25 January 2016

TOP SECRET Messaging: Hacking The Digital Age — App Erases Your Digital Trail

January 21, 2016 ·
www.fortunascorner.com
The World Economic Forum is having its yearly gathering in Davos, Switzerland this week, and the CNBC Squawk Box crew is hosting their daily morning show from there all this week. By having the show live in Davos, the CNBC crew is able to interview the titans of finance, industry, academia, and others. One interview I found interesting was with Ms. Nico Sell, Wickr Co-Founder and she also helps run DEFCON, the largest hacker gathering in the world that takes place every year in Las Vegas.
According to Wikipedia, Wickr was founded in 2012 by a group of privacy and security experts, and Ms. Sell served as the company’s CEO until May 2015, when she became Co-Chairman of Wickr and, CEO of the Wickr Foundation, — a newly launched non-profit dedicated to providing free and secure messaging services to groups including children, political dissidents, human rights activists, and journalists.

Wikipedia adds that, “initially unveiled on iOS and later on Android, Wickr allows users to set an expiration time [ranging from a few seconds, to six days] for their encrypted communications. Last December, Wickr released a desktop version of its secure communications, which coincided with introducing the ability to sync messages across multiple devices, including mobile phones, tablets, and computers. All communications on Wickr are encrypted locally on each device, with a new key generated for each new message — meaning that NO ONE EXCEPT WICKR USERS HAVE THE KEYS TO DECIPHER THE CONTENT. In addition to encrypting user data and conversations, Wickr strips metadata from all the content transmitted through the network.”
In essence, as Jeremy Kirk recently wrote in PC World, “Wickr lets people exchange files and messages, without leaving a digital trail that could later be examined by law enforcement, cyber spies,” and others. The encryption keys, are also encrypted, and only used once before being discarded,” Mr,. Kirk wrote. “Wickr doesn’t have access to any of the encryption keys used for securing the data. Even a person’s user name is stored by Wickr as a cryptographic cypher,” he added. “We don’t know who you are,” said Robert Statica, an Information Technology Professor at the New Jersey Institute of Technology, wh co-founded Wickr with Ms. Sell, Christopher Howell, and Kara Coppa.
Once the time period [set by the sender/receiver] expires, Wickr fatally corrupts the contents of the encrypted message. “This is important,” Mr. Kirk writes, “since computers and other devices don’t immediately erase data that has been tagged as garbage. Using special computer forensics software, the data can often be recovered,” but — that technique does not work with those who employ Wickr’s app. “The only real way to see something sent to a Wickr user would be to steal the user’s [cell] phone. Even then, five wrong attempts at the password — will cause Wickr to erase itself,” he added.
There is both a free Wickr app and a premium version that allows for tailored options specific for the individual user.

Ms. Sell told CNBC that one billion-plus ‘secret messages’ have been sent since 2012 using Wickr’s technology; there have been more than six million downloads of the Wickr app, and, the app has been applied utilizing twenty different languages. The biggest users of Wickr’s app thus far are: the U.S., Canada, and Brazil,” she said.

When Squawk Box anchor Joe Kiernan suggested to Ms. Sell that terrorists could also be using Wickr’s app; and thus, thwart law enforcement’s ability to potentially discover what they might be up to — Ms. Sell was not sympathetic. She argued that law enforcement had other techniques and methods they could use to discover this information. She referenced George Washington and the foundations of America that were based on life, liberty, and the pursuit of happiness. Ms. Sell argued that the kind of technology that Wickr offers, ensures that our private conversations — stay private. Perhaps. I am no longer working in the arena anymore. But, the Edward Snowden leaks revealed sensitive sources and methods — some of which cannot be resurrected — at least not easily, nor quickly. When you consider the loss of these precious intelligence collection methods and the types of encryption technology that Wickr offers — it isn’t hard to understand why law enforcement is having a much harder time — post-Snowden — in discovering and ferreting out potential terrorist plans and operations. Perhaps some of the post-Snowden decisions were warranted. Who watches the watchers is always a key task. But, one also has to worry, if Ms. Sell’s and the Wickr app — are going too far in the privacy direction — at the expense of protecting the public from future terrorist acts. It is an age-old argument, with no easy answers. Clearly however, terrorists and criminals, and other malcontents, are no doubt already taking advantage of the protections that Wickr offers. How this plays out, is anyone’s guess. But, if the West suffers a major terrorist attack, with loss of life — and, it is discovered that the perpetrators were able to evade the prying eyes of law enforcement — because they employed Wickr — then, this issue will have to be re-examined

No comments: