Jennifer Lawrence. Secretary Colin Powell. John Podesta. Amy Pascal. Ian Mellul. Are you next?
Of course I’m talking about people who have suffered personal embarrassment and potentially a loss of professional stature because of private emails being released to the public. You could add the people affected by the Panama Papers to this list, too. Unless you are totally off the grid, the news flow from leaked emails is a constant background hum in our lives right now. Which made us wonder what the luxury class may be doing in response, since they – and their entourages – are the most likely targets for such cyberattacks.
Are people sending fewer emails than they used to? Will face-to-face become the new email? Has texting become the preferred communication tool? Or perhaps carrier pigeons will make a comeback?
Are the global elites hitting delete?
We asked a few of our powerful friends if the increasing number of hacks and leaks in the past two years has affected their behavior in any way. The resounding response? Yes.
Anyone working in a large corporation, or serving on the board of one, has been aware for years of the need for heightened security online. Cyber threats are among the most-discussed topics in many boardrooms, and Chief Security Officer (CSO) is now the sexiest role in the C-Suite. Nevertheless, the past few weeks have gotten people’s attention in a way that I haven’t seen before.
A quick round-robin of conversations with some reasonably public people yielded the following insights and advice (much of it originally gleaned from their kids):
–It’s not just you, it’s your entourage. One of the lessons learned from the past 12 months of leaks is that sometimes the lead actor is the target for a cyberattack, but sometimes it’s a supporting player. The security fence is only as strong as its weakest link, as the White House learned when college-aged contractor and advance man Ian Mellul got hacked, and sensitive security details and donor information were released to the public. So whatever solution is in place for the principal had better also be in place with everyone they’re communicating with.
–More messaging apps are offering end-to-end encryption. WhatsApp, Telegram, Chat Secure, and Signal Private Messenger offer this as a standard feature, and Facebook Messenger is apparently going to follow the same practice shortly. Gliph allows you to delete a message from both the sending and receiving device anytime you want, and Wickr allows you to set an expiration date for every message, at which time it is automatically deleted.
—You need to proactively enable the encryption options on your personal email service. If you’re sticking with your current email service, you can still take steps to protect the privacy of your messages. Gmail offers encryption expansions in its Chrome store, but you have to proactively download them. Yahoo is leveraging Google’s encryption apps, so if you download them, you’re covered on both services. Outlook supports encryption right out of the box, but again, you have to proactively enable it, and the option is buried pretty deep.
–There are numerous options for encrypted email products. If you don’t have full confidence in your current email service, you can buy some peace of mind with a third party. Several start-ups launched within the past couple of years provide encrypted email via web browser and iOS and Android apps. Sendinc is designed for small business owners, and costs only $4/month. Virtru, Lockbin, Hushmail, StartMail, and Tutanota are other options to investigate.
–Consider a move to Switzerland. One of the latest third-party encryption services to debut is ProtonMail, a Swiss-based company that was launched via an Indiegogo campaign in 2014. It was in beta for almost two years, with almost one million users. Its primary calling-card, other than its ease of use, is that since the company is based in Switzerland, it is governed by Swiss privacy laws, which are far more protective of the individual than many other Western governments. Silent Circle, which is currently focused on mobile encryption, also relocated to Switzerland from the U.S. for the same reason (its core product line is called the Blackphone, which is brilliant branding).
–Disappearing messages are going to become a thing. A lot of people in the ruling class have never understood the allure of SnapChat – why send a message that’s going to disappear? Well, now they get it. A friend shared a new email encryption service that he’s trying out called Confide. Launched two years ago, the app allows you to send emails that are encrypted and that disappear as soon as they are read. If anyone takes a screen shot of your message, you’ll get an alert. I’ve been using it for a couple of weeks, and I have to say, I love it. It’s a hassle not having a record of certain communications, so it won’t work in every case. But for a quick heads-up on something, it’s awesome. The company recently added voice messaging capability, and Confide for Business facilitates sharing documents as well as messages. The app’s animation when a message gets deleted is well-done and deeply emotionally satisfying: the words in the message shatter into pieces like shards of glass, and then fall to the bottom of the screen, where they disappear. An animated explosion would be equally cathartic. No worries, your confidential message has not just been deleted – it’s been obliterated.
–If all else fails, you can buy a smartphone on steroids. Of course, for those who are not limited by financial constraints, there is always another set of options. For $14,000 you can purchase one of Sirin Labs’ Android smartphones. Launched earlier this year, the Israeli company promises that the phone provides the most advanced privacy technology on the market today. You can get yours at Harrods’s.
Consumer interest in private and secure personal communication has been growing since 2011, and it will only increase as Internet-of-Things devices proliferate and become hacking targets. Not surprisingly, in addition to numerous start-ups, the behemoths of the tech world have taken note. This spring it was reported that Google, Amazon, Facebook, and Microsoft are banding together to improve email security. Engineers from these companies and others are working on an SMTP Strict Transport Security protocol to aid in creating encrypted email connections. Meanwhile, U.S. government agency Darpa launched a multi-year contest, recently concluded, with almost $4 million in cash prizes to induce programmers to create automated digital defense systems that can identify and fix software security breaches on their own – these “self-healing systems” are the new Holy Grail.
I see no reason to wait around for these programmers to complete their work, though. Sometimes there really is no school like the old school, and humans have known how to communicate confidentially for eons. I predict that the “Mission: Impossible” self-destructing message may make a return engagement. Or perhaps invisible ink. Hand-written notes left on park benches, secret rendezvous in local bars, hand signals, code words: if it worked for the spy agencies during the Cold War, it’ll work for us now. Got something confidential to communicate? Shine the Bat Signal in the night sky, and I’ll be right over.
