Beyond Implementation: Policy Considerations for Secure Messengers
One of EFF’s strengths is that we bring together technologists, lawyers, activists, and policy wonks. And we’ve been around long enough to know that while good technology is necessary for success, it is rarely sufficient. Good policy and people who will adhere to it are also crucial. People write and maintain code, people run the servers that messaging platforms depend on, and people interface with governments and respond to pressure from them.
We could never get on board with a tool—even one that made solid technical choices—unless it were developed and had its infrastructure maintained by a trustworthy group with a history of responsible stewardship of the tool. Trusting the underlying technology isn’t enough; we have to be able to trust the people and organizations behind it. Even open source tools that function in a distributed manner, rather than using a central server, have to be backed up by trustworthy developers who address technical problems in a timely manner.
Here are a few of the factors beyond technical implementation that we consider for any messenger:
- Developers should have a solid history of responding to technical problems with the platform. This one is critical. Developers must not only patch known issues in a timely manner, they must also respond to particularly sensitive users’ issues particularly quickly. For instance, it was reported that in 2016, Telegram failed to protect its Iranian users in a timely manner in response to state-sponsored attacks. That history gives us more than a little pause.
- Developers should have a solid history of responding to legal threats to their platform. This is also critical. Developers must not only protect their users from technical threats, but from legal threats as well. Two positive examples come readily to mind: Apple and Open Whisper Systems, the developers of iMessage and Signal respectively. Apple famously stood up for the security of their users in 2016 in response to an FBI call for a backdoor in their iPhone device encryption, and Open Whisper Systems successfully fought back against a grand jury subpoena gag order.
- Developers should have a realistic and transparent attitude toward government and law enforcement. This is part of the criteria by which we evaluate companies in our annual Who Has Your Back? report. We’re strongly of the opinion that developers can’t just stick their heads in the sand and hope that the cops never show up. They have to have a plan, law enforcement guidelines, and a transparency report. Any tool lacking those is asking for trouble.
We discuss these concerns here to highlight the undeniable fact that developing and maintaining secure tools is a team sport. It’s not enough that an encrypted messaging app use reliable and trusted encryption primitives. It’s not enough that the tool implement those primitives well, wrap them in a good UX, and keep the product maintained. Beyond all that, the team responsible for the app must be versed in law and technology policy, be available and responsive to their users’ real-world threats, and make a real effort to address the security trade-offs their products present.
This post is part of a series on secure messaging.
Find the full series here.