European Commission: Personal cybersecurity via encrypted messaging

Signal is the messaging app that claims the highest level of personal cybersecurity: Why has the European Commission chosen this over other platforms?

Politico reported that ‘Signal’ will be the preferred App for messaging between employees of the European Commission, who are particularly susceptible to cybersecurity failures after the December 2018 data breach of the EU’s COREU. On an internal messaging board, employees were told that Signal has been chosen as “the recommended application for public instant messaging.” This recommendation speaks volumes about the institution’s stance on personal cybersecurity.

What’s wrong with current messaging platforms?

If you use WhatsApp, Facebook messenger or even something as vibrant as Instagram, then you will now be desensitised to speeches about how these platforms are truly susceptible to “man-in-the-middle” cyberattacks, designed to steal your data without your knowledge. Messaging apps that enforce end-to-end encryption causes concern for certain States who are attempting to gain legal access to encrypted data (most outspoken being the US, UK, and Australia.)

With the active theft of data, comes the buying and selling of sensitive information out of the mainstream. The bartering of digital habits, as seen in the Cambridge Analytica Scandal, can turn the tide of an election. It makes sense that the European Commission is strengthening itself as a functioning, constant communicating body of powerful individuals who have insight into the actions of States.

In October 2019, Amnesty International discovered a series of targeted digital attacks on Human Rights Defenders through WhatsApp. The spyware used to track Jamal Khashoggi to the Turkish embassy where he was murdered came from an innocuous message on WhatsApp, allowing his killers to track his messages, geographic location and all other data. In a statement, WhatsApp said:

“In May 2019 we stopped a highly sophisticated cyber-attack that exploited our video calling system in order to send malware to the mobile devices of a number of WhatsApp users. The nature of the attack did not require targeted users to answer the calls they received.”

The security of communications between Commission employees and who they speak to outside of EU infrastructures becomes crucial when framed against targeted attacks like this. Experts explain that these attacks are relatively easy to engineer, if the platform being targeted is missing an innovative encryption system.

Writing for OAG about cybersecurity, Senior Threat Evangelist at F5 Labs, David Warbuton said:

“Today, even a teenager can create botnets in 45 minutes by watching a YouTube tutorial, and there is a glut of DDoS-for-hire sites available on a shoestring.”

What is the Signal messaging app?

Moxie Marlinspike is a cryptographer and computer science researcher who founded the Signal Messaging app, after spending some time working at Twitter as head of security. He co-authored the Signal Protocol encryption, which is used by messaging platforms as prolific as Skype and Facebook itself. Amazingly, the Signal platform is also open source, meaning that anyone can take a look under the hood and understand what the app can do.

Speaking to Wired earlier this month, Marlinspike said:

“The major transition Signal has undergone is from a three-person small effort to something that is now a serious project with the capacity to do what is required to build software in the world today.”

WhatsApp co-founder Brian Acton, donated $50 million into the development of Signal Protocol encryption, financial testament for how he clashed with Facebook’s leaders before leaving his role there. Marlinspike may be the first high-profile individual to engineer a social media platform that takes off, without knowing what their users are even saying to one another. According to their website:

“Signal conversations are always end-to-end encrypted, which means that they can only be read or heard by your intended recipients. Privacy isn’t an optional mode — it’s just the way that Signal works. Every message, every call, every time.”

As digital security becomes even more omnipresent as a topic, we will see how other State institutions arm themselves.