Encrypted Political Turmoil

Mr Turnbull and other members of the Australian Government may have something in common with Mrs Clinton with regards to Information Security. They are reported to use non-Government-vetted technologies to communicate, and to supposedly communicate on Government and political matters. The subject has certainly landed Mrs Clinton into a great deal of political turmoil (a few comments and thoughts here), and fair questions are now being asked in Australia.

The Australian press has recently raised a concern on the subject, under the following headlines:

• “Turnbull government risking national security, cabinet material by using WhatsApp: Dreyfus”, and
• “Government ‘hammered’ over use of WhatsApp amid security fears”.

Wickr and WhatsApp, secure/secret mobile communication applications, leverage Cloud infrastructures and are available for everybody to use. They have been used by Mr Turnbull and allegedly also by other members of the Government for more than a year.

The first media reports of the case were anecdotal, for example: (Mr Turnbull) “I use Wickr as an application. I use a number of others. I use WhatsApp … because they’re superior over-the-top messaging platforms.”.

It was then reported that Australian bikie gangs were also using such technologies to evade monitoring and orchestrate secretly their activities — Who was first to use such secret communication technologies, the politicians or the bikies?

Later updates reported the tremendous PR campaign that Wickr had benefited from the Australian political advertisement: Wickr downloads increased by 700% — I’m in the 700% having found out myself about Wickr thanks to Mr Turnbull :o)

Wickr was then reported to have been the subject of a hack — were there any politicians concerned about it?

In addition, technology providers such as Wickr, WhatsApp, etc., are also increasingly pressured by some law and intelligence agencies (many cases reported in the US) to further provide communication information about their subscribers. Cases have also been reported about Legal requests made to enable what is essentially permanent backdoors to such technologies (e.g. Apple case), which would weaken the security posture of those technologies (other parties could exploit the backdoors), raising a growing concern about the trust we may place in such solutions.

In Australia, the office of the Australian Information Commissioner is also reported to have recently warned Federal ministers that their smartphone app messages could be released publicly under Freedom Of Information — interested to see how that would work in practice?

The case raises some interesting questions:

• Why do leading political figures opt to bring their own security (BYOS) to better manage the secrecy of their communications, to the point of potentially putting some sensitive Government information at risk in likely violation of Government mandated security requirements?
• Are Government services not equipped well-enough with technology services to address the secrecy requirements of political figures? I would find that hard to believe.
• Would political figures be concerned about the Government monitoring of their communications if they used Government issued secure communication services?

I find the subject fascinating. I am also a very keen user of secure communication technologies. The Electronic Frontier Foundation (EFF) provides a very good reference and security scoreboard on Secure Messaging Applications.

What do you think about it?