Wire Blog

Why You Shouldn't Trust Unencrypted Communication Apps with Your Business Secrets

Written by Taneli Potticary | Jun 27, 2024 9:17:03 PM

In today's business world, communication is the lifeblood of any company. Whether it's sharing new product ideas, confidential competitor information, unreleased financial data, or discussing personnel matters, these interactions are vital and involve every employee. To protect such sensitive information, companies often rely on NDAs, confidentiality notes on presentations, or email footers. However, one crucial aspect they frequently overlook is the security of the communication platform itself.

 

Legal Protection vs. Strong Cryptography

Most modern business communication tools lack end-to-end encryption, meaning the companies providing these platforms can access all the content generated by their users. Typically, the only safeguard is legal—found in data protection agreements and terms of use—which can be tenuous, as we've seen multiple times over the past year.

For instance, Zoom faced backlash when it announced changes to its privacy policy that would have allowed user data to be used for AI training. The policy was only reversed after significant protests. Similarly, Slack encountered a similar situation just last week, rolling back their changes after user outcry. This highlights the fragility of relying solely on legal protections. 

Wire, on the other hand, has committed to never using user data in such a way. Crucially, with Wire's end-to-end encryption and adherence to the Zero Knowledge principle, you don’t have to take our word for it. The encryption ensures that even Wire cannot access your data, making it unusable for AI training or any other purposes.

Why End-to-End Encryption is Essential

Many messaging app providers claim to encrypt transmitted data, but this often only involves Transport Layer Security (TLS), which protects data in transit. While TLS offers some protection against external threats, it falls short against sophisticated attacks from state actors or internal threats. For example, even industry giants like Microsoft have struggled to safeguard their cloud services from unauthorized access, leaving data vulnerable internally.

TLS also lacks the verification capabilities of end-to-end encryption, which ensures that messages are received exactly as sent, preventing manipulation of critical information.

Challenges of End-to-End Encryption

Historically, implementing end-to-end encryption in a business setting was cumbersome. Setting up encrypted email with PGP, for example, was notoriously complex. Organizations had to manage encryption keys securely, relying on employees to handle them responsibly—a process fraught with potential errors.

Today, technology has evolved. Modern communication apps with end-to-end encryption handle key management seamlessly. Wire, for instance, stores encryption keys locally and securely on user devices, requiring no additional effort from users or administrators. If a device is compromised, it can be swiftly removed from the list of trusted devices, ensuring ongoing protection of conversations. Wire cannot recover any private key material, not even by accident

Multi-Device Support and Scalability

Many messaging apps struggle to provide robust multi-device capabilities, crucial for business use. Professionals need more than a browser or phone for primary communication. Wire excels here, supporting up to eight independent devices per user, with each device functioning without requiring a "primary" device to be online.

Scalability for large team sizes was another challenge. The commonly used Double Ratchet Algorithm, while secure, is inefficient for large groups as it encrypts conversations pairwise rather than to the group as a whole, causing a noticeable lag in large-group communications.

Messaging Layer Security (MLS), a new standard for end-to-end encrypted real-time communication, addresses this issue. Its tree architecture in key management ensures efficiency, even in groups exceeding 100 people. Wire plans to support up to 150 participants in an end-to-end encrypted video meeting once MLS is fully implemented later this summer. Wire has been an initiator and key contributor to MLS throughout its development in the Internet Engineering Task Force (IETF). Due to this unparalleled experience in MLS development, we will be among the first to use the standard in production environments.

In conclusion, while legal protections are important, they are not foolproof. Only strong, end-to-end encryption that is always activated can truly safeguard your business communications from both external and internal threats. Modern solutions like Wire make implementing this level of security straightforward and efficient, ensuring that your company's secrets remain just that - secret.

About Wire

Wire is dedicated to providing secure communication solutions that respect privacy and data protection. Our mission is to ensure that individuals and organizations can communicate freely and securely without fear of surveillance or data breaches. Join us in standing against Chat Control and advocating for a safer, more private internet.