There’s No Shame In Security: E-Discovering the Use of Ephemeral Messaging


secure ediscover

Chris Howell, Wickr CTO
June 3, 2019

The great irony of my professional life is that after accumulating experience related to information security and risk management, and then helping create a product that helps people secure their most sensitive communications, the biggest criticism I hear is that Wickr may be too secure. Not in a way that you might expect, though. They don’t complain that we’ve made the product so secure it’s unusable (a.k.a. hugging the puppy to death), or provided security in a way that’s ridiculous, implying that people prefer to be careless with their communications. Rather, these critics mean it in the sense that using a secure communication app could make others wonder why they need that level of security, as if the only reason someone would need security would be for some nefarious purpose. Ugh.

Now picture me cast into a sea of lawyers last week at the 13th Annual National Institute on E-Discovery (https://www.americanbar.org/events-cle/mtg/inperson/349368751/) in Chicago to participate in a panel discussion on managing ephemeral communications. I should digress a bit and mention that ephemeral communication (i.e. communicating via messages that delete automatically) is one of the two main concerns that “It’s too secure” critics have related to Wickr (the second being end-to-end encryption itself, but that’s a topic for another day). Their logic flows as follows:

  1. What users “say” using ephemeral messaging can’t be saved forever
  2. The same is true when users say bad things
  3. Only users who want to say bad things will use it

That’s a real head scratcher for me, but anyway — back to me in a sea of lawyers talking about E-Discovery and ephemeral messaging.

I wasn’t sure what to expect. E-Discovery being largely about collecting data and ephemerality being about limiting the amount of data there is to collect, I was prepared for pretty much anything up to and including a dodgeball game. There were many impressive legal minds in the room with piles of expertise in matters of discovery and electronic communication — I was basically the tech guy. What I got out of it inspired me and motivated me to write this post.

There was quite a bit of discussion around what one can expect when examining an ephemeral messaging application for records of previous communications. We discussed the wide differences in technical implementations among the various products and the impact those differences have on the prospect of recovering data. Some products take ephemerality fairly lightly (purely for the fun of it), and may simply remove messages from view instead of deleting them from the device. Others take it fairly seriously (as a security control), and take significant steps to render messages unrecoverable. Either way, it’s a fairly binary thing — either data can or cannot be recovered.

That’s when things got really interesting. What about a company’s decision to use ephemeral messaging in the first place? Remember what I said about the “It’s too secure” critics? Is using ephemeral messaging an attempt to avoid having the conversation recorded? Well yes, of course. Is there necessarily anything wrong with that, though? No. Is engaging in a phone call — a technology that also has no default capability to record conversations — viewed the same way? Of course not, which showcases how ephemeral messaging is unfairly maligned, at least in the minds of some. Technically speaking, a text message sent through an app is no different than a spoken word sent through a phone. Both are converted into data that travels through a series of wires and systems to another app or phone, where it is converted back to text or sound. The only difference is whether we expect that it will be recorded, and those expectations are shaped by history alone — not logic, and not ethics. The phone system could have been built to record all conversations that took place, but it wasn’t, so we don’t expect it, nor do we shame people for not recording their conversations. Conversely, many of the earliest and widely adopted text messaging systems incorporated a transcript, so we’ve all come to expect one, and we feel obligated to create one, even when security experts warn that we do so at our own risk.

Of course there are cases where all communication must be recorded, such as if there are regulations in effect, and we all agreed that doing anything to avoid this kind of legal surveillance would be wrong. Many attendees were excited to learn that Wickr’s Enterprise products provide compliance capabilities, including the ability to archive message content from all or just selected users to a central repository. To them, this was big because it meant that enterprises don’t have to choose between ephemeral messaging, which satisfies their security team, and compliant messaging, which satisfies their legal department. They can have both. Mandates for surveillance aside, I think it makes sense that if two people are legally permitted to have a phone call or in-person conversation without it having to be recorded, then they should also be permitted to have an ephemeral text messaging conversation without it having to be recorded.

In the end, it was a great discussion in Chicago and I got a lot out of what my fellow panelists and attendees had to say. My fears of having to contend with a room filled with many well educated “It’s too secure” critics were unfounded. This group of legal professionals approached the topic of E-Discovery and ephemeral messaging very rationally, fully aware of the risks that it was designed to address. What that says to me is important: there’s no shame in security.

The consensus view on moving forward was that ephemeral messaging should exist in the context of an overall enterprise data retention policy. Data retention policies are written to mitigate the risk posed by data that exists beyond its useful life. Ephemeral messaging is just another tool for executing these policies.