by Anthony W. Accurso
While many people in the U.S. see their government as nosy, but largely benign when compared to oppressive regimes such as North Korea or Iran, the people of Ukraine and Russia are learning hard lessons about the importance of secure messaging, especially when it concerns the most popular mode of communicating—cell phones.
Cell phone traffic is inherently insecure, at least compared to internet traffic, much of which is now encrypted between sender and recipient. While network protocol updates have somewhat improved security on cell networks since widespread use of 2G, the newer protocols (3G, 4G, and 5G) still do not provide end-to-end encryption (“E2EE”) of messages. The later protocols might protect a person from snooping by motivated neighbors, but they provide little to no protection against malicious hackers, companies, employees, law enforcement, and other government agencies.
Currently, Russian forces operating in Ukraine have been intentionally destroying 3G and 4G towers—because 5G was pending deployment there—while sometimes sparing (highly insecure) 2G towers that they can more easily monitor.
The Russians are also deploying cell-site simulators in Ukraine. These devices can accurately pinpoint the location of nearby cellphones while also intercepting text messages, internet requests, and sometimes even voice calls. The Electronic Frontier Foundation (“EFF”) has asked Google and Apple—the companies responsible for nearly all mobile device platforms—to provide an option for users to disable 2G network access. Only Google has implemented this feature so far, though few devices in Ukraine are likely to get the update any time soon.
A more secure option than traditional voice calls and texting involves using a messaging app that provides the same features but also uses E2EE. The EFF recommends apps like WhatsApp, Facetime Audio, Theema, Wire, Viber, and Signal. All of these apps will prevent government-level snooping on message content and, to a large extent, metadata (information about when and with whom you communicate).
However, a recently obtained FBI document reveals that governments can (and do) compel these companies to provide information on their users, with products from Apple and Facebook (WhatsApp) being especially likely to provide significant information, possibly including message content. So far, Signal is the safest of the bunch, as the company keeps very little data on its users that it can be compelled to reveal—limited to the date/time an account was created and the last date on which it was accessed.
Of course, all of these apps can be used over traditional internet connections instead of just cellular networks, making them more robust than traditional calls and texts.
Users will have to decide on the level of privacy and security they need to mitigate risks unique to their circumstances, largely based on which adversaries they are seeking to avoid or oppose. An E2EE-enabled app may be the best way to go when communicating, or it may be best to simply turn off the phone for maximum security.
As a digital subscriber to Criminal Legal News, you can access full text and downloads for this and other premium content.
Already a subscriber? Login