In an event that caused anxiety in the corridors of cybersecurity and security, the magazine “The Atlantic” revealed yesterday an involuntary flight from a secret conversation which took place at the request for “signal”, which included high officials in the administration of the American president Donald Trump. Among the group participants are: National Security Advisor Michael Waltz, Defense Minister Beit Higseth and Vice-President of the JIH of.
However, the scandal occurred when the editor -in -chief of the magazine, Jeffrey Goldberg and others, was added to the group by mistake, which opened the door largely to question the feasibility of relying on commercial applications, even those described as “the safest in the world”. Perhaps the most important question that has raised questions of public opinion is the reason why governments – in particular strong – use free public applications and do not use private secret applications?
Human error, not a technical problem
The leak revealed by the magazine was not the result of a defect in the application structure or a violation of encryption, but rather a human error in the addition of unauthorized people. Experts confirm that the scandal is not the result of technical penetration or software escape, but rather following a human error spent, because one of the officials added a certain number to the conversation without ensuring its identity, so that it becomes clear that it is up to one of the journalists, who suddenly received military secrets from the heart of the American administration. “This incident does not condemn Segnal, but rather exposes the fragility of awareness of security even at the highest level,” said Joseph Ridel, cybersecurity expert at Brookings Institute.
Questions about public demands?
In the midst of the growing discussion on the flight of encrypted conversations, many subscribers and observers ask: why governments – which are supposed to have the greatest digital security – depend on commercial correspondence applications available for the general public such as “seghenal” and “Whatsapp”, instead of developing their own closed and tight systems? Does it depend on the ordinary? Or a lowest cost for the lowest cost? Or are there more in-depth reasons related to international efficiency and communication?
This question is not new and was addressed by multiple technical analyzes in the field of cybersecurity and government communication. These analyzes are unanimously agreed that the development of closed internal communication systems requires huge investments in infrastructure, including software design, security examination, independent accommodation, in addition to continuous updates and maintenance and reliability guarantees. On the other hand, open source applications – such as Segnal – offer a more effective option and speed.
In addition, commercial applications are the best option often due to the ease of use and familiar interfaces, which reduces user resistance, in particular in institutions that include civil servants who have no high technical experience. In addition, there is an increasing need for civil servants to communicate with external parties – such as journalists, diplomats or international organizations – do not use government communication systems, which makes public applications a practical and available solution for everyone.
Why do governments use applications such as signal and WhatsApp?
There is no doubt that a question like this is answered in everyone’s mind. Is this not the first for governments to have their own secret applications, far from public platforms?
In fact, the answer is complicated, because many experts and technicians see that this phenomenon has several reasons and can be shortened above:
First: encryption
Experts believe that open source encryption used in public applications such as SEGNAL is the most reliable and, in return, many government requests are closed, which makes them easier to penetrate.
Open source encryption means that the code (source code) used in the design of encryption algorithms is accessible to the public to everyone, and any developed person, a security researcher or an independent institution can review the code and ensure the coding method with precision. And to examine security gaps or implementation errors. As well as testing the encryption force and its resistance to penetration or espionage. It contributes to its development and its improvement via open software.
The importance of the open source stems from the fact that transparency here means greater confidence, instead of counting on the words of the developed company (which can claim that its request is “safe” without proof), the open code allows experts from around the world to verify themselves.
On the contrary, source encryption is that the code is not available and that the user is obliged to trust the company without being able to examine what is happening “behind the scenes”, such as certain companies or governments or unknown correspondence applications.
Second: speed and simplicity
The second reason that explains governments using public and common applications such as Seghenal and Whatsapp, is that the world of urgent policies does not have time to install complex internal applications, because the separating application is on each phone, and it works immediately, and with confirmation of efficiency, which means that it is available in the simplest way.
Third: Low official digital structure
The third reason for the reluctance of governments to use special applications is that many governments – even advanced – have problems modernizing digital systems, because any safe internal application requires years of development, strict security tests and permanent updates, which is not always available.
Even when some governments choose to develop their systems, the road is not free from mines. For example, the “Confide” application, which has been used for a while at the White House, was exposed to safety gaps due to the low update mechanism. In a famous interview with the British newspaper Guardian in 2014, the former American intelligence agent Edward Snowden warned that descriptive data (which spoke and when) can be more dangerous than the content of the messages themselves, which are often not covered by encryption techniques.
The most important paradox is that most governments depend on a commercial infrastructure, such as “Amazon Web Services” or “Microsoft Azure”, which loses total data control, even if it has developed its own application.
Are there secret government requests?
Despite everything that has been said about the justifications not to use closed government applications, certain countries (such as Russia, China and Israel) have already closed and coded internal communication systems, but they are not always applicable outside of security or military contexts, according to experts and technicians. It is for several reasons:
- Difficulty in using
- Limited technical assistance
- Development update and restrictions
- Difficulty publishing it among a large number of civil servants, diplomats and mobile advisers.
Is there a compromise?
Faced with increasing complications on the site of digital communications, options on the decision -maker table seem to be responsible for paradoxes, commercial applications are easy to use, but they are vulnerable to gaps, while special systems can be theoretically safe but costly and complex. Is this a third way?
Cybersecurity experts believe that the solution does not reside in the full bias of one of the two parties, but rather in the creation of a hybrid approach which combines practical security and operational efficiency, and according to these experts, the solution does not consist in getting rid of commercial applications or total dependence on special systems, but it takes an intelligent mixture of the three elements:
- The use of open source tools has undergone wide safety tests.
- Apply specific protocols for group management and powers.
- Training of cybersecurity and digital risks.
The sentence is that at the time of encrypted messages and urgent decisions, the problem is no longer linked to the choice of a safer application, but by understanding the security equation in its full context: technology, practice and institutional structure. The scandal of “signal” leaks did not expose a flaw in algorithms, but rather revealed the fragility of human use, even in the higher judgment circles.