Does secure texting even exist?
This headline popped up in the Washington Times last week regarding email encryption:
Interestingly – even though the article references DNC emails that were hacked and exposed by WikiLeaks, it profiles an open source instant messaging app that uses end-to-end encryption advocated by former (and notorious) NSA employee Edward Snowden, a huge fan of encryption. What’s important to note about the app (and others like it), is just that. It’s an app. It’s not an interoperable service such as mobile carriers SMS (short-message-service), more commonly known as ‘texting’.
Why does that matter? The beauty of SMS is interoperability. It is an international standard service that works with any mobile phone, across any carrier, pretty much anywhere – no app required. Just like making a phone call itself. BUT – SMS does not have any provision for security, and therefore is not a compliant means of communicating protected, regulated personal information (PII, PHI). So if you’re thinking about sending a text message with anything you want to ensure is kept private, for compliance reasons or otherwise – better think twice.
Yet – we hear vendors (particularly in the healthcare market), promoting their ‘secure texting’ services and apps. What they are really offering are secure instant messaging apps – which are great by the way, but they are not a variant of the service most of us think of as ‘texting’. And like any instant messaging app – both sender and recipient must have the app installed and running for the communication to work – secure or otherwise. So this puts an obvious limitation on who you can communicate with securely (“quick install this app so I can send you a private message”). BTW – Facebook private messages aren’t encrypted either to the best of my knowledge – so while not a broadcast to your extensive friend group – not truly private in the secure and encrypted sense!
Returning to the headline and article above – it really should have focused on the communication mode that was used (and hacked) – email. As the article states: “Using a <secure instant messaging app> wouldn’t have mitigated the impact of the DNC breach because the app doesn’t encrypt emails, but advocating its use suggests party officials took steps to minimize any potential blowback that could arise down the road concerning staffers’ communications.” And the article cited this further advisement from Hillary Clinton’s general counsel (just for fun): “staffers were encouraged to use the (encrypted messaging) app especially if they planned on saying anything “remotely contentious or disparaging” about Republican presidential candidate Donald Trump”.
Good advice for us all maybe? Our communications, email, instant messaging, texting or otherwise can easily be exposed if they aren’t encrypted. So if you don’t want your conversations and missives to become public – then you best use an encrypted communication channel! Or you could fall back to your mom’s advice – ‘if you don’t have anything good to say, don’t say anything at all……’ But where’s the fun in that? #SecureMailFastSmartEasy! J