Dr. Frank Kardasz, MPA, Ed.D.
Editor: Ava Gozo.
Section I - Pros and Cons
Encrypted messaging apps are
increasingly popular due to heightened concerns about privacy and security.
These apps offer various features that protect communications from unauthorized
access, but they may also come with certain drawbacks. Below is an overview of
the pros and cons of encrypted messaging apps.
Pros of Encrypted Messaging Apps
Enhanced Privacy and Security
- End-to-End Encryption (E2EE): Messages are encrypted on the
sender's device and only decrypted on the recipient's device, intended to
ensure that no intermediaries, including the service provider, can read
the content[7].
- Data Protection: E2EE protects against hackers
and unauthorized access, making it difficult for attackers to intercept
and decipher messages[8].
Control Over Shared Content
- Disappearing Messages: Many apps offer features like
self-destructing messages, which automatically delete messages after a set
period, adding an extra layer of security[3].
- Anonymous Sharing: Some apps allow users to share
content anonymously, reducing the risk of personal information being
exposed[1].
Transparency and Trust
- Open Source: Apps like Signal are open
source, allowing independent audits and transparency in how the app
functions and handles data[3].
- Minimal Data Logging: Secure messaging apps often log
minimal data, such as not storing IP addresses or metadata, which enhances
user privacy[3].
Convenience and Accessibility
- Free and Mobile-Optimized: Many encrypted messaging apps
are free and optimized for mobile use, making them accessible to a wide
range of users[1].
- Cross-Platform Availability: These apps are often available
on multiple platforms, including Android, iOS, Windows, and macOS,
ensuring broad compatibility[3].
Cons of Encrypted Messaging Apps
User Experience and Features
- Limited Additional Features: Fully encrypted apps may lack
additional features like message history or contextual services, which can
be a drawback for users who need these functionalities[7].
- Usability Issues: Some users may find encrypted
messaging apps less user-friendly, especially if they require complex
setup processes or lack intuitive interfaces[3].
Anonymity and Metadata Exposure
- Metadata Visibility: While the content of messages is
encrypted, metadata (such as who you communicate with and when) is sometimes
not hidden, potentially compromising anonymity[8].
- Phone Number Requirement: Many apps, including Signal and
Telegram, require a phone number for registration, which can undermine
user anonymity[4].
Security Limitations
- Device Security: E2EE does not protect messages
if an attacker gains physical access to the device. Therefore,
device-level security measures are crucial[7].
- Potential for Abuse: The anonymity and privacy
offered by these apps can also be exploited for malicious activities, such
as cyberbullying or harassment[1].
Regulatory and Compliance Issues
- Government Bans: Some foreign governments may ban
or restrict the use of encrypted messaging apps, citing national security
concerns[8].
- Compliance Challenges: Companies using these apps may
face challenges in complying with legal requirements for data access and
retention[8].
Conclusion
Encrypted messaging apps offer
significant advantages in terms of privacy, security, and control over shared
content. However, they also come with certain limitations, including potential
usability issues, metadata exposure, and regulatory challenges. Users must
weigh these pros and cons based on their specific needs and threat models to
choose the most appropriate app for their communication needs.
Citations:
[1] https://trustarc.com/resource/private-messaging-apps/
[2] https://www.reddit.com/r/privacy/comments/l3vp4o/pros_and_cons_of_different_messaging_apps/
[3] https://restoreprivacy.com/secure-encrypted-messaging-apps/signal/
[4] https://www.forbes.com/sites/davidbalaban/2024/02/18/security-factors-to-consider-when-choosing-a-messaging-app/
[5] https://nordvpn.com/blog/most-secure-messaging-app/
[6] https://www.icfj.org/news/secure-messaging-apps-pros-and-cons-each-platform
[7] https://www.businessinsider.com/guides/tech/end-to-end-encryption
[8] https://virola.io/articles/pros-and-cons-of-using-end-to-end-encryption
=-=-=-=-=-=
Section II - What Are Some Examples of Encrypted
Messaging Apps?
Here are some widely recognized
encrypted messaging apps, each offering unique features and varying levels of
security:
1. Signal
Signal is often considered the gold
standard for encrypted messaging apps. It provides end-to-end encryption for
text, voice, and video communications. Signal's open-source encryption protocol
is regularly audited, ensuring transparency and security. Additional features
include self-destructing messages, encrypted stickers, and disappearing
messages[1][4][7].
2. WhatsApp
WhatsApp uses the Signal Protocol for
end-to-end encryption, making it a secure option for text, voice, and video
chats. However, concerns about privacy arise due to its ownership by Meta
(formerly Facebook) and the collection of metadata. Despite this, WhatsApp
remains one of the most popular messaging apps globally[1][7].
3. Telegram
Telegram offers end-to-end encryption
for its Secret Chats, while regular chats are encrypted but stored on
Telegram's servers. It is known for its large group chat capabilities,
channels, and bots. Telegram also includes features like disappearing messages
and self-destructing media[1][4][7].
4. Threema
Threema is a Swiss-made app that
emphasizes privacy and security. It provides end-to-end encryption for all
communication types and does not require a phone number for registration,
enhancing user anonymity. Threema also offers features like group chats, file
sharing, and a polling system[6][7][8].
5. Wire
Wire offers end-to-end encryption for
instant messages, voice, and video calls. It is particularly popular among
businesses due to its clean interface and support for multiple accounts. Wire
also allows for cross-device syncing and is open-source, ensuring
transparency[7][8].
6. Element (formerly Riot)
Element is built on the decentralized
Matrix protocol, which enhances privacy by not storing data on a central
server. It supports end-to-end encryption, voice and video calls, and bridges
to other platforms. Element is ideal for those seeking a decentralized
communication solution[4][8].
7. Session
Session is designed for maximum
anonymity and privacy, using a decentralized network to route messages. It does
not require a phone number or email for registration, making it an excellent
choice for users who prioritize anonymity[2][3].
8. SimpleX
SimpleX is another app that focuses on
privacy and anonymity. It does not require a phone number or email for
registration and uses a unique method to ensure that even metadata is not
exposed[3].
Conclusion
Each of these encrypted messaging apps
offers robust security features, but the best choice depends on your specific
needs and priorities. Signal is highly recommended for overall security and
transparency, while Threema and Session are excellent for those who value
anonymity. Telegram and WhatsApp offer a balance of security and user-friendly
features, making them suitable for general use.
Citations:
[1] https://www.pcmag.com/picks/best-secure-messaging-apps
[2] https://www.reddit.com/r/privacy/comments/14b9ko7/what_encrypted_communication_app_to_use/
[3] https://www.reddit.com/r/privacy/comments/1ct6oty/can_anyone_tell_me_which_encrypted_messaging_apps/
[4] https://www.techradar.com/best/best-encrypted-messaging-app-android
[5] https://www.rocket.chat/blog/most-secure-messaging-apps
[6] https://www.uctoday.com/unified-communications/the-best-encrypted-messaging-apps-for-businesses-in-2024/
[7] https://www.tomsguide.com/reference/best-encrypted-messaging-apps
[8] https://computercity.com/internet/social-media/whatsapp-alternative
=-=-=-=-=-=
Section II - Legitimate & Illegitimate uses for Encrypted Messaging Apps
Encrypted messaging apps have both
legitimate and illegitimate uses. Here's an overview of some common
applications in both categories:
Legitimate Uses
Personal Privacy and Security
- Protecting sensitive personal
conversations from hackers or surveillance
- Securing financial information
when discussing transactions
- Safeguarding medical information
in communications with healthcare providers
Professional Confidentiality
- Lawyers communicating
confidentially with clients
- Journalists protecting sources
and sensitive information
- Business executives discussing
proprietary information or trade secrets
Human Rights and Activism
- Activists organizing in
repressive regimes
- Whistleblowers sharing
information with journalists or authorities
- NGOs coordinating sensitive
operations in dangerous areas
Government and Military
- Diplomats communicating securely
about international affairs
- Military personnel sharing
classified information
- Law enforcement coordinating
sensitive operations
Everyday Communication
- Individuals who simply value
their privacy in day-to-day conversations
- Families sharing personal
information and photos securely
Illegitimate Uses
Criminal Activities
- Drug trafficking and illegal arms
deals
- Money laundering and financial
fraud
- Human trafficking operations
- Terrorist planning and
coordination
Child Exploitation
- Distribution of child sexual
abuse material (CSAM)
- Grooming and exploitation of
minors
Cybercrime
- Planning and coordinating
cyberattacks
- Sharing stolen data or hacking
tools
Espionage
- Industrial espionage and
corporate theft
- State-sponsored espionage
activities
Evading Law Enforcement
- Criminals using encryption to
hide evidence from authorities
- Coordinating illegal activities
while avoiding detection
Conclusion
It's important to note that while
encrypted messaging apps can be used for illegal activities, the technology
itself is neutral. The same encryption that protects criminals can also
safeguard vulnerable individuals, protect human rights, and ensure privacy for
law-abiding citizens. The challenge lies in balancing the need for privacy and
security with the need to prevent and investigate serious crimes.
Citations:
[1] https://www.pcmag.com/picks/best-secure-messaging-apps
[2] https://zapier.com/blog/best-secure-messaging-app/
[3] https://www.lenovo.com/us/en/glossary/what-is-encrypted-text-messaging/
[4] https://cybernews.com/security/cybercriminals-are-using-encrypted-chat-apps-as-illegal-marketplaces/
[5] https://www.bbc.co.uk/news/technology-66716502
[6] https://www.bbc.com/news/technology-66716502
[7] https://nymag.com/intelligencer/2021/06/fbi-snooped-on-criminals-using-encrypted-messaging-app.html
[8] https://humantraffickingfront.org/encryption-and-child-safety/
=-=-=-=-=-=
Section IV -Do any US States ban Encrypted Messaging
Apps as Illegal?
No state in the United States has
outright banned encrypted messaging apps for the general public, but there are
specific restrictions in place for certain groups, particularly government
employees, to ensure compliance with open-records laws.
State-Specific Restrictions
Michigan
Michigan has taken steps to restrict
the use of encrypted messaging apps by state workers. The Michigan State Senate
voted to block state workers from using messaging apps that feature end-to-end
encryption on their government-issued phones. This measure aims to ensure that
state employees cannot use these apps to evade open-records laws, which require
the preservation of public records[1].
Oklahoma
In Oklahoma, there have been concerns
raised about state officials using encrypted messaging apps like Signal. While
there is no outright ban, the use of such apps has raised questions about
transparency and compliance with the state's Open Records Act. The Attorney
General's office has strongly discouraged public officials from using
third-party messaging applications for communicating about public business[2].
Colorado
A report by the Colorado Freedom of
Information Coalition recommended banning public officials from using encrypted
or disappearing messaging apps for official business. This recommendation came
after allegations of violations of the state's open meetings law. However, as
of now, this remains a recommendation and not an enacted law[4].
Conclusion
While no state in the U.S. has banned
encrypted messaging apps for the general public, several states have
implemented or considered restrictions for government employees to ensure
transparency and compliance with open-records laws. These measures are primarily
aimed at preventing the use of encrypted messaging apps to evade legal
requirements for preserving public records.
Citations:
[1] https://statescoop.com/michigan-ban-encrypted-messaging/
[2] https://okcfox.com/news/local/oklahoma-officials-use-of-encrypted-messaging-app-raises-concerns-over-open-records-act-transparency-and-legality-gentner-drummond-signal-app-kevin-stitt-department-of-corrections-police-san-diego-phoenix-eugene-oregon
[3] https://spectrum.ieee.org/encrypted-messaging-app
[4] https://www.denver7.com/news/politics/report-recommends-co-ban-public-officials-use-of-encrypted-disappearing-messaging-apps-for-official-business
[5] https://www.reddit.com/r/cryptography/comments/1eesz8y/can_the_usa_government_break_into_thomas_crooks/
[6] https://www.internetsociety.org/blog/2023/06/speak-out-against-bills-that-threaten-end-to-end-encryption/
=-=-=-=-=-=
Section V – are there any specific laws, codes or
regulations banning the use of the Apps?
Here are the specific laws, codes, or
regulations in the states where the use of encrypted messaging apps is banned
or restricted:
Michigan
Law: House Bill 4778
- Description: Michigan House Bill 4778
prohibits state departments and agencies from using any app, software, or
other technology that prevents them from maintaining or preserving
electronic public records. This includes apps that use end-to-end
encryption and those that allow for the automatic deletion of messages.
- Purpose: The law aims to ensure
compliance with the Michigan Freedom of Information Act (FOIA) by
preventing state employees from using encrypted messaging apps that could
be used to evade open-records laws.
- Status: Passed by the Michigan State
Senate and House in 2021[2][3][7][8].
Oklahoma
Guidance: Attorney General's Office
- Description: While there is no specific law
banning the use of encrypted messaging apps, the Oklahoma Attorney
General's Office strongly discourages public officials from using
third-party messaging applications for communicating about public
business. This guidance is based on the Oklahoma Open Records Act, which
requires that electronic communications concerning public business be
preserved and produced upon request.
- Purpose: To ensure transparency and
compliance with the Open Records Act, preventing public officials from
using encrypted messaging apps to conduct official business in a manner
that evades public scrutiny.
- Status: Official guidance rather than a
formal law[4].
Colorado
Recommendation: Colorado Freedom of Information Coalition (CFOIC)
- Description: The Colorado Freedom of
Information Coalition has recommended that Colorado enact legislation
similar to Michigan's House Bill 4778. This recommendation follows
concerns about the use of encrypted and disappearing messaging apps by
public officials, which could undermine open government laws.
- Purpose: To ensure that public officials
do not use ephemeral messaging apps to evade disclosure requirements under
the Colorado Open Records Act (CORA).
- Status: As of now, this remains a
recommendation and has not been enacted into law[5][6].
Conclusion
While Michigan has enacted specific
legislation to ban the use of encrypted messaging apps by state employees to
ensure compliance with FOIA, Oklahoma has issued strong guidance against their
use based on existing open records laws. Colorado has recommendations in place
but has not yet enacted similar legislation. These measures are primarily aimed
at preventing the use of such apps to evade legal requirements for preserving
public records.
Citations:
[1] https://www.freep.com/story/news/local/michigan/2021/01/22/state-police-phone-apps-keep-text-messages-secret/4236305001/
[2] https://www.freep.com/story/news/local/michigan/2021/11/02/senate-bill-bans-michigan-text-encryption-apps-signal-foia/8564251002/
[3] https://lancasteronline.com/news/local/what-happens-when-elected-officials-use-encrypted-apps-lancaster-watchdog/article_941b7f1a-f32a-11ec-8c32-4353da18029c.html
[4] https://okcfox.com/news/local/oklahoma-officials-use-of-encrypted-messaging-app-raises-concerns-over-open-records-act-transparency-and-legality-gentner-drummond-signal-app-kevin-stitt-department-of-corrections-police-san-diego-phoenix-eugene-oregon
[5] https://coloradofoic.org/colorado-lawmakers-commit-to-stop-auto-deleting-instant-messages-with-other-lawmakers/
[6] https://coloradofoic.org/cfoic-report-colorado-should-bar-public-officials-use-of-disappearing-messaging-apps-for-official-business/
[7] https://alecmuffett.com/article/15362
[8] https://thehill.com/homenews/state-watch/580868-michigan-to-prohibit-lawmakers-from-using-messaging-apps-that-skirt-foia/
=-=-=-=-=-=
Section VI - Tips, Advice, & Suggestions
Using encrypted messaging apps can
significantly enhance your privacy and security. Here are some overall tips,
advice, and suggestions to help you use these apps effectively:
General Tips for Using Encrypted Messaging Apps
1. Choose the Right App
- Assess Your Needs: Different apps offer varying
levels of security and features. For example, Signal is highly recommended
for its robust security and open-source nature, while WhatsApp is popular
for its user base and ease of use[1][2][5].
- Check Encryption Standards: Ensure the app uses end-to-end
encryption (E2EE) to protect your messages from being accessed by anyone
other than the intended recipient[2][5].
2. Configure Security Settings
- Enable All Security Features: Turn on features like
disappearing messages, two-factor authentication (2FA), and encrypted
backups if available[3][4][8].
- Disable Cloud Backups: Cloud backups can compromise the
security of your messages. If you must use backups, ensure they are
encrypted[2][5].
3. Protect Your Metadata
- Use a VPN: A Virtual Private Network (VPN)
can help obscure your online activity, including the fact that you are
using an encrypted messaging app[2].
- Be Aware of Metadata: While E2EE protects message
content, metadata (such as who you communicate with and when) may still be
exposed. Choose apps that minimize metadata collection[2][5].
4. Maintain Device Security
- Keep Your Device Secure: Use strong passwords, biometric
locks, and keep your device's software up to date to protect against
malware and unauthorized access[3][8].
- Avoid Using Compromised Devices: If you suspect your device is
compromised, avoid using it for sensitive communications[3].
5. Verify Contacts
- Use Safety Numbers: Apps like Signal allow you to
verify safety numbers to ensure you are communicating with the intended
person and not an impostor[3].
- Regularly Re-Verify: Periodically re-verify your
contacts to maintain the integrity of your secure communications[3].
6. Be Cautious with Additional Features
- Limit Use of Extra Features: Features like link previews,
geolocation sharing, and GIFs can introduce vulnerabilities. Disable these
features if they are not essential[8].
- Avoid Hybrid Modes: Some apps support both encrypted
and unencrypted messaging. Stick to fully encrypted modes to avoid
confusion and potential security lapses[8].
7. Educate Yourself and Your Contacts
- Stay Informed: Keep up with the latest security
practices and updates for your chosen app[1][7].
- Educate Your Contacts: Ensure that the people you
communicate with also follow best practices to maintain the security of
your conversations[2][8].
8. Use Open Source Apps When Possible
- Transparency: Open-source apps like Signal
allow the community to audit the code, ensuring there are no hidden
vulnerabilities[3][5].
- Trustworthiness: Open-source projects are
generally more transparent about their security practices and data
handling policies[3][5].
Conclusion
Using encrypted messaging apps is a
great way to protect your privacy and secure your communications. By choosing
the right app, configuring security settings, protecting your metadata,
maintaining device security, verifying contacts, being cautious with additional
features, educating yourself and your contacts, and preferring open-source
apps, you can significantly enhance the security of your digital
communications.
Citations:
[1] https://www.hucu.ai/eight-tips-for-the-best-secure-messaging-app/
[2] https://dem.tools/blog/tips-using-common-secure-online-messaging-apps
[3] https://freedom.press/training/signal-beginners/
[4] https://quickblox.com/blog/what-is-secure-messaging/
[5] https://www.pcmag.com/picks/best-secure-messaging-apps
[6] https://sendbird.com/blog/secure-messaging-apps
[7] https://www.forbes.com/sites/davidbalaban/2024/02/18/security-factors-to-consider-when-choosing-a-messaging-app/
[8] https://usa.kaspersky.com/blog/what-makes-a-messenger-secure/28646/
=-=-=-=-=-=
Link to more information: https://www.perplexity.ai/page/encrypted-messaging-apps-pros-yLtduBDtT.2Hc4IRXYAbSg