Secure Communication for the Professional
By Steven N. Solomon
Lawyers and doctors are just two professions that are required to secure information. For lawyers it is the Model Rules that tell us to keep client information confidential while for doctors and others in the medical community information is required to be kept secure through HIPAA and State Law. For any profession or business to run smoothly and successfully communication needs to be paramount. However, many forms of communication, e-mail, text messaging and Instant Messaging, while convenient are not secure for most people. Using these forms of communication to transmit sensitive information can result in a breach which may then entail heavy fines, mandatory training for you and your staff, credit monitoring for those individuals affected, not to mention the cost of the potential lawsuits for the breach.
The remainder of this article will focus on secure apps for texting and Instant Messaging for the legal professional and non health care industry as HIPAA has specific requirements that are needed to prevent a violation.
It should be noted that nothing can be claimed to be 100% secure. The best that one can hope for is that the security makes it too difficult for most anyone to breach. For effective security both the sender and recipient have to be on the same encryption system. For simplicity sake think of both parties needing to speak English rather than one party who only speaks Spanish. Getting the sender and recipient to use the program/app/software is one of the biggest hurdles in secure communication.
There are numerous companies that produce a wide array of products so you must do the proper research to determine which would work best for you and those you communicate with. Some businesses may want a log of all of their communications while others may not care. A decision should be made with your Privacy Officer as to what is best.
Texting Apps
BBM (Black Berry Messenger) is probably one of the most well known services for secure communication. Most smart phones have an app available for download. Messages are first encrypted on the senders phone before being sent to the recipient where it is then unencrypted. Each message is encrypted with the same “key” which means that in the unlikely event that someone is able to break the encryption, they would be able to see all of the conversations that you had with that recipient. For those requiring additional security or just more paranoid, Black Berry is releasing in 2004 eBBM (Enterprise Black Berry Messaging). Each message sent will have its own unique encryption key which means that only that one message can be compromised if the encryption is broken.
Wickr is one of the new class of messaging apps that besides allowing you to send encrypted text but also has a self destruct for the message. This is available for Android and iPhone. The company claims that messages are “forensically wiped” upon expiration and that they do not store the message on their servers.
Invisible Text also allows for “self destruction” of messages. Once the message is read by the recipient a timer starts that will then delete the message once the countdown is complete.
Silent Text is from Silent Circle, the company behind the Black Phone. The founders have a good reputation for protecting your privacy. One of the founders is Phil Zimmerman, the creator of Pretty Good Privacy. In order to use this app you must be a subscriber to Silent Circle. Texts can be deleted from both your phone and the other phone you are communicating with. The encryption and the way the company handles sending messages appear to be top notch. Also available as part of your subscription is the ability to make encrypted phone calls to other users.
Instant Messaging
Not every communication is between mobile devices. Many use the Computer to “chat” or Computer to Mobile Device. These Instant Messages (IMs) are not considered secure by default.
Off-The-Record (OTR) is the encryption protocol that can be used for these communications. It can also be used with your mobile device.
The following are a list of clients with the system that they can be used with:
Pidgin – Windows, Linux
Adium- OSX
ChatSecure – Windows, Mac, Linux, Android, iPhone
The apps and programs above are just some of the “secure” communication alternatives available.