Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //


10:30 AM
Lysa Myers
Lysa Myers
Connect Directly
E-Mail vvv

When Encrypted Communication Is Not Good Enough

For the vast majority of conversations -- on paper, by phone or computer -- encryption is a perfectly adequate form of protection. Unless, of course, a life or livelihood is at stake.

I participated in a panel discussion recently with a moderator who communicates with activists that could be under nation-state surveillance. She asked this group of security-minded professionals what we considered the most secure form of electronic communication. The panelists fell awkwardly silent. Is there any politic way to say what we were thinking? The truth is something we often forget in an interconnected era: If you absolutely need a particular piece of data to be secure, the best option is not to write it down at all.

There is a reason that the most important or potentially contentious legally binding agreements require a written contract to be accepted by all parties. If you want a long-lasting confirmation of something, you record it. Things that exist only in memory are, by nature, ephemeral and kaleidoscopic.

This is why we were collectively at a loss for words; anything recorded or written digitally or physically is not truly secure. There is a continuum of security levels of data ranging from “maybe someone can only get the metadata” to “public and indexed by all major search engines.” But recorded data are always inherently less secure.

The most secure information is that which one person alone has processed, without recording it by any means. But that scenario naturally excludes communication since it requires two or more people. Therefore, the question becomes: what would be the criteria that make a form of communication more or less secure?

Minimally processed
In short, the most secure conversation is one that has been processed by only two people, face to face. Whenever transmission over greater distance is involved, whether it is on paper or by phone or computer, this will either necessitate or increase the likelihood of it being processed by another party. Sometimes that third party is a living person, such as a mail carrier, and sometimes that third party is technological, such as an Internet Service Provider or via a telephone exchange.

Encryption of sensitive data is obviously a way to decrease the utility of that information if an unexpected person were to get hold of it, which is good enough for almost anyone in almost any situation. It’s how I would send most of my own sensitive information.

When you use end-to-end encryption, those third parties necessary to process the transmissions may not have access to the data within, but they certainly do have access to the metadata. In the aftermath of the Snowden revelations, few of us still wonder what the big deal is with sharing data about your data, if the original data per se is protected.

Just in case you didn’t catch that moment of collective panic: metadata collection is as if something analogous to Dewey Decimal System were automatically applied to communications so that the data about your data could be found without having to know who the author is or what the specific contents are.

This brings up the question of why we are protecting data. Some people seem to view protection simply from a perspective of reducing the chances of someone stealing data or using it for fraud. But there are other cases where things could be lost that are worth more than the time or money needed to recover from theft or fraud. While losing something like financial records is no small matter, there are subjects that some people find even more damaging to reveal to others. Arguably this could include mental or physical health records, but it could also be something as simple as gossip.

Significant consequences
The journalist who was moderating our discussion is someone who uses electronic communications to discuss things that are literally matters of life and death; hence our awkward silence. The consequences of choosing a platform with a weak algorithm or shoddy security practices are a big deal. And because the group was composed of security-minded (Read: paranoid.) people, we all had the same thought – if we had to discuss something that critical, we would rather not do it electronically.

Most of us simply don’t chat about anything so fraught with danger. But that doesn’t mean that we don’t all have things that we really don’t want repeated or revealed to parties outside of the discussion. Maybe it’s information that is simply not appropriate to openly discuss right now but which might be okay to discuss in a few days or a few months’ time. Maybe it’s information that would be a significant inconvenience or an embarrassment if it were shared. Whatever the situation, it’s completely normal and common to have information we don’t want leaked to anyone else (or just not to have repeated to some specific person).

In the vast majority of conversations, encryption offers plenty of protection for our interactions. But as we often say in this industry: if you have a sufficiently determined adversary, he or she will get in. If the consequences of that disclosure would be too high, a face-to-face dialog may indeed be the best recommendation.

Lysa Myers began her tenure in malware research labs in the weeks before the Melissa virus outbreak in 1999. She has watched both the malware landscape and the security technologies used to prevent threats from growing and changing dramatically. Because keeping up with all ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
5/15/2015 | 8:25:22 AM
Very thoughtful
Great insight on the limitations of encryption in the digital era. Thanks, Lysa. Nice job putting the issue into a real-world context.
User Rank: Apprentice
5/15/2015 | 9:48:15 AM
The group didn't answer the question.
I give your article a thumbs-up for emphasizing the dangers of electronic communication but it gets a thumbs-down for not answering the original question.  The group's response would have been much more useful if they would have told us what they would do when a face-to-face meeting isn't possible(since face-to-face meetings aren't possible in many, if not most, situations).
User Rank: Author
5/18/2015 | 3:23:22 PM
Re: The group didn't answer the question.
In person, we did answer the question. For the purposes of this article I chose to discuss just the first few minutes of a much more in-depth conversation. The answer is not a simple one - If you absolutely, positively need to discuss things electronically, there are a variety of things you will need to consider. Part of that consideration needs to be understanding that you will, at the very least, be exposing the metadata for the conversation. If one or the other party of the conversation are under surveillance, you may not be able to guarantee that your conversation is not being eavesdropped upon, even if you're using the most secure electronic communication method available.
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
5/19/2015 | 9:00:26 AM
Re: The group didn't answer the question.
@LysaMyers, the adage -- "Don't let perfect be the enemy of the good." -- doesn't totally apply in this case because there will always be risk in electronic communications. But in many of these extreme cases where bulllet proof security would be imposilbe the "good" will have to suffice. I assume that's what the panel concluded. So in the end the issue becomes one of guaging risk versus benefit.

User Rank: Ninja
5/16/2015 | 12:40:37 AM
If Pressed, Then I Choose...
...from a couple of apps deemend by the EFF to fit the bill:  Cryptocat or TextSecure.  I use 4096-bit GnuPG encryption for files that I exchange with trusted key-holders and talk on private IRCs with OTR encryption.

But, yeah, let's face it: True privacy, true security, is never assured, but at least let's do what we can to achieve it, best we can.  
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-09-19
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document.
PUBLISHED: 2020-09-19
** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our secu...
PUBLISHED: 2020-09-19
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with unit().
PUBLISHED: 2020-09-19
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with pair().
PUBLISHED: 2020-09-19
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with From<InlineArray<A, T>>.