Solving the Message/Network Trust Problem

“This tape will self-destruct in 5 seconds…” As an anxious child with ADHD in the 1970s, I always worried that Peter Graves would have missed something on that tape. Then, it would be too late to save the mission! I guess it all worked out. However, even though that self-destructing tape seemed like the coolest way to guard message privacy, from today’s perspective, it was only half a solution.

A cybersecurity professional might look at the Mission Impossible message and see at least two opportunities for it to be compromised. Someone could listen to it before Peter Graves got to it. Also, that tape somehow got to the tape player. Who brought it there? Could you really trust that person? This is the problem facing anyone who needs to send confidential messages today.

Modern network infrastructure is usually the focus of a great many security people and controls. However, it is nonetheless effectively impossible to ensure complete message security. There are too many moving parts, too many hops, too many components, too made enemies of the United States—and, for politicians, too many enemies inside the United States…

Certainly, it alarms entities like the Department of Defense (DoD) that potentially sensitive communications might be traveling on networks built with Chinese equipment. Now, the DoD has its own dedicated, highly secure networks. The issue is that many regular communications, e.g. calls and texts might accidentally leak military information. For example, if you know that a particular company makes supplies for submarines, and you intercept an email order for supplies to be delivered to San Diego on a certain date, you can form a pretty good guess of when a submarine is coming into port.

One solution that’s gaining traction is to use a zero trust/zero knowledge approach to messaging. As exemplified by Wickr, these solutions encrypt messages end-to-end and wipe the message as soon as its delivered. There is no message archive to hack, or subpoena, after the message has been sent. (Talking to you, White House…)

“Even if you are deleting messages at your end, intermediaries tend to store your messages, at least for a time,” said Joel Wallenstrom, Wickr’s CEO. “They may do this for their own data analytics purposes, but it’s an insecure practice, one you may not be aware of—until someone breaches the communication provider.”

“Even if you are deleting messages at your end, intermediaries tend to store your messages, at least for a time,” said Joel Wallenstrom, Wickr’s CEO. “They may do this for their own data analytics purposes, but it’s an insecure practice, one you may not be aware of—until someone breaches the communication provider.” The Wickr solution makes this impossible. It sends messages in military-grade encrypted form.

Wickr users can modify their “burn on read” settings. If they don’t want it, they can shut it off. But, the deletion is their choice, not some anonymous third party’s. VPN service is available in less-than secure environments. It can detect if someone is taking a screen shot of your message. Key verification features authenticate the identity of the message recipient.

Wickr users can modify their “burn on read” settings.

As communications infrastructure grows less trustworthy, zero trust/zero knowledge is emerging as an attractive mode of messaging. Companies like Wickr are stepping up to fill the security gaps in communications networks. Their approach seems to be working. They are working with a number of high-profile corporate and government clients. These organizations understand the value of keeping private messages private.

Please follow and like us: