The Electronic Frontier Foundation (EFF) released its Secure Messaging Scorecard for secure private messaging, evaluating dozens of messaging technologies on…
EFF Technology Projects Director Peter Eckersley said:
"The revelations from Edward Snowden confirm that governments are spying on our digital lives, devouring all communications that aren't protected by encryption. Many new tools claim to protect you, but don't include critical features like end-to-end encryption or secure deletion. This scorecard gives you the facts you need to choose the right technology to send your message."
Produced in collaboration with Julia Angwin at ProPublica and Joseph Bonneau at the Princeton Center for Information Technology Policy, the Secure Messaging Scorecard is part of a new EFF Campaign for Secure & Usable Crypto. EFF Staff Attorney Nate Cardozo said:
"We're focused on improving the tools that everyday users need to communicate with friends, family members, and colleagues. We hope the Secure Messaging Scorecard will start a race-to-the-top, spurring innovation in stronger and more usable cryptography."
I think the most important keyword is "usable," and I praise the EFF for emphasizing the importance of easy to use cryptography products. We had PGP for nearly a quarter of a century now, but using PGP - installing the software, creating and storing keys, and signing/encrypting messages in a favorite third party email application - is much too complex for most Internet users today. In the 90s, Internet users were visionary libertarian geeks - not only we could learn PGP quickly, but we also had a lot of fun learning it. Today, half of the planet is on the Internet, including a majority of people who couldn't care less about technical implementation details. Using Tor to create a mailbox that can't be easily tracked back to your real identity is not that hard, but it does require a learning curve, time and attention.
Another important difference between today and the 90s is that, today, communications are migrating to cell phones (sometimes I wonder whether teens even use email at all these days). In particular, cell phones are the standard and often the only means to access the Internet in many regions of the developing world. This is reflected in the emphasis on mobile messaging apps in the EFF scorecard.
At this moment, six tools score all seven stars: ChatSecure, CryptoCat, Signal/Redphone, TextSecure Silent Phone, and Silent Text. The last two are commercial products of Silent Circle, co-founded by PGP creator Philip Zimmerman.
One reason easy to use mobile cryptography products are important, is that more people will use them, which is key to protecting everyone's privacy. If only a few people use cryptography, the authorities will assume that they have something to hide, and go after them. But if large masses of people use cryptography routinely, the authorities will be forced to give up, and perhaps understand that we don't want to live under constant surveillance.
What do you think about the importance of private and secure communications? Comment below!
Images from EFF and Shutterstock.