Privacy

Security Doesn’t Always Mean Privacy

Privacy is key to protecting from information leaks.


This summer, Governor Ricardo Rossello was forced to resign after a massive information leak from a messaging application he had been using exposed various levels of corruption and other embarrassing details.   Earlier this year, Jeff Bezos certainly experienced a similar (though not as damning) information leak when his WhatsApp messages with now-girlfriend, then-mistress Lauren Sanchez revealed he was having an affair. Let’s not even talk about Anthony Weiner… And yet, we continue to see information leaks stemming from messaging applications over and over again. 

These incidents raise questions about how prominent figures and business leaders should conduct privileged communications today. Unfortunately, executive and privileged communications are a reality of today’s political, business and personal worlds, no matter how wonderful or horrific their contents. So how can they make sure that sensitive information is secure and protected – is truly private? 

Typically, when we think about security, we tend to immediately equate it with encryption.  End-to-end encryption is certainly important and encryption is of course a given when it comes to secure messaging applications; however, why do most people think that encryption is enough?  In an article detailing the flaws of end-to-end encryption, Wired offered the following analogy: “It essentially amounts to a bodyguard who picks you up at your house, rides around with you in your car, and walks you to the door of wherever you’re going. You’re safe during the transport, but your vigilance shouldn’t end there.” Put it another way: once you reach your destination, the bodyguard can’t protect you from violence. 

So, what is missing in this security feature?  What is the so-to-speak elephant in the room?  Clearly, it is privacy.  Look at Facebook.  They were fined for lack of privacy, not lack of security.  So, what do you need to keep your conversations not just secure, but private?  I would like to suggest that you need content control: complete control of your messages and the information contained within them at all times.  You should always decide whether your content can be forwarded to others, copied and shared, saved to a device or the cloud, or posted online – even if you send it on to another device.  Imagine if Jeff Bezos had been able to been able to delete the messages from all the devices the messages were on: his affair would not have been revealed – at least not in that way. He would have retained control of his public persona and business narrative.  To go back to the Wired analogy, once your bodyguard is done escorting you to your destination, an 18th century chaperone should take over for him.  (Of course, if you are an enterprise, you may need a compliance copy and you should always the trusted third party to store that copy only once in an appropriately protected location of your choice, not theirs.)  Only with these kinds of content control can you really have a truly private conversation.    

Of course, these issues, and the need to truly control information, is most visible when it comes to political figures, business leaders, celebrities and other public figures, but it doesn’t mean it shouldn’t matter to the rest of us. Understanding the nuances of the security and privacy we rely on to communicate is very important when you are looking to have leakproof conversations. We all use vulnerable communication tools, whether we realize it or not.  It is time we paid attention to privacy options as well as encryption in the tools we use. 

Contributor: Galina Datskovsky