Wickr co-founder and CTO Chris Howell was recently on the panel for a webinar entitled Ephemeral Messaging: Balancing the Benefits and Risks. He was joined by Guillermo Christensen, partner at Ice Miller LLP, Honorable Judge Patrick Walsh, U.S. Magistrate Judge C. D. California, and Philip Favro, Consultant at Driven, Inc.
As the name suggests, the panel discussed ephemeral messaging, its benefits and risks, and where the ephemeral messaging debate will take us in 2020.
The Rise of Ephemeral Messaging
While considered a new technology for some, ephemeral messaging can be described as simply bringing back communication norms of the past. Verbal communication, in general, is ephemeral — it happens, and then it ceases to exist. For example, when you pick up the phone and converse with the person on the other line, you don’t generally keep a record of the conversation. Additionally, just because you communicate without keeping a record of the conversation, no one assumes that the conversation is suspicious.
When digital messaging came to the forefront, we suddenly believed that every conversation needed to be recorded indefinitely. And with that belief came the idea that if someone didn’t want the conversation to be permanently recorded, the conversation topic must be nefarious in nature.
Ephemerality gained popularity as apps like Snapchat hit the scene, but apps like that aren’t really indicative of the benefits of ephemeral messaging. As Chris Howell said, “It’s not about a gimmick of making a message disappear when it shows up on a device — we’re talking about looking at it from a very basic security level… Messages that are no longer needed on a device are really a security risk.”
Right to Privacy
As our lives have increasingly moved online, privacy has been drastically diminished. As Internet companies continued to provide more services, we blindly continued to agree to the terms — which almost always includes surrendering your right to privacy altogether.
“We looked at ephemeral messaging — and just secure messaging overall — as kind of a rebellion against the growing abuse of the user,” Howell explains. “If you think of a lot of Internet services that are out there, you are really trading your privacy and security for some sort of a free service, and messaging apps were notorious for that for a very, very long time.”
Additionally, email is increasingly becoming a security risk. As Howell pointed out, the 2019 Verizon Data Breach Report showed that the median company received over 90% of their detected malware by email. And this prevalence of malware delivered via email crossed over all sorts of industries, from retail and finance to healthcare and manufacturing.
Acknowledging the risks inherent in email, business leaders are starting to look for communication apps with end-to-end encryption and robust security protocols, like Wickr. Howell noted, “Business leaders are looking at it and saying that we need to de-risk our communications… and if it includes ephemerality, all the better.”
Protect Against Data Breaches
Additionally, businesses are finding that storing vast data banks of information sets them up for a breach that could potentially harm many people. As Guillermo Christensen said, “You don’t want to keep information that you don’t need — getting rid of it is a good data governance principle”
As an example, Christensen referenced hotels that keep credit card information for thousands upon thousands of guests, long after they have a use for the information. “Most of that information did not need to be kept past a certain point, and ephemerality in that context is very helpful.”
Ephemerality and Compliance
One hurdle that many businesses need to navigate is how to combine secure messaging with regulations and compliance guidelines. Many think that in order to be compliant, you could never use an ephemeral messaging app.
At Wickr, we know that you don’t need to compromise security for compliance. As Howell pointed out, “We spend a lot of time on our business platform not only providing ephemeral communication capabilities, but also compliance capabilities.” Wickr is fully customizable to meet any regulatory requirements that your industry requires.
However, there are still some industries that employ a blanket ban on ephemeral messaging solutions for compliance reasons. As Howell says, “Products such as Wickr — where we can support ephemeral messaging but at the same time centralize compliance — that does… adhere to the FCC regulations. And from a security perspective, it kind of gives you the best of both worlds, where the risk is highest on people’s devices — they are liable to lose it… (and) the messages will disappear — but from a compliance/regulatory standpoint, there is a record of all of the trades that happened and all of the negotiations.” By thinking outside of the box, Wickr has found ways to prevent data from being available to bad actors, but also safekeeping it for regulatory reasons.
The Future of Ephemerality
While ephemerality is gaining traction in many industries — and certainly among cybersecurity experts — there is a significant portion of the population that still associates ephemeral messaging with bad intentions or shady dealings.
However, progress is being made, and people are increasingly understanding the benefits of ephemerality — both logistically and from a cybersecurity standpoint. As Hon. Judge Patrick Walsh said, “I think 5 or 10 or 15 years from now, people are going to be comfortable with ephemeral messaging; they are going to understand it has a good function. The more breaches there are of people’s emails and their servers, the more judges and prosecutors and government regulators are going to say… not everybody who uses ephemeral messaging is a crook. In fact, almost no one who uses ephemeral messaging is a crook — they are using it for different reasons.”
We at Wickr certainly hope that ephemeral messaging loses its stigma and that people start to understand its usefulness in regular business communications. Communication isn’t meant to stay around forever — it never was. Additionally, ephemerality protects your information from getting into the wrong hands. After all, if someone is able to breach your network — but there is no information there — they have essentially done nothing.