The simple phraseology ‘secure’ means little unless you can address two key questions.
- Secure against who?
- Secure under what conditions?
You should assume nothing whenever some application, platform, provider or API advertises security/encryption. The transaction remains fairly opaque unless you can oversee it down to the level you trust, or rather, unless you initiate the encryption via an open source GnuPG or some OpenPGP client.
If it’s not open source but proprietary, if it hasn’t been dissected, rummaged and scrutinized by hackers and researchers over the globe for at least a decade or two, then you effectively place faith in the provider of the proprietary solution to have addressed the holes (there are always holes). Nothing is 100% of course, but I’d much rather take the former option.
Data might be stored/transmitted encrypted, indecipherable to the unsolicited eye. But that security lies at the mercy of the initiator (provider) and whomever else it chooses to also grant the privilege.
With proprietary messengers, social networks, cloud solutions, you can never address the two questions; if any.
I’m not necessarily saying closed or opaque solutions aren’t solid. Nor do I imply the ever likelihood of any compromise. What I am saying, however, why bother with such concerns when you don’t have to? Have you no options?
So simplify your life. Assume total lack of security from the start. Either
- Don’t use those tools.
- Don’t transmit anything that would terribly upset you if compromised.
- Encrypt all sensitive data yourself, offline, externally to the platforms, via one of the open-source mechanisms I refer to.
Option 3 is easy enough with personal data designated for yourself. Use GnuPG or the likes. Also see this rather antiquated, but mostly applicable and comprehensive PGP related FAQ at MIT. Much of it is an entertaining read.
However, where asymmetric encryption (or even symmetric) concerns interpersonal communication, we face a few challenges:
- All parties involved in the exchange must be initiated and take equal measures.
- Trust, while no longer an issue with the underlying platform, is still an issue between the two parties.
I’ll address #1 another day, although I’ll say immediately that there isn’t an easy solution.
Concerning the second point, suppose you and I wish to securely communicate via what we should assume an unsecure channel. In case of asymmetric encryption, we each must
- be ‘initiated’ and have a key pair of public/private keys (see my encryption primer).
- have access to each others public keys to encrypt the outbound transmission.
At this point, an issue of inner trust arises. Now if we’re intimately acquainted, and assuming no one spoofed any of our identities (and certain other assumptions I must heed lest I succumb to lunacy), then we’re golden.
What if we don’t know each other all that well? Alternatively, but quiet realistically, what if we can’t trust each other’s technical prowess not to commit incidental acts of foolishness?
Suppose our trustworthiness stands in question and I send you a secure message that I’ve encrypted with your public key.
If it’s in my interest that only you decrypt the data, I face uncertainty. I don’t know that your private key is secure, do I? That it hasn’t been compromised perchance? That you even comprehend the particularities behind asymmetric encryption? It follows that I can’t assume discrepancy.
Now be it information solicited by you and in your greater interest that it be kept confidential, well, I’ve done my part, securing it with your public key. From then on, I could care less what you do.
You, on the other hand, face a dilemma. You can’t entirely trust me, can you? I’ve encrypted it with your public key, yes. But how many other public keys have I added besides? * My personal key for certain, you can rest assured, as I like to be able to decrypt my own encrypted correspondences. But I may also have encrypted it with another public key or two belonging to friends; or some friendly neighborhood security agency employees. Use your imagination.
Conversely, if you send me a message encrypted with my public key, an analogous situation presents itself.
If it’s in your interest that only I decrypt and view the data, you can’t place ultimate trust in the security and safekeeping of my private key.
If it’s in my interest that no one but me (and maybe you) decrypt the communication, I’ve no assurance of the deed. You initiate the encryption, capable of enabling as many back doors (ie encryption via multiple public keys) as you deem fit. **
* If this generates confusion, the OpenPGP standard enables encryption via numerous public keys. It then suffices any one of the corresponding private keys to decrypt the data. While the decryption process reveals the presence of multiple encryption keys (so it may raise an alert), it doesn’t necessarily reveal their identities.
** In addition to multiple public keys, the standard also allows a regular (symmetric) passphrase, should one entirely lose the private key but still wish to decipher that piece of data. The decryption process also reveals the presence of one of these.
Think of it this way. Whoever you trust to encrypt your data with your public key, you trust in the same way as the neighbour you entrust your key with while you leave for vacation. *
Speaking quiet optimistically, most of the time, trust does not become a problem. But none of these issues do you face when managing strictly your own data for your own eyes.
* Okay, slightly different security frameworks, but similar ethical considerations. With asymmetric security, the party cannot decrypt your data with your public key - the private key is needed for that, which the encrypting party won’t have. However, the person is free to encrypt it with own and others' public keys, effectively enabling access to whomever. Not terribly different from the neighbour who can make limitless key copies of that physical key you entrust.
Takeaways:
- Take care to encrypt the data yourself, independent of any cloud or closed platform, by ways of open-source GPG/OpenPGP standards. That way you minimize unnecessary concern for weaknesses, back doors or conflicting interest. It’s foolish not to exercise the better option when you have it.
- Security is much easier when the data concerns no one but yourself. The case of interpersonal communication grows more complex, as issues of trust, interest and stake usually impact one side greater than another.
Questions, comments? Connect.