Encrypted Text Does NOT Equal Secure Text. Why the NYTimes Got it Only Partially Right.
In the New York Times article from July 6, 2017, the author, Kevin Roose, suggests that many elites have indeed switched to secure communications and secure text in place of email to preserve confidentiality and privacy. Indeed, in the world of constant leaked and hijacked information, new means of communication are a must.
In the article, the author cites several examples of the use of WhatsApp for secure communication. As we know, WhatsApp offers end to end encryption, but no other means of content control or means to preserve transparency. Two quotes in the article struck me as particularly interesting. “By and large, email is still used for formal conversations,” said Juleanna Glover, a corporate consultant based in Washington. “But for quick shots, texting is the medium of choice.” Validating that text has now become accepted in the mainstream for daily communication requiring rapid response.
Another interesting issue discussed was compliance. The article continues stating that, “Texting apps are already creating headaches on Wall Street, where financial regulations require firms to preserve emails, instant messages, and other business-related correspondence.” In March, Christopher Niehaus, an investment banker with the Jefferies Group in London, resigned from his job and was fined nearly $50,000 by British regulators after disclosing confidential client information to a friend over WhatsApp. Deutsche Bank barred its employees from texting and from using WhatsApp on their work phones …” This is also quite telling. While the need for confidentiality and the desire for leak prevention is absolutely clear, why can’t compliance be part of the story? There almost seems to be an assumption by the author that there are no solutions for this. In fact, one does not have to sacrifice compliance or transparency to achieve the necessary levels of security required by regulated organizations or loose the ease of communication and efficiency of text. Both are possible.
Encryption and the ability for text to disappear should be considered basic fundamentals. Encryption is NOT enough and cannot provide the security necessary in today’s world of business texting requirements – which is what we are finding with applications such as WhatsApp and others which were built with only the consumer in mind. To address business concerns, sender control over texts, the content within them and its use must be maintained at all times to prevent unintended propagation and data leaks. And compliance must be ensured at all times to meet regulatory, legal and business obligations. Consumer-grade apps simply do not and cannot answer these needs.
Today’s elite and business executives must instill trust in how they communicate sensitive data and by utilizing secure texting apps (available today) that go beyond the basics of encryption. These ‘enterprise-class’ platforms, such as Vaporstream, not only meet the efficiency demands of collaboration for rapid decision making but also meet the regulatory, transparency and privacy demands to communicate with confidence.
Something the author did not discuss, however also essential, is that the app vendor (not the case with Facebook and WhatsApp) should not store the information it transfers. Rather this sensitive information should only be stored for compliance purposes in a secure repository of the sender institution’s choice. As an example, in the financial services world, that would mean storing the information in the messaging archive and using the very same DLP, supervision and ediscovery tools normally used to ensure compliance against that content. Enterprise-class secure messaging platforms, such as Vaporstream, ensure that the sole copy of record is the only one available through the archive and that all transitory copies are deleted from all devices. Vaporstream does not store your content and thus have nothing to produce or mine. This is very important to maintaining your confidentiality.
To find out more about how your business can communicate with confidence via secure text messaging – without sacrificing compliance and transparency – contact us or ask to see Vaporstream in action.
Contributor: Galina Datskovsky