
We come to our second consideration: whom you’re communicating with. End-to-end encryption works only within systems in which both ends are participating, as the name suggests. Send a ProtonMail message to the inbox of a Gmail user who doesn’t use encryption, and the message isn’t secure. Text from Apple iMessage to a non-Apple phone — the dreaded green bubble — and that message hasn’t been encrypted, either. Send a Signal message to another Signal user and you’re within the safe, encrypted confines of that app.
Assuming your phone hasn’t itself been compromised as above! The best solution to avoiding malware, Quintin said, is prevention.
“Don’t give people access to your phone that you don’t trust. Don’t download and run programs that you don’t trust,” he said. “You can never be 100 percent safe, but by taking the sort of digital equivalent of the same steps not to get scammed or mugged on the street — using your common sense, keeping your guard up — you can do a lot to prevent getting malware from getting on your devices in the first place.”
(There are ways to encrypt your whole phone or computer so that if you need to hand it over to someone — for repair, for example — it remains secure. That’s a whole different conversation.)
The third key consideration above is making sure that your confidential information isn’t lying around — on either end of the conversation.
“For a lot of things, it’s better to have your communications be ephemeral than be permanent. Be temporary instead of permanent,” Quintin said. That means deleting text messages with confidential information. Setting Signal to erase messages after a certain period. Cleaning up your old emails. Would you leave a stack of tax returns and bank account numbers sitting by an open window? Hopefully not — and you probably shouldn’t leave them lying around on an Internet connected device, either.
You can’t control what the other person does with your communications, as Manafort was reminded this week, but you can certainly encourage others to be more thoughtful with their data, too.
Quintin returned to the main point.
“There is no perfect solution,” he said, “but there are always ways to make yourself more secure” — including using apps such as WhatsApp or Signal instead of non-iMessage text messaging or emails.
“Using encrypted messaging by default is good data hygiene,” he said. “This is the data equivalent of taking aspirin and washing your hands.”
If you’re the president of the United States, someone under investigation by a special counsel or the target of a leak investigation by the Justice Department, you should not consider the above guide comprehensive.