CIOReview
CIOREVIEW >> Telecom >>

Officials say no, nein and not for official use to WhatsApp

Adam A. Such II, President and COO, Communication Security Group Inc.
Adam A. Such II, President and COO, Communication Security Group Inc.

Adam A. Such II, President and COO, Communication Security Group Inc.

Officials say no, nein and not for official use to WhatsApp

Despite all the official warnings and numerous articles highlighting security and privacy concerns, it seems governments around the world continue to unnecessarily expose themselves to risk by using freemium consumer messaging apps such as WhatsApp. The latest revelation came as Germany’s privacy commissioner Ulrich Kelber reminded federal ministries and institutions that use of WhatsApp was banned from official use, "even in these difficult times" presented by the worldwide health crisis.

In his letter Kelber states "Just by sending messages, metadata is delivered to WhatsApp every time," and referring to information such as IP addresses and location, "these contribute, even if only as a small piece of the mosaic, to the increased storage of personal profiles".Kelber went on to state the assumption that such data was shared between WhatsApp and Facebook, a claim the company denies.

It is clearly not just the German government falling foul of such warnings – one of the many revelations of the impeachment investigation in the US into the conduct of Ukraine policy was the use of non-approved communication platforms. Tim Morrison, the departing National Security Council’s head of Europe and Russia, expressed his consternation to the House impeachment inquiry that members of the current administration were clearly having conversations over “an unclassified cellphone or, perhaps as bad, WhatsApp messages, and therefore you can only imagine who else knew about them”.

In addition to security and privacy issues, use of these applications fails to meet the requirements to archive communications set forth in the Federal Records Act. The Act requires all electronic communication data must be archived, including social media posts, instant messaging, and mobile device communication data like Blackberry text and pin messages.

Even putting aside the issue of their own data collection, WhatsApp and Facebook are far from convinced by their own platform’s security, and are currently trying to sue the Israeli spyware company NSO Group for allegedly being “deeply involved” in the hacking of 1,400 WhatsApp users, including human rights activists, journalists and even senior government officials. WhatsApp claims the Israeli company used their hacking software Pegasus to gain “unauthorised access” to servers through reverse-engineering and evading security features. Although NSO Group maintains their innocence, their stance may not be aided by the discovery that their US Sales wing, Westbridge Technologies, have relabelled Pegasus as Phantom, and are pitching it to police forces in the US. Senator Ron Wyden reacted;“Government hacking is among the most invasive forms of surveillance – tracking someone’s movements, turning on their webcam and microphone, or accessing photos and other sensitive data on a phone or computer. These tools are ripe for abuse… Congress must conduct aggressive oversight into the proliferation of these spying technologies and their use by state and local agencies.”

Alongside these warnings, WhatsApp continues to be a target for bad actors, with recent vulnerabilities including a new Trojan called WolfRAT, targeting users in Thailand, while in Great Britain, users have been warned to be alert to fake messages about the coronavirus lockdown claiming to be from the UK government.

Simple, secure, certified communications

Cellcrypt offers a secure like-for-like user experience compared to platforms such as WhatsApp, with mobile and desktop clients that can be downloaded and in use on existing hardware in minutes. That is where the similarities end however, as Cellcrypt provides the highest level of end-to-end, certified encryption for voice, messaging, conference calling and attachments. The platform is enterprise-ready, integrates with existing IT infrastructure, and offers optional add-ons. These options include regulatory compliance auditing, private stacks that provide full management control, and secure gateways for PBX extensions.

Cellcrypt has been FIPS 140-2 certified for over a decade, with UK CESG CAPS certification dating back to 2012, and US NIAP (National Information Assurance Program) certification from 2014. Cellcrypt exceeds Suite B encryption mandated by the NSA for Top Secret communications utilizing a double wrap of AES-256 and ChaCha20-256 with key establishment using ECC-521. Cellcrypt is relied on at the most senior levels of Government around the world for its trusted security.

We are proud to have launched our Remote Work QuickStart initiative, offering our military-grade encryption with unparalleled discounts on licenses and full enterprise solutions, supporting government and commercial enterprises affected by the global health emergency. Organizations needing to transition to telework while ensuring business continuity will be able to employ Cellcrypt rapidly to lessen the strain, costs, and vulnerabilities during this emergency and beyond.

Please visit our specially set up page more information, and to learn more about how Cellcrypt is contributing our military-grade business solutions during this public health crisis.

Read Also

The New Bridges and Barriers to an Integrated World view

The New Bridges and Barriers to an Integrated World view

Brandon Beals, Director of Data & Analytics, Dot Foods
Data Literacy –What is it and Why Should Your Company Care?

Data Literacy –What is it and Why Should Your Company Care?

Lisa M. Mayo, Director of Data Management, Ballard Spahr LLP
Importance of Customer Relationship Management Implementation

Importance of Customer Relationship Management Implementation

Drew Fredrick, Vice President, Home Building Technology, Clayton Homes
Creating Momentum Along Your Customer Relationship Management Journey

Creating Momentum Along Your Customer Relationship Management Journey

Anissa Benich, Sr. Director, Enterprise Strategy and Marketing, OneAmerica
CRM and Customer Experience

CRM and Customer Experience

Ashok Dhiman, Director, Enterprise Customer Experience and Data Integration, The Hartford [NYSE: HIG]
Go Big Data or Go Home – Data Analytics-Enabled Compliance Programs

Go Big Data or Go Home – Data Analytics-Enabled Compliance Programs

Kevin Gleason, Senior Vice President, Voya Investment Management and Chief Compliance Officer, The Voya Funds & Matthew Gleason, an undergraduate computer science major, The University of Arizona