Your Industry  

App encryption: R U protected?

But these are not the only actors who can get access to your unencrypted messages.

In questions of employee wrongdoing, it is common for employers to require access to corporate phones and devices.

Civil courts are now used to granting orders for individuals to hand over personal phones and devices, with their passcodes, during investigations of financial crime, harassment, the theft of trade secrets or regulatory breaches.

In almost all litigation, relevant messages must be considered for discovery no matter where they are written or stored.

As civil investigators, when we review the content of phones, we do so in a manner that provides protection to the individual’s right to privacy, and in compliance with applicable laws, including the EU’s General Data Protection Regulation.

Typically, the requests come to us as a result of a court order where the required steps are explicitly stated.

Normally, all messages are loaded into a review tool that records every step taken within it, and then only messages that involve a carefully chosen group of counterparties, and/or those that only involve a set of keywords are reviewed.

If a messaging service, such as WhatsApp, has only been used for truly private purposes, none of those messages will appear when we review that way.

Such methodology helps to ensure our review is proportionate and does not infringe the individual’s privacy rights, while still ensuring that a comprehensive search has been undertaken.

Protect yourself

An individual’s legal right to privacy has increased over the years, and rightly so.

However, the attentive reader will note that this is the protection an individual has from having their messages read, rather than any specific security measures such as end-to-end encryption.

What protection does end-to-end encryption offer? Well, it is fundamentally a way of making it harder to read intercepted messages.

Interception of messages, such as probes and wire taps, is the almost exclusive preserve of intelligence agencies and law enforcement.

So, does WhatsApp and other similar encryption apps offer protection from intelligence agencies and law enforcement?

I don’t think so. It makes life more difficult for them, but most have already adapted their methodologies to work round this.

They are more likely to physically seize your phone, or that of your counterpart, or to launch a cyber attack against your handset and get your messages that way.

And frankly, if these are the people you are worrying about getting hold of your messages, you are better off just putting the phone in the bin.

So where does that leave us?

Well, as law-abiding citizens I would not worry too much, except to be careful what you write about colleagues, clients and opponents, as they may one day be read by them.