18 December, 2024
U.S. cybersecurity officials are advising people to use encryption in their communications after a major hacking campaign.
Federal officials released a list of security suggestions for U.S. telecommunications companies that were targeted.
The advice includes one suggestion that everyone can use: “Ensure that traffic is end-to-end encrypted to the maximum extent possible.”
End-to-end encryption, also known as E2EE, means that messages are protected so that only the sender and receiver can see them. If anyone else gets the message, all they will see is disordered information that cannot be understood without the key.
Law enforcement officials had until now resisted encryption. This resistance is because the encryption means the technology companies themselves will not be able to look at the messages. In addition, the companies will not be able to respond to law enforcement requests to turn the data over.
The Associated Press (AP) recently offered some ways that normal people can use for end-to-end encryption :
Texting
Officials said the hackers targeted the metadata of a large number of people. That included information on the dates, times and recipients of calls and texts. The hackers also got to see the information from texts from a much smaller number of people.
If you are an iPhone user, information in text messages that you send to someone else who also has an iPhone will be encrypted end-to-end. Look for the blue text bubbles which mean that the messages are encrypted iMessages.
The same goes for Android users sending texts through Google Messages. There will be a lock next to the timestamp on each message to show that the encryption is on.
But there is a weakness. When iPhone and Android users text each other, the messages are encrypted only using Rich Communication Services (RCS). That is a common method for messaging that has replaced the older SMS and MMS methods.
Apple notes that RCS messages “aren't end-to-end encrypted, which means they're not protected from a third party reading them while they're sent between devices.”
Samsung, which sells Android smartphones, also indirectly described the issue in a small area at the bottom of a press release last month. Samsung said about RCS, “Encryption only available for Android-to-Android communication.”
Chat apps
To avoid getting caught out when exchanging texts, experts recommend using encrypted messaging apps.
Privacy supporters are big fans of Signal, which uses end-to-end encryption on all messages and voice calls. Signal is an app that is run by an independent nonprofit group based in Mountainview, California. It promises never to sell customer data. The group has also made its source code publicly available so that it can be examined by anyone “for security and correctness.”
Signal's encryption method is so respected that it has been included into competitor WhatsApp.
End-to-end encryption is also the normal mode for Facebook Messenger, which like WhatsApp is owned by Meta Platforms.
What about Telegram?
Telegram is an app that can be used for one-on-one discussions, group chats and broadcast “channels.” But Telegram does not use end-to-end encryption normally. Users have to turn on end-to-end encryption. And Telegram's end-to-end encryption does not work with group chats.
Cybersecurity experts have warned people against using Telegram for private communications.
Making calls
Instead of using your phone to make calls through a wireless cellular network, you can make voice calls with Signal and WhatsApp. Both apps encrypt calls with the same technology that they use to encrypt messages.
There are other choices. If you have an iPhone, you can use Facetime for calls, while Android owners can use the Google Fi service. Both are end-to-end encrypted.
However, with all these choices, the person on the other end will also have to have the app.
WhatsApp and Signal users can choose the privacy setting they want in the settings. Such choices include hiding an IP address during calls to prevent your general location from being guessed.
I'm John Russell.
Kelvin Chan reported on this story for the Associated Press. John Russell adapted it for VOA Learning English.
______________________________________________
Words in This Story
encryption – n. changing something (such as data) into a code
hack – v. to gain illegal access to a computer network, computer system, phone, etc.
extent – n. a degree, point, or limit to which something goes to
key –n. information that permits a computer application to un-encrypt a message permitting the receiver to read it
metadata -- n. data that gives information about other data
recipient – n. someone who receives something
text (message) –n. a short message sent through a computer program from one person to another which can contain a written message, links or pictures
app (application) –n. a computer program that is designed to do one task or several linked tasks