Your calls may be secure, but are they private?

What’s the difference between security and privacy – well, quite a lot actually.

When it comes to making calls or sending texts from your mobile phone, there are a myriad of ways that eavesdroppers can listen in.  From colleagues simply being nosy and overhearing your conversations, to various over-the-air attacks, intercepting your calls via a rogue base station, cracking the encryption or exploiting vulnerabilities within the GSM network protocols, mobile conversations or texts are not that secure.  There are a number of apps now available, some of them free to download, that claim to provide encryption and security.  However, a word of caution when it comes to free services from Tim Cook, CEO of Apple.  As he so eloquently put it; “A few years ago, users of Internet services began to realise that when an online service is free, you’re not the customer. You’re the product!”

But is the content of your communication the only part that needs to be secure? What about privacy too?

Let me explain.  Imagine you are communicating with someone or an organisation that you don’t want anyone else to know about.  For example, applying for a new job.  They call you to arrange an interview using standard GSM technology (any mobile phone).  That is like sending the details on a postcard.  The address and the contents of the communication can be read by anyone in Royal Mail.

If you use a more secure method, say a free to download encrypted messaging solution, that is like asking a social media company to deliver your message.  It may well be encrypted (in the previous example the contents would now be in a sealed envelope rather than on a postcard) so they don’t know what it says, but they know who you are talking to, when and how frequently, and where both of you are. If they have this information, they can make their own deductions, for example, you are either applying for a job, or already work for the organisation in question. So even without knowing the contents, they can piece together some intelligence, and they might share this information – your privacy is compromised and you have no control.

The ultimately secure method is for a courier that works for the organisation to deliver the letter to you personally, and you then reply, using the courier.  This way, no one knows that you are communicating except for you and the organisation in question.  Not only do any potential eavesdroppers not know what is going on, they don’t even know that anything is going on, and therefore maybe are less suspicious, keeping your activities under the radar – and private.

These three scenarios I have just described are the difference between using GSM, an encrypted messaging solution (like WhatsApp, Facebook Messenger, Snapchat, Telegram, Viber, Threema, WeChat and Line), and an on-premises secure communications solution, that you control, so that you know where your data is held at all times.

Sometimes security and privacy sound like the same thing, and sometimes it doesn’t much matter, if for example, you are arranging a surprise party. On the other hand, depending on your work, it can matter a great deal, and if you are operating in an oppressive regime, where it is imperative that your communications remain private, even covert, it can be the difference between life and death.