How we can restore the privacy of our correspondence and professional secrecy together 2019-11-28

How we can restore the privacy of our correspondence and professional secrecy together

(Estimated reading time 5 minutes or go to conclusion)

Professional secrecy

You're probably familiar with the professional secrecy of doctors, lawyers, pharmacists, social workers, psychologists … Care providers are not allowed to say anything about you without your permission, except in cases where society is at risk. If they do, they are subject to a fine and imprisonment (according to Art. 458 Belgian Penal Code). The reasoning goes like this: without a guarantee of privacy, a good relationship of trust is impossible, and without such a relationship, the care is inadequate.

But did you also know that professional secrecy is systematically being violated on a large scale in the digital world?

Privacy of correspondence

You're also probably familiar with privacy of correspondence. No one wants just anyone to read their letters. Privacy of correspondence is therefore included in our constitution (namely Art. 29). Violating the privacy of correspondence is only possible in exceptional cases such as a judicial investigation.

Today, however, violation has become the norm instead of the exception. Are e-mail and other digital communication media so fundamentally different that the privacy of correspondence does not apply? I don't think so. We're still the same people, even though we now spend more time online.

The digital status quo in the 21^st century

You probably contact your friends, family or care provider using one of the following digital media:

Calling (with a traditional or mobile phone)
A text message (with those pre-emoji smileys ;)
A digital letter (e-mail via Google Gmail, Microsoft Hotmail …)
Instant Messaging (Facebook WhatsApp & Messenger, Telegram …)

In the first two cases, your telephone provider and optionally the government of your country is able to read or listen. In the last two cases, at least the provider of the service is able to read your messages, even if it (sometimes) vehemently denies this. There is no technical wall that prevents it from doing so. If even something small goes wrong in one of those incomprehensibly complex IT systems, your data will be on the street.

In short, the situation today is that there is always a (possibly digital) pair of eyes watching: Situation today: Anne -> Network with eye -> Bart

If on top of that you type messages with your smartphone, then your touchscreen keyboard will probably also monitor your input and send the data to advertising companies.

To say nothing of abuse by (unknown) third parties. Every digital system entails a risk of leaks.

That is why I am arguing for a change: not a radical one, just a logical next step in this digital age to guarantee the privacy of our correspondence and professional secrecy. This step is the use of End-to-End Encryption (E2EE).

What is End-to-End Encryption?

End-to-end encryption is a software system that allows you to communicate privately over an unsafe network. The encrypted messages sent through that system can only be read by your designated recipient. For each other instance through which the message passes (government, Big Tech giant or hacker) your message is no more than random numbers in succession. Ingenious right?

With end-to-end encryption, the diagram above changes. All who are not a sender or recipient of the end-to-end encrypted message have no idea of its content. So:

Anne -> padlock locked -> Digital Network -> padlock unlocked -> Bart

How can I make use of this great end-to-end encryption system?

Fortunately, using end-to-end encryption is no longer difficult. Today there are various open source applications that offer the possibility for free. Moreover, these applications are now user-friendly, which makes communicating with them no more difficult than the above-mentioned unsafe media (telephone, Facebook, Gmail, etc …).

If you are convinced, you can choose your favourite new private communication medium from five different options below.

(If you're still not convinced, maybe these extra incentives will help.) (If you still have questions, take a look at the FAQ or feel free to contact me)

Signal Private Messenger (https://signal.org/download)

A privacy-respecting and internationally acclaimed instant messenger: calling, texting, video … all the modern features but all with end-to-end encryption. You don't even have to create an account or remember a password for this option. The application works on the basis of your telephone number, which is required to identify you. Each contact that already has your telephone number and that is already on Signal will receive a message to welcome you when you activate the app. From then on you can securely communicate over any internet connection with the contacts that also use the app.

Wire App (https://app.wire.com/auth/#login)

Instant messaging without revealing your telephone number. You can create an account using an e-mail address, and here again the application is as rich in possibilities as the unsafe alternatives. Chatting, (video) calling, sending GIFs, it's all possible.

Protonmail (https://protonmail.com/)

An alternative end-to-end encrypted e-mail provider that operates out of Switzerland. This option is compatible with the old PGP but much more user-friendly than PGP. Communications between Protonmail users are protected, but secure e-mail is also possible with external parties if you first agree on a password.

Tutanota (https://tutanota.com/)

An alternative end-to-end encrypted e-mail provider with a built-in calendar. This option has been around since 2011(!) and the company Tutao GmbH operates out of Germany. Mailing between Tutanota users is end-to-end encrypted, and communication with external users is possible by agreeing on a password.

Keybase (https://keybase.io/)

Keybase is a bit of an outsider. An end-to-end encrypted chat application, and much more: ownership of your digital identity on various platforms, cryptographic proof, file sharing, end-to-end encrypted Git repositories, and recently a Stellar cryptocoin wallet.

TL;DR, Conclusion

In the most frequently used digital means of communication, a third party is able to monitor your communications, which systematically violates your privacy of correspondence and professional secrecy. You can prevent this by using end-to-end encryption via the software that I mention here.

FAQ

You said that smartphone keyboards often monitor what you are typing. Are there keyboards that don't?

For a privacy-friendly alternative to your smartphone keyboard, I recommend AnySoftKeyboard.

I'm not aware of a similar alternative for IOS, although Apple's business model is less dependent on privacy violations. If someone does know an alternative, please let me know.

I want to share this on social media, which hashtags can I use?

I propose the following hashtags. Pick your favourite or propose one yourself.

Why doesn't Tumblr use end-to-end encryption (#e2ee) for private messages?
I #usee2ee and am on Protonmail. You too?
Using End-to-end Encryption is the way to go #e2ee #e2Be!
Voulez-vous me contacter en privé, contactez-moi à l’aide de Wire #e2ee #e2bE
Le cryptage de bout en bout est ‘End-to-end encryption’ en anglais. #e2ee #e2Be

Why not Facebook WhatsApp?

I don't advise using Facebook WhatsApp because it's owned by Facebook, a company that systematically undermines privacy and systematically fails to deliver on its promises. Because Facebook is an advertising company, it has a conflict of interest with protecting your data. Big words about privacy by Big Ad companies are as reliable as greenwashing by Big Oil.

While it's true that Facebook WhatsApp uses end-to-end encryption (implemented by Open Whispers Systems, of Signal fame), but they also still collect information on your device about the nature of your use for advertising purposes. This also undermines your privacy and in my opinion is therefore not a worthy alternative.

Also the source code of Facebook WhatsApp is not open and therefore the software is not easy to verify for security errors or the deliberate forwarding of other private data.

Facebook Messenger (which may be linked to Facebook WhatsApp in the future) does not use end-to-end encryption. Sending private messages sent via Facebook are therefore not private at all.

Furthermore there is a long list of very good reasons to stop being used by Facebook altogether

How can I contact you?

I can be found on all the aforementioned media. On Keybase you can find me as dietercastel, on Wire as @dietercastel and on Protonmail as dietercastel@protonmail.com

An unsecured option (perhaps you're not convinced yet) to reach me is this e-mail address.

Do you have an English version?

Yes, since you are reading this in english right now. I got an expert human translator to translate it for me and I'm loving the result.

Why not Telegram?

I don't recommend Telegram because of the choice of their default settings. End-to-end encryption is NOT enabled by default. As a result, this option is probably not used by more than 90% of users. Users almost always leave the default settings in place. This is known as the Default Effect and that effect can literally save or cost lives.

Why not XXX?

There are undoubtedly other options but my requirements were: both open source and user-friendly for the largest possible group of people. Feel free to send me more suggestions of alternatives that meet these criteria.

How does end-to-end encryption work?

That's a difficult question. It is a combination of mathematics (more specifically asymmetric cryptography) and a rigorous, open source, secure software ecosystem implementation of this complex mathematical system.

Given that each digital system entails risks, does end-to-end encryption still work?

Certainly, but end-to-end encryption is a defence-in-depth strategy. Even if someone takes over the servers of the software systems, it is still very difficult to read your messages. Moreover, due to the transparent nature of open source software, such a malicious acquisition would probably not go unnoticed for very long, and a new system could be set up quickly.

The risks associated with communicating with people you don't trust remain the same. Therefore, also on these platforms, be aware of what you are forwarding. A digital system ALWAYS copies what you send, that's how it works. So never send anything to unreliable people that you would not be comfortable with if it were to become public. This is also a good rule of thumb on non end-to-end encrypted media (Facebook Instagram, Snapchat, Facebook, Twitter, Gmail, etc …).

What if this system is misused for shady purposes? :o

This can never be excluded. But as always, it is a small minority of people who do this. For legal investigations with the correct authorisation, all these platforms still contain metadata. In other words: what you say remains secret, but not with whom and when you communicate.

Incidentally, criminals also use our road infrastructure and we wouldn't want to eliminate it, right?

These applications still leak metadata. What can I use as an alternative?

It's true that all these applications still show when you use(d) them, how intensively and, often even the user's social network can be derived. For most users, however, this is not a major problem, but it could be for suppressed minority groups.

There are ways to hide this data too. Applications that can do this are known as metadata resistant. Metadata-resistant applications are still in their infancy, but are a fascinating development and, for me, something for the next blog post.

Metadata resistance is an important topic in privacy research and as far as I know ready-made solutions are not yet available. Worth mentioning is the CWTCH platform, although it is certainly not yet ready for the general public.

Why Anne & Bart instead of Alice & Bob?

Because Anne and Bart are the most common names starting with an A and a B in Belgium according to statistics by Statbel from 2019.

How did you make those nice diagrams?

They are made using MermaidJS. Link to the online editor of Figure 1 and Figure 2.

The applications you run are open-source. Where is that source located?

The source code for all these applications can be found on the social (programmer) network Github:

Source code for:

Signal: https://github.com/signalapp
Wire app: https://github.com/wireapp
Protonmail: https://github.com/ProtonMail
Tutanota: https://github.com/tutao
Keybase: https://github.com/keybase

Extra incentives

Financial incentive

Money is data and data is money. The attention economy lets us systematically pay – often unknowingly – with the currency data. From this perspective, end-to-end encryption is certainly cheaper than the unsafe other channels.

Furthermore, there is no financial cost involved in using the technologies. If you have an internet connection, you can communicate using them for free.

Social incentive

A chain is only as strong as its weakest link. If your loved ones don't use end-to-end encryption, they are (un)intentionally sharing data about you. And they therefore are (un)intentionally systematically violating your privacy. Privacy is a social good that we as a society must safeguard. End-to-end encryption is a form of brotherly love and concern for our democracy. If you find the step difficult individually, you for example can make the switch together with close friends or your family. That way you support each other in making the world around us a better place. This quote actually makes the point very well:

If you have nothing to hide, I can’t trust you - Anonymous

The network effect also ensures that as long as the majority of our communication remains with privacy violators, we as a society systematically endanger the weak. Which is also why it is better to choose a safer option together. This brings us seamlessly to the next incentive.

Moral incentive

There is also an ethical side to opting for end-to-end encryption. It is for good reason that privacy is the 12^th human right and is also included in the binding European treaty in this regard.

Application of the law is subject to change (often at a snail's pace compared to technology). Just ask any minority group that had to fight for its rights or is still doing so. Initially always in the margin, often outside the law. Choosing end-to-end encryption is important to their protection and their communication. Because digital oppression is very easy if other parties are always able to monitor communications. Just ask the Chinese minority group the Uighurs.

So you can also choose end-to-end encryption to protect these minority groups. In this way we together provide a kind of global herd immunity against systematic privacy violations that affect the less privileged hardest.

Personal incentive

Everyone has secrets. For example your online passwords, your bank card number or that one 'guilty pleasure’. No one knows better than you what you may not want to share with everyone. End-to-end encryption gives you that option back.

Extra Links:

Universal Declaration of Human Rights https://www.un.org/en/universal-declaration-human-rights/
Digital security manual https://watchyourhack.com/
More privacy-respecting tools Privacytools.io
Stop Using Facebook https://www.stopusingfacebook.co/

tags: Privacy - End-2-End Encryption - Thuisencryptie - Beroepsgeheim - Briefgeheim - Signal - Wire - Protonmail - Keybase - Tutanota