Most messaging technologies fail on one or more security criteria, according to a secure messaging scoreboard published by the Electronic Frontier Foundation (EFF).
The scoreboard rates 39 messaging tools, including chat clients, text messaging apps, email apps and technologies for voice and video calls.
The EFF said the scoreboard rates technologies that have a large user base and carry a great deal of sensitive user communications, as well as technologies from smaller companies that are pioneering advanced security practices.
To rate the tools, the EFF used the following questions:
Encrypted in transit?
Encrypted so the provider cannot read it?
Can you verify contacts’ identities?
Are past comms secure if your keys are stolen?
Is the code open to independent review?
Is security design properly documented?
Has the code been audited?
According to the scoreboard, only six of the tools met all seven criteria.
The six best-scoring tools were ChatSecure, CryptoCat, Signal/Redphone, Silent Phone, Silent Text, and TextSecure.
Apple’s iMessage and FaceTime products stood out as the best of the mass-market options, although neither currently provides complete protection against sophisticated, targeted forms of surveillance.
Many options – including Google, Facebook and Apple’s email products, Yahoo’s web and mobile chat, Secret, and WhatsApp – lack the end-to-end encryption necessary to protect against disclosure by the service provider.
Several major messaging platforms, like QQ, Mxit, and the desktop version of Yahoo Messenger, were found to have no encryption at all.
EFF technology projects director Peter Eckersley said while many new tools claim to protect you, they don’t include critical features, such as end-to-end encryption or secure deletion.
“This scorecard gives you the facts you need to choose the right technology to send your message,” he said.
We hope the Secure Messaging Scorecard will start a race to the top, spurring innovation in stronger and more usable cryptography
Nate Cardozo, EFF
EFF staff attorney Nate Cardozo said the digital rights group is focused on improving the tools everyday users need to communicate with friends, family members and colleagues.
“We hope the Secure Messaging Scorecard will start a race to the top, spurring innovation in stronger and more usable cryptography,” he said.
The scorecard is part of the EFF’s campaign for secure and usable cryptography, which is aimed at championing technologies that are very secure and also simple to use.
Law enforcement officials calling for less encryption
However, the start of the campaign coincides with a series of calls by US, UK and EU law enforcement officials for less encryption of mass communication.
London’s police chief Bernard Hogan-Howe told a US law enforcement conference in New York encryption is hampering police investigations.
His comments come just days after the recently-appointed GCHQ chief Robert Hannigan said US tech firms were becoming the “command and control networks of choice” for terrorists and criminals.
He reiterated recent calls by his predecessor Iain Lobban, FBI director James Comey and European Cybercrime Centre head Troels Oerting for better tools to do their jobs.
Hannigan lamented that “techniques for encrypting messages or making them anonymous, which were once the preserve of the most sophisticated criminals or nation states, now come as standard”.
Making a call for greater support from tech firms, he said these services increasingly host violent extremism or child exploitation content and facilitate crime and terrorism.
Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Related content from ComputerWeekly.com
RELATED CONTENT FROM THE TECHTARGET NETWORK