As we continue to read new revelations about the extent of the government's spying on citizens, more people are looking into ways to protect their privacy in emails, texts, and phone calls. You could write all your messages with lemon juice on parchment, but given the realities of the modern world, cryptographic encryption provides the best balance between security and convenience.
Unfortunately, encrypting your messages is still really inconvenient. Users who want to protect their privacy must typically go through a lengthy installation process that is probably explained in technical jargon, and then only send messages to people who are using the same protocol.
But what if secure messaging were built into your phone's underlying operating system, so that everyone on the same platform is automatically exchanging encrypted messages?
Encryption is still inconvenient
Cyanogen, the independent company that makes the popular CyanogenMod version of Android, announced today that its users will soon be using secure text messaging by default.
Cyanogen teamed up with Open Whisper Systems, which makes open source apps for secure texting and phone calls, in order to integrate encryption seamlessly into a phone's firmware. Install CyanogenMod, and your texts to other users of CyanogenMod and Open Whisper System's TextSecure will automatically be encrypted. You can still use whatever SMS app you like.
"We want everyone to have access to advanced secure communication methods that are as easy and reliable to use as making a normal phone call or sending a normal text message," Moxie Marlinspike, co-founder of Open Whisper Systems, says in an email. "The collaboration we've done with Cyanogen takes us substantially closer to our goal of completely frictionless secure communication. Users don't have to do anything special or different, it just happens."
The move makes end-to-end secure messaging available to a potentially huge user base. Cyanogen has 10 million known users, but it also gives users the option to not be counted. Considering these hidden users, there could be as many as 30 million CyanogenMod installations, the CEO estimates. The company aims to take on Windows Phone as the third-largest mobile operating system.
The update will be rolled out to the newly released 10.2 version of CyanogenMod, which is installed by roughly 668,000 users, and then incorporated into earlier versions.
"Users don't have to do anything special or different, it just happens."
BlackBerry Messenger, Apple's iMessage, Google's Hangouts, and third-party apps including WhatsApp all offer varying levels of security from government scrutiny, but with flaws. Any system that claims to be secure is going to have its critics, but Open Whisper Systems uses some of the highest standards. It employs end-to-end encryption, meaning only the sender and recipient can see the content of the message (as long as they're both using CyanogenMod or TextSecure). Open Whisper also uses perfect forward secrecy, an extra precaution that means new keys are generated for every message so that if a key is compromised, it can only be used to unlock one message.
Any system that claims to be secure is going to have critics
The protocol also uses an independently-developed algorithm rather than one approved by the National Institute of Standards and Technology, after it was revealed that the NSA worked to weaken NIST standards.
Encrypted messaging works best when everyone is using it. CyanogenMod is by no means mainstream, but its announcement is a major step in that direction — especially if it can manage to make its own notoriously long installation process less unwieldy.
Cyanogen decided to implement built-in secure messaging in part because even its tech-savvy users were neglecting to configure some of its advanced optional security features.
"We see this as a path to show that security and privacy are priorities in the mobile space," a Cyanogen representative says in an email. "If the former mobile race was over specifications, and the current is over camera quality, we'd like to see the next race be over who can protect their users the most. If this means we are taking on the other major systems, or just feeding them ideas for their own implementation, the users win."