Are you using an iPhone or an Android-based smartphone? Have you installed Signal yet? If not, please stop what you’re doing and install it now!
I owe a debt of gratitude to my good friend Dan for bringing Signal to my attention last year. Actually, he told me about its predecessors TextSecure and RedPhone for Android, which were just recently combined into a single product. Unfortunately, I initially confused the two with similar products with slightly different names and took no action.
Then, earlier this year, while looking for a more secure replacement for WhatsApp, I came across the Secure Messaging Scorecard from the Electronic Frontier Foundation. The EFF is sort of an ACLU for the digital world. Their scorecard measures the security of popular messaging applications, giving a pass or fail grade in each of seven categories.
Signal passes all seven categories.
WhatsApp does not fare nearly as well, passing only two categories. iMessage, which is Apple’s secure messaging product, fares much better, although it still fails in a couple categories. iMessage was never an option for me since I’m using an Android smartphone, but I know a lot of people use it, so I’m including it in the image below.
Anyway, when I saw the list, I remembered Dan’s message from several months earlier, got in touch with him, and we were messaging with TextSecure within a few minutes. I also got my wife Kathryn on the iPhone version of the product right away. Within a few weeks my parents, sister, and brother-in-law were also on board, a fifty-fifty split between iPhone and Android users. That small group represents the overwhelming majority of my routine messaging.
Since that initial push, though, I haven’t been nearly as successful at getting other correspondents switched over to Signal, in spite of it being no harder to use than WhatsApp. In fact, since then, I can only count one convert, and half the credit for that one goes to Kathryn. That’s why I’m writing this post.
If you’ve been keeping up with the news over the past nine days, you’re probably already aware that certain elected and unelected officials in the U.S., living up to the old adage of never letting a crisis go to waste, are trying to make strong encryption the bogeyman of the recent attacks in Paris. Never mind that much of the planning was likely done face-to-face and that messages from ISIS may have come via the PlayStation Network. According to the powers that be, if you value privacy, you must be a terrorist. Got it?
Don’t buy into this lie!
There’s absolutely no reason anyone — other than the intended recipient — should be reading messages you send. Even if they’re mundane. Especially if they’re mundane.
When I encourage friends, family, and correspondents to adopt more secure messaging protocols, one of the most common responses I get — mostly from women, sadly — is, “I have nothing to hide.” To which I offer this one-word rebuttal:
I think there’s a fanciful notion that once governments have swept up all our personal communications and put them in databases, they will be locked away in an impenetrable fortress, accessible only by some trustworthy pinhead with the right clearances and proper authorizations, like the NOC list in the movie Mission: Impossible. Yet hardly a week goes by where we don’t read about some top-secret, eyes-only information that somehow went public — information that was supposed to be far more sensitive than routine text messages between us serfs. In the real world, though, a database like that would be a criminal’s wet dream — a giant bullseye for would-be identity thieves and confidence schemers — and it would probably be about as secure as the average post office. And once the target has been breached, everything that was private would become public.
If you fall into the “I have nothing to hide” camp, please ask yourself some tough questions:
“If I woke up tomorrow morning, opened the newspaper, and saw the last five years of messages with my significant other, how would I feel about it? Would he or she feel the same way? Is there anyone whose feelings might be hurt?”
“If I were in the middle of negotiating a raise at work, and my boss suddenly had transcripts from the last several weeks of my phone calls, would I now be at a disadvantage?”
“Is there anything in my medical history I wouldn’t want everyone in my extended family to know?”
More fundamentally, isn’t the fact you have “nothing to hide” exactly the reason governments shouldn’t be looking at your messages in the first place? Shouldn’t they be focusing their efforts on the people who do have something to hide? Can you imagine the authorities coming to your home once a day, making sure you have nothing to hide?
Of course not. They shouldn’t come to your phone, either.
Make a statement!
Am I saying installing Signal is all you need to keep your messages private?
Certainly not. Strong encryption is another tool, another line of defense, another hurdle for the adversaries of privacy to jump over.
However, it does send a statement. A routine message sent with strong encryption tells the world privacy is an expectation, not an exception. It tells your correspondent that you value discretion. It’s possible your correspondent values discretion too.
Especially if your correspondent happens to be me.