The Case for Encrypted Messaging but with a Catch

More and more the mainstream media is starting to get the word out. Using SMS messaging is not a great idea. It's basically the same protocol that has been around since texting started in the late 1990s. It's not secure or private. Your telecommunications provider can likely see everything you exchange over SMS.

With the large market share of iPhones in the US, that concern is mitigated since iMessage uses end to end encryption. But there are plenty of Android users who have friends with iPhones. And the messages exchanged between iPhone and Android use old SMS (until just recently when Apple started supporting the newer RCS protocol, but that is not encrypted either). Apple is largely to blame for this. They have consistently resisted expanding iMessage outside their ecosystem, even if Android users would be willing to use an alternative messaging app to communicate with their iPhone friends.

There is no better example of this than the story of Beeper Mini back in December 2023. When I learned that they had a way to send those blue bubble messages to my wife (who has iPhone), I jumped on it. I was even willing to pay their subscription. It only lasted about one day before Apple unapologetically shut Beeper out. They continued to do so over the course of several weeks until Beeper had to finally give up. Apple claims that it posed a security risk, but as the FBI has recently made very well known, the bigger risk is using SMS, which Apple effectively was forcing upon their customer base. Apple's answer was for people to buy an iPhone so they can use iMessage. In other words, Apple sees corporate profits are more important than customer privacy and security.

It's good to see the FBI's efforts now, but one thing about their message doesn't make a lot of sense. They want citizens to stop using unencrypted SMS/RCS because they have evidence that hackers with connections to the Chinese government are actively hacking US Telco networks and potentially accessing these unsecure messages. Instead, people should switch to encrypted platforms (i.e. WhatsApp, Signal, Facebook Messenger). While this is commonplace in other countries, I still think it will take a while to convince the masses of US iPhone users to switch messaging platforms. The part of the FBI's message that is confusing is they want people to use platforms that are "responsibly" encrypted. Meaning that they want the tech companies that support these platforms to change them so that law enforcement can still access messages with a warrant or lawful court order. They argue that bad actors can hide unimpeded with full end to end encryption slowing down law enforcement efforts to catch these individuals and thus create a less safe society.

It should be glaringly obvious, but I'll say it anyway. If these companies are forced to build back doors into their systems so that law enforcement can spy on their users, then how is that more secure? I get they want to get these bad people off the street, but they are basically asking you to forfeit your privacy for safety. There could be a compelling argument to be made there. But, if you are sacrificing privacy, you are also sacrificing security as well.

The companies could build processes to prevent the unauthorized abuse of access, but the mere fact that a hole exists means it can and will be exploited. Cyber security has always been a cat and mouse game. Hackers will figure out some way to exploit the system. If law enforcement can access it, so can they. And it wouldn't necessarily be hackers. Someone working for a tech company or law enforcement could become compromised and compelled to use their authority to unlawfully access user data.

The FBI wants to have their cake and eat it too. But you can't have it both ways in this situation. They must have a really compelling reason to raise such an alarm when they could have let it alone and continue to spy on our unencrypted SMS/RCS messages. In reality, criminals who want to conceal their activities are just going to use end to end encrypted platforms regardless. If WhatsApp builds a back door, they will use Signal. If Signal did the same (which I doubt), some other platform would take its place. In this day in age, the criminals who use regular unencrypted SMS/RCS are the dumb ones, and I doubt the FBI would have many problems finding some way to catch them even if they moved to end to end encrypted messaging.

I really hope in the end there is a mass adoption of secure messaging and communication. I don't think the risk of having a digital backdoor to our communications is worth the safety benefits. If anything, it only creates more risk.