Operation Dunhammer: Wiretapping is a Net That Traps Us All

When the government spies on citizens, we usually don’t find out until years later, if at all. In 2013, whistleblower Edward Snowden famously pulled back the curtains to reveal the size and scope of the US National Security Agency spy apparatus.

Society spent years digesting the news and considering the implications of an institution with so much power and access to eavesdrop on its own citizens. Therefore, it might be surprising to learn that the NSA spy apparatus was even more far-reaching than it appears.

Spying on European Leaders, Sharing with Europe

Governments aren’t supposed to spy on their citizens, and they definitely aren’t supposed to eavesdrop on politicians and residents of allied countries, either. Yet, a recent report lays out how the NSA collaborated with the Armed Forces Intelligence (FE) to use Danish internet cables to spy on important heads of state, top politicians, and high-ranking officials in Germany, Sweden, Norway, and France.

A 2015 internal investigation known as Operation Dunhammer revealed the extent of the spying and the nature of the collaboration between the two agencies, which took place between 2012-2014. Using a secret computer called XKeyscore, the US searches, analyzes, and collects global Internet data continually.

If foreign governments spying on their own citizens and world leaders wasn’t bad enough, the NSA has shared data gathered by XKeyscore with other intelligence agencies from New Zealand, Canada, Australia, the UK, Japan, and even Germany.

Denmark’s Defence Minister, Trine Bramsen, told the Danish public service broadcaster that “systematic wiretapping of close allies is unacceptable.” Actually, espionage is widespread and, in practice, accepted all the time, so long as it’s accompanied by a public condemnation once it’s made known.

That the NSA spied on Germany and shared intelligence data with them highlights how give-and-take international spying really is. How can a country object to such data gathering when used against them while actively collaborating with the same intelligence service?

Angela Merkel is among Europe’s most powerful leaders, and not even she was immune from having her text messages and phone calls intercepted. Indeed, the more valuable your communications are, the more likely they are to get targeted.

Not Just World Leaders 

The NSA eavesdropping on politicians and world leaders inevitably ensnares ordinary people, some of whom have excellent reasons for requiring privacy. Politicians need to communicate with a cross-section of the public, so, with the help of FE, the NSA intercepted conversations with people who contact politicians from a range of backgrounds.

What if a person is illegally hiding because they’re persecuted in their home country? What if a journalist needs to discuss sensitive issues? It could be political activists, opposition politicians from foreign countries, and countless others. 

Indeed, the NSA engages in such widespread wiretapping to maximize the communications intercepted. Relying on encrypted cell phone communication is the only way citizens and even high-ranking politicians can stay above the fray and ensure their messages, emails, and phone conversations don’t get intercepted.

Fallout Since the Scandal

In June 2021, France’s Europe Minister Clement Beaune spoke to France Info radio about the fallout since the Operation Dunhammer scandal became public. “It’s extremely serious,” he said.

“We need to see if our partners in the EU, the Danes, have committed errors or faults in their cooperation with American services…between allies, there must be trust, a minimal cooperation, so these potential facts are serious.” Notice, the objection expressed is not over spying in general, but the levels of cooperation and trust in espionage.

It’s not clear if the Danes knew the US was using their cables for spying on neighbouring countries. Other allegations need to be verified, and officials from Germany and other European nations offered measured statements stressing the need to figure out precisely what happened while condemning what appears to have occurred.

Everybody knows that countries spy. American politicians may worry about the diplomatic consequences between allied nations after having been caught. But the US has had a broad wiretapping service in place for years and even tapped Merkel’s mobile phone. If the Danish-US spying story is confirmed, the NSA carried out its spy program before and after Snowden blew the whistle on it.

Moving Forward

It’s essential to take a slow and sober look at this story and determine what exactly occurred. But there’s nothing encouraging here for ordinary people with fears over privacy concerns.

The NSA does not appear like it’s about to reverse course, let alone slow down its spy program, and France and the other European countries will likely resume their relationship with the US as if nothing happened once the headlines die down.

Amid all the very pressing international news concerning COVID-19 and conflicts, Operation Dunhammer wasn’t exactly the main story on the newspaper’s first page. However, the story itself is a new revelation about spying that took place years ago, and maybe it would have got more traction had the events themselves been new.

One person whose notice it didn’t escape is Edward Snowden himself, who pointed out on Twitter that: “Biden is well-prepared to answer for this when he soon visits Europe, since, of course, he was deeply involved in this scandal the first time around.”

If these politicians were using ChatMail device encryption on a hardened phone, they would have been safe against the NSA and other hackers or international spy agencies. It’s impossible to discover that you need this level of security until it’s too late. If even allied nations spy on their friends, who exactly is safe?

Please read this encryption guide to understand how Myntex products use military-grade encryption that can’t be decrypted and several secondary security features to fill any potential vulnerabilities. Foreign intelligence services don’t have a pressing need to intercept your phone records. Still, they eavesdrop on countless ordinary people every day, and even people with a dedicated service of bodyguards don’t have secure communications. So take care of your online privacy now because, by the time you realize it’s necessary, it’ll be too late.

Myntex Partners with Chic Geek to Boost Gender Diversity in Tech

In the gap between opportunity and the limitations that society’s uphold, womxn often find themselves on a different footing than their male counterparts – especially in the workplace. Historically, the tech space has been male-dominated, and many of the same barriers in place then are still here today. Reasons like this explain why only 14% of coders are womxn.

Myntex is passionate about full device encryption and coding, and we strongly believe in eliminating systemic barriers to increase access in the tech sector. We want our industry to be open and welcoming and think that, given technology’s importance in society, everyone must shape it together.

Myntex is proud to announce that we are partnering with Chic Geek, a non-profit that boosts gender diversity in the tech sector. You may have noticed above the spelling “womxn.” We have adopted Chic Geek’s preferred spelling in solidarity and because it’s meaningful. They explain the significance behind the spelling as follows:

“womxn: pronounced [wim-in] – Chic Geek uses womxn with an “x” as an intersectional and inclusive definition that embraces trans, gender queer and non-binary individuals. We use the ‘x’ as a reminder that gender identity is a vibrant, beautiful spectrum and we welcome all women-identifying individuals and allies.”

Nobody should be marginalized, and businesses have an obligation to address systemic biases proactively. On a more fundamental level, we want to help our colleagues map out their lives and do their best work. Everybody loses when gender diversity remains entrenched and unaddressed.

We usually use this space to look at Myntex encrypted communication and developments in the news relating to encryption, but let’s take a closer look at the gender disparity problems Chic Geek is trying to address and their approach to solutions.

For Women, the Talent Funnel in the Tech Sector is Leaky

There are many signs that womxn in the tech sector face unique struggles that impact their career. Only 25% of tech jobs are held by womxn, a figure which hasn’t changed in the last ten years.

About half the womxn who enter the tech sector quit prematurely, usually in their 30s or 40s. It would be wrong and misleading to assume that womxn leave these fields for things like increased work-life balance or family reasons.

The reality is more disturbing. According to Harvard Business Review’s Sylvia Ann Hewlett, as much as 63% of womxn who worked in science, engineering, and technology report experiencing sexual harassment on the job. Machismo, perhaps more generally known as “toxic masculinity,” is a threat to the lives and careers of womxn, which takes many forms.

Womxn who work in male-dominated tech environments talk about facing demeaning and condescending attitudes, sexual innuendo, off-colour jokes, and other problematic everyday behaviours, which only compound and grow worse the more frequently they occur.

While the percentage of womxn employed across all job sectors in the US grew to 47%, in the five largest tech companies (Amazon, Facebook, Apple, Google, and Microsoft), womxn make up only 34.4% of those hired. Considering the social, economic, and cultural impact these companies have on the world at large, it’s not an overstatement to say that sidelining womxn at tech companies effectively sidelines them from the world.

A study conducted by Indeed found that the main reason womxn leave their technology jobs is lack of growth opportunities, as indicated by 28% of respondents. They may find jobs, but they plateau over time without greater chances for economic and professional growth.

When womxn are few in a work environment, it leads to other harmful trickle-down effects, such as no female mentors, role models, or even friends. Our guide to encryption gives people insights about their digital security, but without people who understand the workplace issues womxn face, nobody is there to help them navigate their way through.

Chic Geek Career Pathing

Tackling such a diffuse and widespread problem as fixing gender diversity in the workplace may seem daunting, but people worldwide are trying. Chic Geek has already accomplished much through its initiatives to engage companies and institutions to help womxn see more career visibility.

For example, Chic Geek’s Career Pathing is an online program where womxn with intermediate jobs in the tech industry have a 30-minute conversation with someone a few steps ahead of them but in a similar career journey. Such an approach helps womxn find new possibilities, opportunities, growth areas, and strategic connections.

It’s crucial for everyone to explore their career path deeply, but womxn simply aren’t as able to come in contact with a female colleague with first-hand tech experience to offer meaningful guidance. Just like knowing that choosing Myntex encrypted communication keeps the hackers away, you need the right access to people with experience and insight to be in your corner.

Chic Geek makes it easier for every womxn to find their community and grow their confidence.

The Business Case for More Gender Diversity

While gender diversity is a human rights issue, there are also self-interested reasons why companies should pursue it. A 2020 report from McKinsey found that diverse companies perform better, hire better talent, have more employee engagement, and retain workers better than companies that do not focus on inclusion and diversity.

Even if a tech company is not motivated to address gender inequality for ethical or social principles, the business case speaks for itself. Put another way: there is money to be made by eradicating gender discrimination from your company.

Society needs to pursue multiple approaches to removing systemic gender barriers at once, and thankfully that is already underway. It’s great to see more girls and young womxn encouraged to take up STEM skills in school, but it’s also crucial to retain the womxn already in the tech sector by keeping them happy and driven in their work.

Why Should New Technology Create New Vulnerabilities?

When you think about it, isn’t it odd that companies pay millions in settlements and suffer devastating reputational damage because of breaches only made possible by the very latesttechnology? The means of transmitting information decades ago might have been much slower before digital technology took off, but it was also much harder to intrude on people’s private conversations.

Today’s communication devices are beautiful aesthetic achievements that offer a dazzling user experience, and they control seemingly every aspect of modern life. Just because technology makes something easy to do does not mean it’s secure enough to do!

Billions of people use smartphones every day, and their ubiquity is enough to lull people into a false sense of security. How risky can they be if everyone uses them, especially if they’re protected by “end-to-end encryption,” right?

Right now, your digital privacy rights can be undermined by both illegal and legal means, underscoring just how vulnerable phones without military-grade encryption are to a breach. It’s complicated, but understanding encryption and how hackers pose one type of threat is crucial. Still, the legal backdoors that governments give to police and military institutions in the name of security pose a different kind of risk altogether.

Around the world, the tension between digital privacy rights and national security is being settled in courtrooms.

Smartphones put people face to face instantly — they’re part of the fabric of modern life, and business can’t proceed without them. But new technology without industry-leading device encryption creates new vulnerabilities.

In a globalized world, a government that systematically undermines encryption in one country is a problem in all of them.

Brazil’s Encryption Backdoor 

Brazil’s Supreme Court has not submitted its final decision regarding whether “end-to-end encryption” is legal in the country after WhatsApp was suspended for not complying with judicial orders requiring the company to submit decrypted data.

The outcome of the case will determine if encryption itself is legal and, if so, should companies that provide encryption be required to give backdoor or access to the authorities when required. In other words, even if encryption is deemed legal, the government may still compel companies to hand over people’s encrypted communications anyway.

Forcing companies to decrypt communications and give them to the government undermines and even subverts the entire purpose of encryption, but it also creates other security vulnerabilities. What if an unauthorized third party sneaks in a backdoor meant for the government?

The battle over encryption is at the heart of online regulations. Brazilian President Bolsonaro himself has spewed wild COVID-19 misinformation, even though the virus has killed over 400,000 Brazilians, and has filed criminal charges against reporters like Glenn Greenwald for uncovering corruption.

The idea of assisting legal authorities in national security sounds laudable, but compromising privacy rights is equivalent to eliminating them — either there is encryption, or there isn’t. It’s easy to underestimate how data is collected by the government and other parties, so handing over privacy rights to a politician with Bolsonaro’s history outlines how quickly legal powers can be abused.

Encryption in India

India’s Madras High Court, one of the country’s three High courts, has considered WhatsApp’s role in spreading disinformation and cyber-bullying, a major problem in the country. Tamil Nadu’s advocate general argued that end-to-end encryption is not essential and that WhatsApp should fingerprint each communication.

The courts want the ability to trace back every communication made on any platform and try to argue that this is compatible with the goals of encryption and privacy. The status of encryption protection is like Free Speech rights, but for software.

India’s Prime Minister, Narendra Modi, has forced social media companies like Facebook and Twitter to remove posts that criticize the government. Anyone hoping that this government would respect privacy rights concerning encryption over national security has only to see how Modi uses strong-arm tactics to control messaging in the social media landscape, where an army of “IT strategists” who work for the Bharatiya Janata Party has very close links to Facebook employees.

India has genuine national security concerns, but it’s easy to imagine that the Modi government will sidestep encryption protections with partisan politics in mind, then invoke “national security” as an excuse. Indeed, the Modi government was accused of spying on citizens in 2019, using an Israeli spyware company to access citizens’ WhatsApp messages, calls and even turn on their phone’s microphone and camera.

Encryption and Terrorism in the EU

Courts in the EU are drawing closer to banning end-to-end encryption on platforms like WhatsApp and Signal in the wake of terror attacks in the late part of 2020.

The EU said in a leaked draft resolution that “competent authorities in the area of security and criminal justice” needed to exercise their lawful powers in the course of their work and rely more heavily now on “accessing electronic evidence.”

Like elsewhere, online security experts in the EU reiterate that governments can either uphold privacy rights or deliberately give backdoor access to the authorities, but not both. ProPrivacy’s Ray Walsh outlines the various kinds of threats: “Removing strong end-to-end encryption creates vulnerabilities that can be exploited not just by the EU government agencies, but also by anybody — hackers, cybercriminals, and state-sanctioned operatives from other countries.

In other words, the compromised encryption laws that governments are leaning towards to strengthen national security may deprive citizens of their privacy rights while also creating new ways to weaken national security.

Business moves at a rapid pace, and no company can afford to get left behind. But executives who cut corners and take security risks by using free apps to make deals will only realize the errors of their ways when it’s too late.  

When it comes to technology, it’s wrong to conflate sophistication with security. Indeed, some phones with very dazzling features and seem very impressive, and these might pose the largest opportunity for a security breach. Thankfully, industry leaders make an encrypted cell phone that can keep up with the pace of modern technology that requires no technical expertise to use, so it’s easy to prevent a data breach no matter what world leaders or international courts decide.

WannaCry: What Was it, How Did It Spread, and How Can You Stay Protected?

Credit: Vishnu_KV via Pixabay https://pixabay.com/illustrations/ransomware-wannacry-malware-2318381/

Imagine if scammers could hack computers worldwide and demand a ransom in a cryptocurrency from their victims. Actually, you don’t need to try to picture it, as it already happened in 2017.

A hacker collective known as “The Shadow Brokers” launched a devastating ransomware attack in May 2017 targeting people using the Microsoft Windows operating system. “WannaCry” encrypted their information and only returned access after the hackers had been paid a ransom in Bitcoin cryptocurrency.

As many as 200,000 computers in 150 different countries were affected, costing anywhere from hundreds of millions of dollars to billions. The attack was so vast that it made news headlines everywhere, so you probably remember it broadly. It transcended personal computers, affecting kiosks and large display terminals.

Let’s take a closer look at the WannaCry attack to better understand how it could spread so far, do so much damage, and how encrypted communication can keep you protected from something similar moving forward.

What Exactly Was WannaCry?

At first, news agencies reported that WannaCry was spread through a malicious spam campaign, as is often the case. It was an easy mistake to make, but the real story turned out to be considerably worse.

The WannaCry worm was spread by an operation that seeks out vulnerable public-facing SMB ports, then uses two exploits created by the National Security Agency, EternalBlue and DoublePulsar, to get on the network and establish persistence and allow for the installation.

An exploit technique known as “heap spraying” injects shellcode into vulnerable systems. Bits of source code reviewed by Malware Byte Labs determined that this is how the malware worked:

  • The malware sends an SMB Echo request to the intended target
  • Sets up the exploit for the machine architecture
  • Performs SMB fingerprinting
  • If successful exploitation occurs, then it’s in
  • If not, the malware pings the backdoor to get an SMB reply
  • If the backdoor is not installed, the malware gets uploaded

It can be difficult to discuss complicated technical issues related to coding in a way that does them justice while also being understandable. Basically, the hackers exploited backdoors created by the NSA.

The US Department of Justice officially blamed North Korea for the hack, with Canada, New Zealand, Japan, and the UK standing by this assessment. North Korea denies any involvement in the cyberattack.

The day after the first attack, Microsoft released emergency patches for end-of-life products Windows XP, Windows Server 2003, and Windows 8. Days after, British researcher Marcus Hutchins found a killswitch that prevented infected computers from spreading the malware further.

As bad as the malware attack was, it could have been much worse.

How to Avoid Becoming a Malware Victim

WannaCry couldn’t spread like wildfire or wreak such havoc had it not been for backdoors which the NSA created and the hackers then weaponized. Microsoft president Brad Smith called on countries worldwide not to log flaws in the coding that bad actors could use as digital weapons.

Countries need a national response because hackers can target public infrastructure and cause damage that impacts the economy. But as we’ve seen, sometimes a country has conflicting goals, and the backdoors they create for purposes of national security come back to bite them.

That’s why what society at large could do to prevent such an attack from occurring is not the same question as what companies or people can do right now to keep themselves safe. Private individuals or businesses need to guard their privacy at all costs — there is no second prime directive.

There are certain precautions that, if taken, would have protected someone who was otherwise vulnerable. They could have downloaded every Microsoft update, disabled unnecessary protocols, and segmented their networks to keep a potential infection more contained.

But these are half-measures. Doing all of them could have prevented the WannaCry ransomware from spreading. Military-grade encrypted phone calls and emails would have made anyone impervious to WannaCry, since the backdoors that permitted that malware wouldn’t have existed on any such device.

“Encryption” can’t be secure if there’s potentially a backdoor, and that is often the case with encryption that comes with free communication platforms, even if it promises to offer “end-to-end encryption.” Likewise, governments around the world are locked in a tense stand-off between, as they frame it, national security and privacy rights.

European and North American governments claim they can offer both, but that’s proven impossible. In practice, the measures taken in the name of national security compromise people’s digital privacy rights, even when enacted with the best intentions. The government may not be the ones violating citizens’ privacy rights by eavesdropping or collecting data, but they may inadvertently leave an opening for hackers to exploit. 

Credit: geralt via Pixabay https://pixabay.com/illustrations/cyber-attack-encryption-smartphone-4444448/

You can see here how national security always wins out over privacy rights, as for five years, the NSA did not alert Microsoft about the vulnerabilities they had created in the form of EternalBlue or DoublePulsar. They only did so after the breach occurred — in other words, after it was too late.

That’s why Myntex protection is designed to keep users’ data safe, no matter how local legislation in any region evolves. Laws may change, but the need for privacy does not.

Not all hacks or malware attacks are this disruptive or widespread, but you can’t anticipate how large or powerful they’ll be. Most people know their business much better than they understand coding or digital security. They just want to know that they can carry out their profession without leaving their company, clients, customers, or themselves vulnerable.

Check out these educational resources to learn more about how encryption works and find helpful tutorials, downloads, and software updates. People across sectors need meaningful digital security for different reasons, and it’s impossible to operate surefootedly when digital extortion is always a risk.

Modern business productivity tools keep you safe from ransomware attacks, and you don’t need to be a technical specialist to use them.

What Exactly is Spyware?

Thankfully, people are on heightened guard to keep their communications secure from hackers and identity thieves. We’ve all seen companies and even political parties suffer high-profile data breaches, and awareness of the risks out there is good because there are multiple threats out there, and they aren’t all the same.

It’s a safe bet that anything with the suffix “ware” is bad news, but having a better understanding of the specific threat can help you stay safe.

“Spyware” is a unique risk that can permanently compromise your phone, so let’s learn more about it now.

Different Types of Trojan Horses

The poet Virgil describes in The Aeneid the story of the ancient Trojans, the ancestors of the Roman civilization. The Greeks appeared to have sailed back home after a long siege, and all that remained was a large wooden statue of a horse — the Trojans wheeled it inside their gates, thinking it a trophy of war, and at night the Greek soldiers hiding inside crept out and sacked the city as it slept.

When it comes to spyware, a Trojan is a type of malicious code that looks legitimate, but can take control of your computer. A Trojan disguises itself as something the user wants, and after it’s downloaded, it can damage, disrupt, steal data, or inflict other harms on you.

Have you ever seen a suspicious email from someone you don’t recognize asking you to click a dubious link? Such emails could very well be a cybercriminal trying to lure you into downloading the Trojan. Unlike a computer virus, a Trojan can’t replicate itself on your device.

It can only get onto your computer or phone if you open the door. Once a Trojan is inside the gates, you can’t get it back outside, and the danger is irreversible. Likewise, once your phone is compromised with a Trojan, it’s better to throw it away and buy a new one.

There are multiple types of Trojan, and all of them are dangerous. A Ransom Trojan seeks ransom money from the user and will bar access to their own device until they pay. A Remote Access Trojan can give the hacker control over your device and steal your information and spy on you.

Some Trojans are designed specifically for phones. An SMS Trojan can send and intercept text messages. Apart from stealthily compromising the security and confidentiality of your messages, they can message premium-rate numbers and drive up your phone bill.

A person may have a Trojan on their cell phone without knowing it and carry on indefinitely as if everything is normal.

Law Enforcement Uses Spyware?

Trojans aren’t only used by cybercriminals. In fact, law enforcement agencies in places like Germany have used them to sidestep encryption and eavesdrop on suspected individuals. Security gaps on people’s phones left them susceptible to what police grimly and euphemistically call “source telecommunication surveillance.”

Federal police used Trojans to access information stored on smartphones. For “operational reasons,” they refused to say the extent to which they use spyware to listen in on private citizens.

Spyware can monitor the most sensitive data on your phone, including:

  • Call history, including phone numbers, dates, and length of calls
  • Contacts
  • Texts messages, even phone number and SMS content
  • Photos
  • Internet browsing history and bookmarks
  • Emails downloaded to the phone

That criminals and law enforcement alike both use spyware only reinforces how many people are potentially trying to access sensitive information and how varied the threats are. Cybercriminals are dangerous when they know how to weaponize spyware, but at least they don’t have the protections and resources of the state behind them.

How Do You know if Your Phone has Spyware On it?

Spyware is a trap that must be cloaked for as long as possible for it to be effective. By design, it’s hard to tell when spyware has infected your phone. If the victim knew their device was compromised, they’d use a new phone and put an end to the threat.

If your phone is infected with spyware, you may notice it gets hot, or the battery quickly drains when you’re not using it. However, these things could be attributed to other perfectly innocuous reasons, such as the phone is simply getting older.

You may also see unexpected notifications or startup and shutdown times that are longer than usual. Ultimately, if you’re in a position where you’re unsure if you have spyware on your phone, you haven’t taken your cybersecurity seriously enough in the first place. Using a ChatMail phone is an effective way to know you’re free of spyware.

How to Steer Clear of Spyware

Safe habits are crucial to keep everyone’s sensitive information private. There are a few basic things you can do to reduce the odds of encountering spyware.

  • Avoid unsafe websites: if security software indicates a site may not be safe, close the window
  • Be skeptical of strange emails: don’t open a link from an email address you don’t recognize
  • Don’t download software or programs unless you trust the publisher
  • Never click on pop-up windows promising free stuff or helpful services

Taking the above precautions should be engrained in your daily habits and your colleagues’ too. If somebody in your office gets their phone compromised, it could directly affect you or your business. Organizations are only as strong as their weakest link, so everyone has a role to play in cybersecurity.

Keeping up with cybersecurity risks is often a game of cat and mouse — people who use spyware try to find new weaknesses to exploit, while cybersecurity experts keep vigilant, trying to anticipate and patch up any security holes before they become problems. In addition to taking basic steps to avoid falling into a trap, platforms using ChatMail help people communicate confidently without fear of spyware or other security vulnerabilities.

For peace of mind and business stability, the best encrypted phone provider lets you stay connected without worrying about all the threats out there, including every form of spyware. Don’t hesitate to contact us today to learn more about our secure platform.

Your Guide to Understanding Encryption

Phrases like “end-to-end encryption” are thrown around so commonly today that one would think everyone has in-depth knowledge of encryption. Encryption is a ubiquitous term but a complex subject.

To be sure, the average person doesn’t need to have expert knowledge about the ins and outs of encryption to safeguard their privacy, just like you don’t need to understand how a combustion engine works to drive a car.

However, sometimes mechanical skills do come in handy, and understanding the basic concept of encryption will help you appreciate what separates military-grade encryption from the popular platforms promising to be secure. Let’s look at what encrypted communication is and how it works.

Encryption, the Basics

When data is stored on a computer, the Cloud, on the phone, or transmitted across the internet, encryption is what keeps it confidential. Encryption transforms data into indecipherable text that looks like gibberish, and only authorized people with the right decryption key can render the text into a readable format.

Usually, the length of this code is what determines whether the encryption is “strong” or “weak.” Historically, 40-bit encryption keys were standard. They had one billion possible keys and combinations. While this may sound secure, even a common home computer from 2014 could crack this in a matter of two weeks.

Today’s 128-bit keys are exponentially more secure. If one billion permutations seemed large, the full number of possible keys and combinations on a 128-bit key is worth writing out in full: 340,000,000,000,000,000,000,000,000,000,000,000,000.

However, robust security entrusted to safeguard national security secrets requires more than just a long bit-key. Aside from short key length, implementation flaws, weak algorithms, and bad passwords can also compromise the encryption’s ability to protect your data.

What is Encryption Used For?

While it’s common for people to associate encryption with smartphone technology and cybercrime, more primitive forms of encryption have been around for a long time, even dating back to Ancient Egyptian hieroglyphics! It makes more sense to consider encryption in its current context, as the world revolves around digital technology, and encryption is at the heart of what keeps it secure.

Governments everywhere use encryption for safeguarding vast swathes of the economy, critical infrastructure, and national security. On a smaller scale, private individuals in positions of power use encryption (or ought to!) to ensure that nobody can access confidential communications to facilitate blackmail, corporate sabotage, identity theft, and other crimes.

Is Encryption Legal in Your Country?

There is currently a legal debate brewing between some well-intentioned people who want to give law enforcement access to encrypted communications and those who understand that building in any weakness in the encryption fatally undermines everything encryption is meant to protect — i.e., the bulk of modern society. 

Unlike its Western Five Eyes allies, Canada has traditionally refused to adopt or advance a reckless encryption policy that required private companies to build weaknesses into their cryptographic algorithms intentionally.

According to critics writing in outlets like Citizen Lab, The federal government’s attitude changed in 2019, aligning with major Western countries wanting some type of access to encrypted communications.

Down in the US, there is a heated, ongoing legal debate about how to reconcile law enforcement demands to access communications against the need for privacy rights for citizens, companies, and even government agencies.

The EARN IT act is ostensibly a crackdown on child sexual exploitation online, but critics warn that it threatens to erode badly-needed protections that society depends on. While this bipartisan proposition doesn’t explicitly oppose encryption, you don’t need to read much between the lines to understand that backdoor access to online communications is incompatible with secure encryption.

Tech leaders like Google, Facebook, Microsoft and others have pledged to follow the “voluntary principles” that were set out to curb predation online, but it’s still undetermined how exactly the government will draw the line between law enforcement’s need to peek behind the encryption and civil society’s need for security.

Even if you were to accept in principle that the government should be able to bypass encryption laws, the opening that gets left for them to do so could be exploited by malicious third parties. Legal questions about encryption are not just a matter of philosophy or even the law; it’s nearly impossible to discuss on a serious level without making very strict and technical definitions.

As always, the devil is in the details. With a new presidential administration in the US, they may take a new tack on encryption. Though with Australia and the EU seemingly at war with encryption, and considering the EARN IT act was supported by senators from both parties, the writing could be on the wall.

In the meantime, industry leaders like ChatMail Secure continue to provide state-of-the-art security, flexibility, and responsive customer service.

Why You Need Encryption

The legal and technical battles have enormous implications for the average citizen. COVID-19 has only accelerated the rate at which people have moved online, from Zoom calls to ecommerce.

The average person may not fear hackers or identity thieves are targeting them. Still, everyone has sensitive data that could be exploited by hackers to make a lot of money via identity theft, fraud, and even ransom. The global conversation around encryption involves complex legal and technical problems, but the way these questions are resolved will have an enormous impact on ordinary people’s everyday life.

Somebody falls victim to cybercrime every 39 seconds, and eventually, this person could be you, or it could be someone linked to your company. In our digital, interconnected world, people who work in banking, finance, journalism, defence, the energy sector, and a range of activists have a direct need to keep sensitive communications private.

There are fascinating success stories about encryption that demonstrate how safeguarding communications can be a matter of life or death.

Everyday smartphone users must get a more nuanced understanding of how encryption works and not automatically trust that “end-to-end encryption” is fully secure. Here are some Myntex resources that will help you better understand how our products address contemporary security needs. Genuinely secure platforms exceed the data security offered by WhatsApp and Signal to allow everyday users to get the best security on the market without having to understand complicated technical matters or follow evolving legal questions.

International Encryption Laws Are Weak and Subject to Erosion

Everyone agrees privacy rights are essential, but figuring out exactly where to draw the line between total privacy and granting government agencies access to private communications is more problematic. The two sides don’t see eye to eye, despite appearing to agree about the importance of privacy.

Governments claim that they need to bypass encryption protections for the sake of national security. Privacy advocates fear that, however justifiable the need for security is, setting a precedent of sidestepping encryption creates an opening that can be abused by the government as well as opportunistic hackers.

Existing encryption laws are weak or poorly defined, and even citizens who live in countries that currently enjoy robust privacy protections can’t necessarily depend on the laws staying intact. Laws are always in flux and can be weakened anytime.

Indeed, there are signs that legal protections associated with end-to-end encrypted messaging are being undermined in Europe right now.

EU Draft Council Encryption Resolution

In November of last year, the EU Draft Council Resolution on Encryption pushed for laws that would give the government increased access to encrypted messages without really saying how. They don’t claim to be fighting end-to-end encryption, but critics warn that’s precisely what they’re doing.

While the text is just a draft policy paper, privacy advocates have cause to worry. Text from the resolution does anything but assuage people’s fears:

“Encryption is a necessary means of protecting fundamental rights and the digital security of governments, industry and society. At the same time, the European Union needs to ensure the ability of competent authorities in the area of security and criminal justice, e.g. law enforcement and judicial authorities to exercise their lawful powers, both online and offline.”

The resolution fails to address in any concrete terms the legal criteria or burden of proof governments would need to demonstrate before they could access encrypted communications.  Perhaps even more problematically, the resolution contains no technical explanation for how the government could have a back door into encrypted communications without leaving a gaping security vulnerability nefarious parties could exploit.

In the above quote, “competent authorities” refers to law enforcement agencies with competence in their field, not in technical matters involving encryption, which are well beyond a government official’s domain knowledge.

A well-intended law enforcement agent with a justifiable need to access encrypted communications may accidentally create the conditions for flagrant privacy infringements by opportunistic hackers or other nefarious parties.

In other words, even if the government’s security concerns are taken at face value, their proposals don’t address what privacy critics fear most.

Is a Better Balance Possible?

The Council of Ministers has laid out what seems like a reasonable balance between privacy and security. Here’s an excerpt: “technical solutions for gaining access to encrypted data must comply with the principles of legality, transparency, necessity, and proportionality.”

However, the willingness to strike this balance doesn’t mean anything if they lack the technical expertise to uphold these principles. For example, how can they demonstrate to encryption experts that the openings governments will use won’t be exploited by hackers?

It’s difficult to have a broad, non-technical discussion of such a complicated and wide-ranging topic, but that’s just the problem: the devil is in the details, and the details have been unaddressed.  It’s reasonable to suspect these principles won’t be adhered, either on purpose or by accident, especially given how many high-profile breaches there have already been.

Real Encryption Doesn’t Deal in Half-Measures

Attaching the word “encryption” to a device doesn’t make it fully secure. Unless every potential vulnerability is accounted for, the device can be penetrated.

The market’s leading encrypted mobile security provider ensures their tools are hermetically sealed against any possible intrusion. Having this level of protection means your communications will remain private.

Given how data is collected by governments worldwide, people are wise to take the security of their communications into their own hands. Governments pay lip service to the absolute right to privacy, but every statement they make about upholding this right has a “but” in it that undermines their seriousness.

If governments only respect a partial right to encryption, the encryption may as well not exist.

Is Australia a Harbinger of What’s to Come?

The Australian government has already passed the Assistance and Access Bill 2018, which grants law enforcement bodies the right to seize user information, and even to access communications protected by end-to-end encryption. Companies will need to grant police access to a back door because not even they can see the communications themselves.

The law could still be amended, and privacy rights advocates are watching to see how companies will respond to the legislation once agencies begin to use this power. Will international companies claim they aren’t subject to Australian law? If they’re forced to comply, will they pack up and leave the country?

This climate of uncertainty is enough to undermine stable operating conditions businesses require, and there are signs that the damage has already begun. The tech giant Atlassian claims it’s presenting concerns they and smaller companies without their resources have that these laws effectively create embedded weaknesses in their products.

Think about it from the customer’s perspective: why would you commission a tech company from Australia subject to weak encryption laws when you could simply choose a tech company from a different country where no such laws exist?

Damage has already been done. For example, the UK’s biggest ever cyber attack was made possible by a Windows exploit located by America’s NSA. In other words, if the government gets even one toe in the door, the door will always be open.

Governments around the world pledge to respect privacy, and they may very well have the intentions in mind. But as case after case shows, their duty to safeguard the population often outweighs upholding privacy rights. If this doesn’t lead to outright spying, it may inadvertently give hackers the opening they need. Using a communication device that can’t be cracked is the only way to guarantee your privacy in a world where even the strongest legal protections are weak and subject to further erosion. Please see our customer support & resources for technical answers about how the best encryption works.

If You Knew How Data Was Really Collected, You Wouldn’t Like It

On some level, if you ask a person if their smartphone data is being collected, they’ll say “yes.” Most people know their data is highly sought after by companies and governments. Nobody likes this, yet an increasing number of people use smartphone apps every day despite these known privacy risks.

However, people probably underestimate just how much data their government possesses and how this data is used. News reports about the US Customs and Border Protection (CBP) agency shed light on just how far the government can reach.

Seized Devices

Vice News reports that US CBP agents seize tens of thousands of devices every year from travellers, even when they aren’t near a border or haven’t been charged with a crime. Data from these devices is then uploaded into a searchable database and remains there for up to 75 years.

It’s known that governments collect data on citizens in the name of national security. However, recent changes have decentralized the process, creating potential scenarios where border agents can extract large quantities of sensitive information that has no bearing on their specific investigation.

While this agency claims that they limit access to trained forensic analysts, privacy advocates warn the scope of the data obtained remains large and that this agency has a history of overstepping. So long as the CPB can demonstrate the lowest burden of proof, “reasonable suspicion of a crime, the type of data they can access includes:

  • GPS history
  • Text messages
  • Emails
  • Social media posts
  • Photos
  • Videos
  • Financial accounts
  • Transaction records

People uncomfortable with the idea of governments tracking their metadata should object to this even more. What could be a more flagrant privacy breach than government agents having full access to your private pictures and personal communications?

Activists worry that the CPB is stockpiling a centralized collection of data, which the government may then repurpose for unrelated matters down the road. The nightmare scenario where an initial government privacy invasion unfairly provides the basis for a second government overreach may seem far-fetched, but that it’s even plausible is a major red flag.

People need resources to help keep their information secure.

Buying Commercial Data

It’s possible that US border agents already have a cache of data on you, even if you have never interacted with one in person. The agency has location data on Americans from across the country, including those who don’t live near the border.

The US government doesn’t need to seize your device to obtain massive troves of your data. They also claim they don’t need a warrant, either.

CPB buys app location information from middlemen providers, who specialize in harvesting this data and selling it to law enforcement agencies so they can track individuals or groups. Venntel, one of these companies, sources their data from innocuous online apps countless people use every day:

  • Weather
  • E-commerce
  • Games
  • More

Most people use these types of apps without giving them much thought. At worst, they may wonder what the app does with their data.

It’s bad enough that private companies obtain your data under one pretext and sell it to third-party advertisers without you knowing, but quietly selling it to law enforcement agencies is a problem of a higher magnitude.

While it’s likely that most people would object to this type of privacy invasion, it’s not clear the government is doing anything illegal. A group of Democratic senators are calling on the Department of Homeland Security to investigate.

But in an important sense, legality here is moot. It shouldn’t be comforting if these practices are ultimately illegal because the government has already participated in them for years. On the other hand, it’s even worse if the CPB hasn’t broken the law, and the government permits this type of invasive data gathering.

Whatever the investigation finds, people need a way to ensure their communication remains confidential.

Real-World Examples of Breaches

If you don’t even know who has your sensitive data, how can you trust how it’s being used or misused? Most people have never had the government breach their privacy, so fears about potential overreach may seem overblown to them.

Many activists and journalists know that the danger is all too real because they have experienced it first-hand.

In 2019, the American Civil Liberties Union (ACLU) claimed the US government surveilled three not-for-profit organizers, who were on a list of more than 50 activists and journalists. The ACLU’s complaint alleges the activists’ relief efforts were hampered on both sides of the border, derailing their lives and work.

The CBP had defended the list, claiming the people on it were linked to the 2018 migrant caravan. However, there were activists on the list who had no prior experience working with anyone related to the caravan.

It’s unclear precisely what these activists did to draw the US government’s attention, but their privacy would have remained intact had they been using only encrypted communication solutions rather than third-party apps and web browsers.

Breaching Privacy is Non-Partisan

With a new Democratic administration set to take office in January 2021, it’s worth recalling that both political parties in the US have presided over enormous privacy breaches. The National Security Agency (NSA) has grown enormously since its founding in the wake of the 9/11 terror attacks, including under President Barack Obama.

In fact, one of Obama’s final acts as president was to allow the NSA to share its vast information-gathering network with 16 other agencies in the US intelligence community. It doesn’t matter who is in office: the government can access your data unless you take steps to prevent them from doing so.

Usually, the people interested in accessing your private communications are one step ahead of you. By the time you find out how far their reach is, it’s too late, and they’ve already violated your sensitive data. Check out these Myntex encryption success stories to learn more about how the market’s best encryption, vital security measures that patch up any remaining susceptibilities, and safe and reliable data storage have made an impact. Keeping data private is something you will like.

Heartwarming Encryption Success Stories

Some people wrongly associate encryption with something sinister. They suspect anyone who would go to such lengths to keep a secret must be hiding something dark. In many cases, the exact opposite is true!

In countries across the globe, people are fighting for a better world, but they face resistance. For human rights activists working in dangerous places, keeping their work confidential can be a matter of life and death. What if a death squad raids their offices and learns the names of activists and local witnesses who worked with the group? In such circumstances, privacy takes on another magnitude of importance.

We’ve all seen spy movies where secret agents with the backing of their government have elaborate ways to send and receive confidential messages. Until the early 1990s, smaller organizations didn’t have the resources for such tools, and they were at a serious disadvantage.

Philp Zimmermann changed that by creating the most widely-used encryption software in the world — Pretty Good Protection, known as PGP. An American computer scientist and cryptographer, PGP enabled human rights groups and activists worldwide to conduct their operations in safety. The emails Zimmermann received from grateful users on the ground attest that PGP has saved numerous lives.

Myntex was inspired to become a leader in PGP encryption technology after reading about the pioneering work of Philp Zimmermann and the impact he made. We’re proud to carry on this work today,

Please read these stories about PGP technology making an impact below to better understand the importance of confidentiality.

Kosovo

Grateful feedback from the brother of a rebel freedom fighter in Kosovo during the 1998 war puts into sharp relief PGP encryption’s importance. Here is an excerpt from the letter. Names have been withheld, and the letter is lightly edited for brevity.

“The peasant guerillas of KLA took heavy casualties during fall 1998…they had to rely on couriers to pre-coordinate any action, which in effect made them simply too slow. Phones, faxes, emails were, according to him, all taped by the government…which, he says, surveilled a great many call/min and got activated with code-words…And then, some within KLA came up with the PGP!

“…My brother is totally convinced that it saved the lives of hundreds of good men, who otherwise would have had no chance…I guess what I’m trying to say is, I’m grateful to have my brother back alive.”

Today, Myntex creates end-to-end encrypted communication tools that offer the same level of security, but they’re even easier to use.

Zagreb

Another letter from a grateful PGP user testifies to the life-saving ability of real encryption. The names of the people and organization involved were deleted out of privacy concerns, which will seem understandable after reading their story:

“We are part of a network of not-for-profit agencies, working among other things for human rights in the Balkans. Our various offices have been raided by various police forces looking for evidence of spying or subversive activities. Our mail has been regularly tampered with and our office in Romania has a constant wiretap.

“…The security police raided our office and confiscated our computers in the hope of retrieving information about the identity of people who had complained about their activities.

“In every instance, PGP has allowed us to communicate and protect our files from any attempt to gain access to our material as we PKZIP all our files and then use PGP’s conventional encryption facility to protect all sensitive files.

“Without PGP we would not be able to function and protect our client group. Thanks to PGP I can sleep at night knowing that no amount of prying will compromise our clients.

“I have even had 13 days in prison for not revealing our PGP pass phrases, but it was a very small price to pay for protecting our clients…Your work protects the innocent and the weak, and as such promotes peace and justice…”

The Need for Encryption, Today

The above letters may reference the breakup of the old Soviet Union, but there is still a critical need for encryption worldwide, including in modern North American society. The US government monitors whistleblowers before they even decide to blow the whistle.

Telecom companies and tech giants can piece together people’s day-to-day activities with extreme accuracy by stitching together their metadata. Even assuming these corporations do not read your emails, your smartphone can tell them your location at specific times, what websites you browsed, and other information which, taken together, completes a full picture.

Public servants in the US desperately tried to expose what they felt was government wrongdoing, and in response, the president wanted them punished and publicly outed. If employees of the federal government felt outmatched, it’s not hard to imagine how private citizens, activists, and human rights organizations with even fewer resources must feel.

Privacy for All

Everybody has valuable confidential data that identity thieves and others would love to access. Unfortunately, with a little bit of time and effort, they can — an experienced hacker only needs about 15 minutes to break into your Gmail.

Citizens have a wealth of data that could potentially be exploited for blackmail. Journalists need encryption to keep sources confidential. Banking and finance professionals have loads of sensitive information about their companies, clients, and personnel.

Those in pharmaceuticals, defence, activism, and many others need secure communication tools. There have been enough leaks in each of these sectors to demonstrate the value of preventing them before they occur.

For example, internal emails show that the Royal Canadian Mounted Police (RCMP) has a list of 89 indigenous activists it tracks. The lists of these activists lay dormant until the government announced the approval of the Trans Mountain pipeline. Unfortunately, even Canadian governments spy on citizens when controversial infrastructure projects are announced.

You may not think you have valuable secrets, but your private information could be used against you in ways you may not immediately imagine. Even if you aren’t a rebel fighting a civil war or an activist opposing a multi-billion-dollar pipeline, Myntex encryption lets you communicate securely.

When Governments Spy on Citizens, They Invent a Great Excuse

In theory, everyone agrees that the public has a right to safety and privacy. Yet, in practice, it isn’t easy to balance these competing needs in a way that satisfies all parties.

Businesses like social media platforms often get stuck in the middle. Governments ask them for data on citizens in the name of national security or protecting the public, while citizens insist that their privacy be respected, and may leverage their power and leave the platform unless it is.

How can a company keep sensitive user data confidential and fulfill legal obligations to let the government access this data? Suspicions of government snooping are reasonable.

For years, the US government secretly spied on citizens. Former National Security Agency employee Edward Snowden famously blew the whistle on a massive government spy program in 2015. The excuse for spying on citizens in the wake on 9/11 was national security. Now, there’s another reason.

In March 2020, a bipartisan group of American senators introduced the EARN IT Act, which seeks to prevent child sexual exploitation online by targeting child predators on social media platforms. On the surface, of course, the goal of keeping children safe is laudable! But that’s just the problem: when the government wants to secretly access the public’s private information, it knows it needs a justification everyone supports.

However, privacy advocates warn that encryption will be completely compromised if the government can side-step it when they feel the need. If this law passes, it could spell the end of encryption. At least on certain public platforms; communicating through Myntex security services ensures that your private data will remain confidential no matter what legislation passes or how the courts rule.

Why Have Encryption if the Government Can Demand Your Communication?

In the past, big tech companies weren’t responsible for the content their users published. The proposed EARN IT Act will put the onus on these tech companies to ensure predators don’t use their platforms to violate children.

If the law passes, big tech companies could be held liable for the harm their users cause, unless they comply with a 16-person commission’s recommendations. To catch predators, the commission could recommend non-intrusive measures like scanning photos and videos proactively to ensure there is no abusive content, and communication surveillance. The latter is where things get dicey.

Either users can know that their private communications are confidential, or the government can force companies to grant them back-door access to this data. Companies offering end-to-end encryption may not be willing to comply with such requirements, since concealing the messages is the entire point of encryption.

Silicon Valley giants like Facebook argue they can protect children without undermining encryption or their users’ privacy rights. Members of Congress and law enforcement disagree. If the time should come where companies like Facebook need to choose between protecting users’ privacy rights and complying with a government order to access people’s communications, what will they pick?

For how long can they hold out? And so, the privacy battle continues.

End-to-End Encryption in Business

Business leaders must take security into their own hands. They need to get access to the strongest encryption algorithms available, as they can’t depend on platforms that may not be secure in the near future.

Secure communications create a stable atmosphere executives need for conducting business. CEOs can’t sit around and wait to see what the laws will be after the government is finished duking it out with big tech companies.

Even if big tech companies found a way to keep children safe from online predators without requiring back-door access to encrypted communications, the government could claim another pretext for needing access to citizens’ private communications. When one door is closed on them, they usually find another to open eventually.

Taking the initiative to get state-of-the-art end-to-end encryption means shutting the door on them. You need to know that your confidential data is private, which means ensuring your messages are encrypted, and your phone is otherwise protected against identity thieves, corporate saboteurs, or even the government.

Encryption in Everyday Life

People making million-dollar deals understand the need for security, but most people use the internet for countless purposes and routinely buy things online. Identity thieves don’t need a lot of information to wreak havoc on a private citizen.

Aside from our enhanced encryption, additional features like remote wipes and tamper-proofing are perfect for protecting everyday citizens’ basic communications. Here are some resources to help understand your options for encrypted technology, as the topic can be technically complicated.

Millions of people chat each day on platforms like Facebook, sending sensitive information across the internet without really thinking about who else could read it. Even text messages from one phone to another are vulnerable to a hack without the right level of encryption.

Myntex specializes in advanced encryption technology, and our phones have numerous features that complement the encryption. Even if your phone goes missing or a thief steals it, they won’t access its contents because of the layers of world-class protection.

Historically, learning how to navigate phones with leading encryption took technical knowledge and time to learn. Now, everyday users can enjoy modern functionality, knowing they’re as secure as can be. Myntex believes that communicating securely should be easy to use. Please feel free to learn more about who we are and what we set out to accomplish in the encryption industry.

The government will always claim an overriding need for them to obtain data on citizens, despite all their respect for the right to privacy. If it isn’t to keep children safe online or defend the country against terrorism, there’ll be another reason.

Of course, these are genuine safety issues that affect us all! But wherever big tech companies and the government decide to draw the line between privacy and security, business leaders and private citizens can ensure their own communications are secure by relying on encrypted phones by Myntex.