Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //


10:30 AM
Lysa Myers
Lysa Myers
Connect Directly
E-Mail vvv

When Encrypted Communication Is Not Good Enough

For the vast majority of conversations -- on paper, by phone or computer -- encryption is a perfectly adequate form of protection. Unless, of course, a life or livelihood is at stake.

I participated in a panel discussion recently with a moderator who communicates with activists that could be under nation-state surveillance. She asked this group of security-minded professionals what we considered the most secure form of electronic communication. The panelists fell awkwardly silent. Is there any politic way to say what we were thinking? The truth is something we often forget in an interconnected era: If you absolutely need a particular piece of data to be secure, the best option is not to write it down at all.

There is a reason that the most important or potentially contentious legally binding agreements require a written contract to be accepted by all parties. If you want a long-lasting confirmation of something, you record it. Things that exist only in memory are, by nature, ephemeral and kaleidoscopic.

This is why we were collectively at a loss for words; anything recorded or written digitally or physically is not truly secure. There is a continuum of security levels of data ranging from “maybe someone can only get the metadata” to “public and indexed by all major search engines.” But recorded data are always inherently less secure.

The most secure information is that which one person alone has processed, without recording it by any means. But that scenario naturally excludes communication since it requires two or more people. Therefore, the question becomes: what would be the criteria that make a form of communication more or less secure?

Minimally processed
In short, the most secure conversation is one that has been processed by only two people, face to face. Whenever transmission over greater distance is involved, whether it is on paper or by phone or computer, this will either necessitate or increase the likelihood of it being processed by another party. Sometimes that third party is a living person, such as a mail carrier, and sometimes that third party is technological, such as an Internet Service Provider or via a telephone exchange.

Encryption of sensitive data is obviously a way to decrease the utility of that information if an unexpected person were to get hold of it, which is good enough for almost anyone in almost any situation. It’s how I would send most of my own sensitive information.

When you use end-to-end encryption, those third parties necessary to process the transmissions may not have access to the data within, but they certainly do have access to the metadata. In the aftermath of the Snowden revelations, few of us still wonder what the big deal is with sharing data about your data, if the original data per se is protected.

Just in case you didn’t catch that moment of collective panic: metadata collection is as if something analogous to Dewey Decimal System were automatically applied to communications so that the data about your data could be found without having to know who the author is or what the specific contents are.

This brings up the question of why we are protecting data. Some people seem to view protection simply from a perspective of reducing the chances of someone stealing data or using it for fraud. But there are other cases where things could be lost that are worth more than the time or money needed to recover from theft or fraud. While losing something like financial records is no small matter, there are subjects that some people find even more damaging to reveal to others. Arguably this could include mental or physical health records, but it could also be something as simple as gossip.

Significant consequences
The journalist who was moderating our discussion is someone who uses electronic communications to discuss things that are literally matters of life and death; hence our awkward silence. The consequences of choosing a platform with a weak algorithm or shoddy security practices are a big deal. And because the group was composed of security-minded (Read: paranoid.) people, we all had the same thought – if we had to discuss something that critical, we would rather not do it electronically.

Most of us simply don’t chat about anything so fraught with danger. But that doesn’t mean that we don’t all have things that we really don’t want repeated or revealed to parties outside of the discussion. Maybe it’s information that is simply not appropriate to openly discuss right now but which might be okay to discuss in a few days or a few months’ time. Maybe it’s information that would be a significant inconvenience or an embarrassment if it were shared. Whatever the situation, it’s completely normal and common to have information we don’t want leaked to anyone else (or just not to have repeated to some specific person).

In the vast majority of conversations, encryption offers plenty of protection for our interactions. But as we often say in this industry: if you have a sufficiently determined adversary, he or she will get in. If the consequences of that disclosure would be too high, a face-to-face dialog may indeed be the best recommendation.

Lysa Myers began her tenure in malware research labs in the weeks before the Melissa virus outbreak in 1999. She has watched both the malware landscape and the security technologies used to prevent threats from growing and changing dramatically. Because keeping up with all ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
5/19/2015 | 9:00:26 AM
Re: The group didn't answer the question.
@LysaMyers, the adage -- "Don't let perfect be the enemy of the good." -- doesn't totally apply in this case because there will always be risk in electronic communications. But in many of these extreme cases where bulllet proof security would be imposilbe the "good" will have to suffice. I assume that's what the panel concluded. So in the end the issue becomes one of guaging risk versus benefit.

User Rank: Author
5/18/2015 | 3:23:22 PM
Re: The group didn't answer the question.
In person, we did answer the question. For the purposes of this article I chose to discuss just the first few minutes of a much more in-depth conversation. The answer is not a simple one - If you absolutely, positively need to discuss things electronically, there are a variety of things you will need to consider. Part of that consideration needs to be understanding that you will, at the very least, be exposing the metadata for the conversation. If one or the other party of the conversation are under surveillance, you may not be able to guarantee that your conversation is not being eavesdropped upon, even if you're using the most secure electronic communication method available.
User Rank: Ninja
5/16/2015 | 12:40:37 AM
If Pressed, Then I Choose...
...from a couple of apps deemend by the EFF to fit the bill:  Cryptocat or TextSecure.  I use 4096-bit GnuPG encryption for files that I exchange with trusted key-holders and talk on private IRCs with OTR encryption.

But, yeah, let's face it: True privacy, true security, is never assured, but at least let's do what we can to achieve it, best we can.  
User Rank: Apprentice
5/15/2015 | 9:48:15 AM
The group didn't answer the question.
I give your article a thumbs-up for emphasizing the dangers of electronic communication but it gets a thumbs-down for not answering the original question.  The group's response would have been much more useful if they would have told us what they would do when a face-to-face meeting isn't possible(since face-to-face meetings aren't possible in many, if not most, situations).
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
5/15/2015 | 8:25:22 AM
Very thoughtful
Great insight on the limitations of encryption in the digital era. Thanks, Lysa. Nice job putting the issue into a real-world context.
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-16
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the han...
PUBLISHED: 2021-06-16
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware and filesystem contain hard-...
PUBLISHED: 2021-06-16
Helm is a tool for managing Charts (packages of pre-configured Kubernetes resources). In versions of helm prior to 3.6.1, a vulnerability exists where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. This...
PUBLISHED: 2021-06-16
Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps versions prior to 2.20.0, new user registrations are able to access anyone's account by only knowing their basic profile information (name, birthday, gender, etc). This includes all app functionality within th...
PUBLISHED: 2021-06-16
FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated).