Why lawyers and their clients should use encryption
Some clients may be well advised to secure their communications with their lawyers against individuals who could do them harm (most obviously physically or financially) if the communications were illegally intercepted.
In the criminal law and confiscations law areas that I predominantly practice there are also times where clients and lawyers should secure their communications against interception by law enforcement authorities. Police have no business in intercepting lawyer/client communications, which are protected by legal professional privilege. But if Police are intercepting all a client’s communications (pursuant to a warrant or otherwise) the reality is that communications with lawyers will also be intercepted. Such communications may very well fall into the hands of investigators who may be monitoring communications in real time. Although the investigators will seldom to be able to make any direct use (ie as evidence in Court) of such communications, that does not mean their having that information is not valuable to them (and harmful to the client). For instance if Police come to know how a case is to be defended they may use that information to go and obtain evidence that they hope will counter the defence.
In the confiscations context, if a client seeks advice about potential confiscations action (before being served with a freezing notice or restraining order) Police might use that information to make a decision to freeze accounts immediately.
When it comes to dealing with the Police, text messages are the least secure form of communication against Police. They are saved by the phone company and readily reviewable.
My preferred solution – BlackBerry BBM Enterprise
For over a year now I have been using an encrypted messaging system offered by BlackBerry, called BBM Enterprise. BBM (short for BlackBerry Messenger) has been around for over 10 years. The everyday ‘retail’ version of BBM has a basic level of encryption, however the messages transmitted over it can still be seen by BlackBerry, and are thus capable of interception.
BBM Enterprise takes security up a notch. This paid service is only available, as the name suggests, to business customers. However my subscription allows anyone with the standard BBM (ie the free version easily available from the Apple App Store or Google Play) to communicate with me and we enjoy full 2-way end-to-end encryption.
BlackBerry Limited (TSE:BB), formerly Research in Motion Limited, has been synonymous with IT security for as long as anyone can remember.
BBM is no longer limited to BlackBerry devices. It also works across iPhone and Android.
Some (good) free alternatives
Wickr is certainly favoured by some, and if you want to use a standalone service that is independent of your mobile phone number it has the advantage that you can download it to a PC, register an account and be up and running straight away. You can choose your own account name and that’s what people use to contact you.
Signal requires a mobile number to register, and that is what people use to contact you. Once you have set it up on your phone you can download companion software to your PC and communicate using that (even if your phone is turned off or out of range).
I’ve done a lot of reading about both, and some other similar services. It seems to me that Signal is the one that comes out on top for security. One powerful consideration for me was that Signal is recommended by the New York Times for whistleblowers who want to report something to them. The NY Times also provide WhatsApp, owned by Facebook, as an option. Signal is built for security, not social networking. The advantage of WhatsApp is no doubt that so many people are already using it.
I have 2 reasons for preferring BBM over Signal. First, BBM seems slightly faster, Signal can experience delays in message transmission. Second, BBM has more functionality. For instance, I particularly like the ability to quote an earlier message in the chat that you want to reply to. You can also mark a particular message as urgent.
Communication using these platforms is not limited to short text message. Word documents, PDFs, photos, and voice files can be transferred on all these platforms. The desktop apps available for Wickr and Signal make them a particularly easy way to transfer files (far more securely than email).
Signal has a particularly useful feature – the ability to make real time ‘phone calls’ that are also encrypted. Whilst WhatsApp also offers this feature, metadata of the call is captured by the service in an un-encrypted fashion and stored by WhatsApp centrally.
I can be reached at email@example.com. Please note that emails to that address are only encrypted if you send the email from within Proton Mail yourself, or use my public key to email me from your existing PGP email service. Please do not email me at Proton Mail from a regular email service. It is not secure.
I can be reached (after downloading the appropriate app from the App Store, Google Play or in the case of Wickr if you prefer the Windows Store) on:
BBM Enterprise using PIN EF000355
Please note the one time encryption process can take a moment and will likely require you to send an un-encrypted message first. Something like “Hi” should do. Once the full enterprise grade encryption is working you will see a notification and the box that you type your messages to me in will have the words “Protected. Enter a message” If you see only “Enter a message.” without “Protected” it is not encrypted.
Signal or (if you really prefer) WhatsApp using my phone number +61 417 921 300
Wickr by my username ewg4cpca