In today’s digital landscape, safeguarding personal information and online security is paramount. Although many messaging apps tout open-source code or sophisticated encryption, the reality is that absolute security remains elusive, and no messenger can guarantee it. Recent developments have intensified the debate around free speech and security in the digital age, particularly highlighting the ongoing tension between privacy advocates and government authorities. These situations raise pressing questions about the future of secure messaging, privacy, and the extent to which governments can control digital communications.
To delve deeper into these issues, we spoke with Egor Alshevski, the CEO and founder of InTouch AG. Alshevski, a dedicated businessman and philanthropist, has invested heavily in his mission to create a completely secure messaging platform. However, as the project progressed, it became clear that the challenges were far more complex than initially anticipated, rendering such an attempt currently impossible.
Q: Egor, thank you for joining us today. Let’s dive right into the core issue: Is it possible to create a 100% secure messenger?
Egor Alshevski: It’s a common misconception that with enough technology and effort, we can achieve absolute security. The truth is, creating a 100% secure messenger is impossible. While we can implement sophisticated encryption, rigorous security protocols, and continuous monitoring, there will always be vulnerabilities. These can come from various sources—whether it’s a software flaw, a hardware issue, or even the ever-evolving tactics of cybercriminals. The landscape of threats is constantly changing, and so too must our defenses, but we must acknowledge that no system is impervious to attack.
Q: Governments worldwide have been known to impose pressures on tech companies regarding access to encrypted communications. Can you talk about how this affects the development of secure messengers?
Egor Alshevski: Absolutely, government intervention is one of the most significant challenges we face. Governments have a range of tools at their disposal, from legislative measures to technical surveillance. For instance, Australia’s Telecommunication and Other Legislation Amendment (Assistance and Access) Act 2018 essentially mandates that companies create backdoors in their encryption or weaken their security protocols when requested by law enforcement. This kind of legislation directly undermines the very foundation of secure messaging.
A particularly concerning example is the draft of the EU Child Sexual Abuse Regulation proposal. While the intent behind this proposal is to prevent the dissemination of child sexual abuse material, it would essentially break encryption by requiring service providers to scan all communications for illegal content. This means that even end-to-end encrypted messages would be subject to scrutiny, effectively nullifying the privacy protections that encryption is supposed to provide.
Recent events underscore the growing pressure on tech companies to comply with government demands for access to user data. Advocates for privacy and free speech, who resist government attempts to gain backdoor access to encrypted communications, increasingly find themselves in precarious positions. These situations not only highlight the risks faced by those who stand firm against such demands but also raise serious concerns about the future of privacy and freedom in the digital age. The willingness of governments to exert control over digital communications and challenge those who oppose backdoor access poses significant questions about individual freedom and the right to privacy.
Additionally, legal orders like those enabled by the USA PATRIOT Act and the CLOUD Act compel companies to disclose user data, even if it’s encrypted. We’re essentially caught between a rock and a hard place—comply with these laws and compromise user privacy, or resist and face legal repercussions. It’s a delicate balance, but one that we are committed to navigating in a way that prioritizes our users’ privacy as much as possible.
Q: You mentioned technical surveillance earlier. What are some of the methods governments use to bypass encryption, and how do these impact user security?
Egor Alshevski: Governments use highly advanced techniques to access communications, even when they’re encrypted. For example, they might employ GSM ID tracking, which allows them to monitor mobile devices and intercept communications directly. There are also methods like device exploitation, where vulnerabilities in a device’s software are used to gain access to data, bypassing encryption entirely.
Then there’s the issue of metadata. Even if the content of a message is encrypted, metadata—such as who is communicating with whom, when, and for how long—can still be accessed. This information can reveal a lot about a person’s communication patterns and can be used to track and monitor them. So, while encryption is crucial, it’s not a silver bullet. Governments have a variety of tools to gather information without directly breaking encryption.
We might need to start thinking about how we can develop more sophisticated anonymization techniques and create protocols that resist metadata analysis. Educating users on how to minimize their metadata footprint could also be part of a broader strategy to enhance privacy.
Q: What would you advise users to do to enhance their security?
Egor Alshevski: It’s crucial for users to stay vigilant and proactive about their digital security. One key step is to regularly update the software on their devices, including firmware, operating systems, and apps. These updates often contain critical security patches that protect against new vulnerabilities.
For those who are particularly concerned about privacy, using a messenger that periodically publishes its source code can be an added layer of assurance. However, even this isn’t foolproof—there have been instances where different versions of code were uploaded to platforms like the Apple Store, potentially compromising security. It’s important to remain informed about these risks and adopt best practices to safeguard your digital communication.
Q: Let’s talk about the technical side of things. Many messengers rely on open-source code and end-to-end encryption for security. What are the strengths and limitations of these technologies?
Egor Alshevski: Open-source code is often praised for its transparency, allowing anyone to inspect the code for potential vulnerabilities. This is a strength because it enables independent security audits and builds trust among users. However, the downside is that this same transparency can be a weakness. Malicious actors can also inspect the code, identify weaknesses, and exploit them before they’re patched. And let’s not forget that the security of open-source projects depends on a community of developers who may not always catch every flaw.
End-to-end encryption (E2EE) is another critical component of secure messaging. It ensures that only the sender and recipient can read the message, protecting it from third parties, including the service provider and government agencies. However, E2EE is under constant threat from legislation aimed at weakening or banning it. Side-channel attacks, which exploit vulnerabilities outside the encrypted communication channel, and metadata leaks are other risks that can undermine the security provided by encryption.
Perhaps what we need is a more proactive approach to community engagement in open-source projects, ensuring faster responses to vulnerabilities. We could also look into enhancing encryption algorithms and incorporating more comprehensive safeguards against side-channel attacks and metadata leaks. Continuous innovation in encryption is crucial if we’re to stay ahead of emerging threats.
Q: Artificial intelligence (AI) and machine learning (ML) are increasingly being integrated into security protocols. How do you see AI and ML impacting messenger security, both positively and negatively?
Egor Alshevski: AI and machine learning (ML) have tremendous potential to enhance security by analyzing vast amounts of data to detect suspicious activity, predict threats, and automate monitoring processes. For example, AI-driven algorithms can identify patterns that may indicate a security breach, allowing for rapid intervention before significant damage is done. ML, in particular, can help systems learn from past incidents and continuously improve their defenses against emerging threats. This can be particularly useful in preventing data breaches and other security incidents.
However, the misuse of AI and ML is a significant concern. These technologies could be used for mass surveillance, manipulating public opinion, and even creating secret government profiles on individuals based on their online activities—everything from messaging to social media to purchasing history. The ethical implications are profound, and there’s a real risk of eroding privacy rights. As we integrate AI and ML into messaging platforms, we must do so carefully, with strong safeguards to prevent their misuse.
Q: Given all these challenges, what is the future of messenger security? Is there hope for balancing security and privacy?
Egor Alshevski: The future of messenger security lies in finding a balance between protecting individual privacy and addressing legitimate security concerns. It’s an ongoing challenge that requires constant innovation and dialogue among technologists, policymakers, and civil society. We need to continue developing and refining technologies like encryption, AI, and ML while advocating for legislation that respects privacy and freedom of expression.
However, we must be realistic. While we can make significant strides in enhancing security, the idea of a 100% secure messenger is a myth. There will always be vulnerabilities, and the threat landscape will continue to evolve. Our focus should be on minimizing these risks as much as possible and being transparent with users about the limitations of our technology. Only through a collaborative, multi-faceted approach can we hope to create a secure digital environment for everyone.
For media inquiries, please contact s@exclusiveprs.co