Your Messaging Privacy is Compromised

---

By Art Burt

As cyberattacks on U.S. communication infrastructure increase, cybersecurity experts and government officials are urging Americans to secure their communications immediately. A recent NBC News article underscores this concern, highlighting the need for encrypted apps to protect against attacks like those attributed to Salt Typhoon—a hacking group linked to China’s Ministry of Public Security.

This call to action extends beyond businesses and governments. Individuals must also take responsibility for securing their personal and professional communications. Whether chatting with family or handling work matters, adopting end-to-end encryption (E2EE) is a crucial step in safeguarding your information.

This guide explains why E2EE is essential, how to secure your communication across devices, and why systemic government action is necessary to close encryption gaps.

What Is End-to-End Encryption?

End-to-end encryption ensures that only you and the recipient can access the data you send, whether it's a text message, voice call, or file. Data is encrypted at the source and decrypted only at the destination, making it unreadable to anyone in between, including hackers, internet providers, or even the app creators.

Why You Should Care

Most common communication methods, like standard SMS or voice calls, lack encryption. Messages sent via these channels can be intercepted or read by attackers. Cyberattacks like those attributed to Salt Typhoon demonstrate the vulnerability of communication networks, especially when targeted by state-sponsored actors.

If you’re sending sensitive personal information or work-related communications without E2EE, you’re putting your privacy at risk.

The Problem: A Patchwork of Security

While apps like Signal and WhatsApp have made E2EE accessible, standard SMS remains unsecured. SMS relies on outdated protocols like SS7, which were never designed for modern cybersecurity challenges. Despite technologies like Rich Communication Services (RCS), adoption has been slow due to fragmented policies and resistance from key players.

Why Governments Have Held Back Encryption for SMS

1. Concerns Over Law Enforcement Access - Governments often resist universal encryption, fearing it could hinder investigations. While this concern has merit, the lack of encryption leaves billions of users exposed to cyberattacks, espionage, and surveillance.
2. Fragmentation Between Platforms - Encryption is inconsistent across platforms. For example, Apple’s iMessage encrypts messages between iPhones but reverts to unencrypted SMS when communicating with Android devices. Meanwhile, RCS encrypts Android-to-Android communications but lacks interoperability with iPhones.
3. Carrier Resistance - Telecom companies have been slow to adopt encrypted protocols like RCS due to infrastructure costs and insufficient government mandates. This leaves users reliant on insecure SMS systems.
4. The Privacy vs. Surveillance Debate - Encryption is politicized, with some governments advocating for backdoors to allow surveillance. However, these backdoors create vulnerabilities that can be exploited by malicious actors, undermining overall security.

What the Government Needs to Do

1. Mandate Secure Communication Standards - Governments must enforce minimum encryption standards for SMS and communication protocols. This would push telecom providers and device manufacturers to adopt secure technologies like RCS or develop interoperable encrypted solutions.
2. Facilitate Cross-Platform Compatibility - Policies should address gaps between platforms, ensuring seamless encryption regardless of whether users are on iPhones, Android devices, or other systems. For example, Apple could be encouraged to adopt RCS for cross-platform encryption.
3. Incentivize Infrastructure Upgrades - Financial incentives or subsidies could encourage telecom companies to adopt encrypted communication protocols, replacing outdated systems with secure alternatives.
4. Educate the Public - Governments should launch awareness campaigns to educate users about secure communication and promote the use of encrypted apps.
5. Resist Encryption Backdoor Demands - Backdoors compromise the very security they aim to enhance. Governments should instead work with tech companies to balance privacy and security without introducing systemic vulnerabilities.

How You Can Protect Your Personal and Work Communications

Until systemic changes occur, individuals must take steps to secure their communications:

1. Use Encrypted Messaging Apps

Switch to apps that support E2EE for texts and calls:

• Signal:      Highly secure and open-source.
• WhatsApp:      Offers E2EE by default for texts, calls, and video chats.
• Telegram:      Use the “Secret Chats” feature for E2EE.

For Work: Always use company-approved apps for business communication to ensure compliance and security.

2. Encrypt Your Device

Encrypting your phone ensures your data stays safe even if the device is lost or stolen:

• iPhone:      Encryption is automatic with a passcode. Enable it under Settings >      Face/Touch ID & Passcode.
• Android:      Most modern devices are encrypted by default. Check under Settings > Security & Privacy to confirm.
• 
  

3. Be Careful on Public Wi-Fi

Public networks are prime targets for hackers:

• Avoid sending sensitive information while connected to public Wi-Fi.
• Use a VPN to encrypt your internet traffic.

4. Keep Your Phone and Apps Updated

Regular updates close security vulnerabilities:

• Enable automatic updates for your operating system and apps.
• Manually check for updates if auto-updates are disabled.

5. Avoid Phishing Scams

Be cautious of messages or emails requesting sensitive information:

• Don’t click on suspicious links or download attachments from unknown senders.
• Verify the identity of anyone requesting private information.

6. Encrypting SMS Messages Between iPhone and Android Devices

Standard SMS is not encrypted. Here’s how to secure communications:

1. Use Encrypted Apps: Apps like Signal or WhatsApp encrypt messages across platforms.
2. Enable RCS on Android: If both users support RCS, it encrypts Android-to-Android texts. Note: RCS does not work with iPhones.
3. Avoid SMS for Sensitive Info: If encryption isn’t an option, don’t send      sensitive data via SMS.

Why This Matters for You

The lack of encryption in standard SMS isn’t just a technical issue—it’s a direct threat to your privacy. While individual steps like using encrypted apps and securing your devices are critical, systemic government action is needed to address platform fragmentation and enforce encryption standards.

Your privacy matters, whether for personal or professional communications. By adopting secure practices and advocating for stronger encryption policies, you can protect your information in an increasingly vulnerable digital world.

Final Thoughts

End-to-end encryption is essential in today’s cybersecurity landscape. While personal vigilance is key, governments must do their part to close encryption gaps and protect users from cyber threats. Together, individual action and systemic change can ensure a safer, more secure communication environment for all.