Network Security

Confide in me! Encryption app leaks sensitive info from Washington DC

An encrypted messaging app called Confide is being used in Washington DC by White House staffers to leak embarrassing or sensitive information.

 

Since US President Donald Trump's inauguration, a steady stream of leaks have been provided by the White House including reports of national security adviser Michael Flynn's unauthorised talks with Russia.

 

On Thursday, US President Donald Trump vowed to prosecute leakers. “We are looking into this very seriously. It's a criminal act,” Trump said. He has reportedly ordered an internal investigation to identify how sensitive information about his calls with foreign leaders and national security matters made their way to the press.

 

Messages sent via the Confide app are automatically deleted, leaving virtually no paper trail.

 

According to Jon Brod, cofounder and president of Confide, once messages are read, they vanish without a trace. “The message is gone forever, it's deleted from our servers, you can't archive, print it, save it, cut and paste it. Again, just like the spoken word, it disappears,” Brod said.

 

“The message self-destructs so I can't go back in and try to piece together a number of screenshots into the actual message, and it notifies both the sender and the recipient that a screenshot was attempted,” Brod continued.

 

White House staffers, and possibly other government officials and business executives, worried about being caught leaking information to the media have adopted this app.

 

“They are likely violating the law if they are revealing that information through any means, whether it's through an email or through a disappearing chat app,” said Carrie Cordero, a former national security lawyer at the Justice Department.

 

Confide's privacy features won't totally protect leakers since it still requires them to register their identities.

 

“Sometimes these apps give users a false confidence that they will never be able to be traced,” said Cordero. “And although the communication in this particular app might disappear, that doesn't mean that the user is necessarily not able to be traced in any way.”

 

Some security researchers are doubtful about Confide's cryptography since the app is not open-source and may use old protocols. Confide's encryption is closed source and proprietary, so no one outside the company knows what's going on within the app. The encryption protocol is based on the PGP standard and the app's network connection security relies on “recommended best practices”.


“One key is always, do you make code publicly available that's been audited where features have been inspected by the security community so that it can arrive at some consensus,” says Electronic Frontier Foundation legal fellow Aaron Mackey. “My understanding with Confide, at least right now, is that it's not clear whether that's occurred.”

 

Since its inception in 2013, Confide has seen a spike in usage after key security events took place such as the “Celebgate” scandal, the Sony Pictures hack in 2014, the Russian group leak of thousands of emails belonging to the DNC in 2016 and, of course, the 2016 US presidential election.

 

Using an encrypted messaging app such as Confide can pose legal concerns. It is the user's responsibility to make sure they abide by the law and use the app strictly for personal communications.

 

According to the company's website, Confide is translated into 15 languages and is currently used in over 180 countries worldwide.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.