For many of their users, mobile messaging apps are just expedient little tools for texting and sharing photos or videos with friends who use the same app. The fact that those messages and content are encrypted is just an added a perk. But for journalists and their sources--especially sensitive sources like whistleblowers--encrypted messaging apps are an increasingly valuable means of communication, which provide a modicum of assurance that the information being exchanged is private and protected from anyone outside of that conversational relationship.
In the encrypted mobile messaging space, there are both major and minor players. Some are lesser known brands, like Threema, a Swiss-developed suite of mobile apps that encrypt text messages, documents, and voice calls for both Droid and AppleOS devices. The developer promises users, who pay for this app, "seriously secure messaging."
Others are wildly popular--ubiquitous even--in some markets. Take Facebook-owned WhatsApp, for example, which at last count (January 2018) boasts more than 1.5 billion users worldwide.
Journalists have been quick adopters of Signal, a messaging app tied only to the users' mobile number, allowing anyone with the app and that number to reach out to reporters in confidence.
Wire, which had a large European following initially, has gained some traction in North America and around the world. Morten Bragger, Wire's CEO, estimated that Wire now has a half-million users of its free encryption app and more than 400 paying enterprise clients.
Wire is different than other tools not just in business model, but in the way that it's been designed. In terms of the business model, the developer courted those enterprise clients by addressing corporations' needs to communicate securely and privately.
Email is very "last millennium" the CEO suggested and said that Wire's design is "the new black." First, the Wire interface is designed to be consumer friendly and "very modern." But it's not just how it looks that's distinctive; it's how Wire implements encryption that's significant, too.
"In the classic cloud, you have the application in the cloud, and all the users with their devices are connected to that," Bragger explained. "In the cloud, you have all the logic, all the processing, all the storage, all the security, and if that traditional SaaS provider offers encryption, the encryption keys will be stored centrally in the cloud."
The problem with this model is that it creates a vulnerability he calls "the man in the middle." If hackers can compromise the cloud, they can get access to the encryption keys, making it possible to decipher the content.
Wire's solution is more like a "distributed cloud," he said. "Some of the logic is in the middle, but a lot of the logic is actually on the client. We have some of the processing, but not all of it. We have some of the storage, but not all of it...So we have none of the encrypted content."
Bragger said that Wire's philosophy is that people have a human right to communicate privately, especially in the cases of journalists and sources or enterprise clients protecting intellectual property and business communications.
Communicating in Confidence
Because they're free or low cost and readily available for download, journalists often leverage multiple messaging apps, giving sources the opportunity to communicate in however they feel most comfortable.
BuzzFeed News' cybersecurity correspondent Kevin Collier uses several encryption tools for communication. Choosing which to use largely has to do with a source's preference.
"Signal is the one I use most frequently," he said. "If I have a source who requests Wire or Wickr, I will...Sometimes, it'll be a hacker or a security-type of source who is partial to one of those. If it's someone who is well informed in this space, I'll acquiesce to them. Overwhelmingly, though, 111 use Signal, and if it's a source who doesn't seem particularly up on the issue, I'll request that we use Signal if it's remotely sensitive."
Collier suggested that email is perhaps one of the most vulnerable means of communication, and cited some research he'd done about the hacking of email accounts to persons related to the "Gulf conflict" policy, including a Trump Administration advisor. Email is rightfully seen as problematic.
"There is a broad consensus that if you're going to be speaking using technology that is readily available to most people, Signal and its disappearing messages--and I've really got to stress the...