Secure Messaging Scorecard

With the prevalence of internet surveillance, ensuring secure communication via phones and computers has become a priority. Numerous companies offer "secure messaging" products, but the effectiveness of these systems remains a question. To assess their security, the Electronic Frontier Foundation (EFF) has launched the first phase of its Campaign for Secure & Usable Crypto.

This initial phase focuses on a scorecard evaluating various messaging tools based on security best practices. Future phases will provide in-depth analyses of the highest-scoring tools. The scorecard results should not be interpreted as endorsements or guarantees of security but as indications that specific projects are progressing in the right direction.

Privacy and security experts have advocated adopting strong, open-source cryptography to protect digital communications for years. Edward Snowden's revelations have confirmed widespread government surveillance, raising concerns about the interception of unencrypted communications.

Despite these concerns, encryption tools remain underutilized by the general public. The primary barriers are security and usability. Many user-friendly applications, such as end-to-end encryption and open-source code, lack essential security measures. Conversely, highly secure tools often present usability challenges, such as complex installation procedures, account setup difficulties, and inadvertent communication exposure due to user error.

In collaboration with Julia Angwin of ProPublica and Joseph Bonneau from the Princeton Center for Information Technology Policy, EFF is leading a campaign to promote technologies that combine robust security with ease of use.

Secure Messaging Scorecard

The Secure Messaging Scorecard evaluates numerous messaging applications against various security best practices. This campaign focuses on communication tools, including chat clients, text messaging apps, email services, and video calling platforms. These are essential tools for everyday communication, and ensuring their security is crucial.

The assessment includes widely used technologies that handle significant amounts of sensitive user data and smaller organizations pioneering advanced security practices. The goal of the scorecard is to encourage innovation and widespread adoption of strong cryptographic measures for digital communications.

Methodology

The evaluation criteria for the security of communication tools are as follows:

1. Encryption in Transit
   Communication must be encrypted during transmission across all communication links. Data encryption within a provider’s network is not required, though it is preferable. The encryption of metadata (e.g., usernames and addresses) is not a requirement.
2. End-to-End Encryption
   All communications should be encrypted to prevent service providers from accessing the encryption keys. Encryption keys must be generated and stored at the user endpoints, never leaving except through explicit user actions such as backups or key synchronization. Public key exchanges through centralized servers are permissible.
3. Identity Verification
   A mechanism must be in place for users to independently verify their correspondents' identity and the communication channel's security, even if the service provider or other third parties are compromised. Acceptable methods include:
   • A feature allowing users to view and manually verify their correspondent’s public key fingerprint.
   • A key exchange protocol utilizing short-authentication-string comparisons, such as the Socialist Millionaire’s Protocol.
4. Forward Secrecy
   Applications should support forward secrecy, ensuring that past communications remain secure even if encryption keys are compromised. This requires the use of ephemeral encryption keys that are regularly deleted. Once a user deletes their correspondence, it should be irretrievable. This criterion depends on the implementation of end-to-end encryption.
5. Open-Source Code Review
   The source code must be publicly available for independent review, allowing security experts to identify potential vulnerabilities, backdoors, or structural issues. The entire tool’s encryption-related code must be accessible, though operating system vendors must only disclose code relevant to the messaging tool itself, not the OS as a whole.
6. Cryptographic Design Documentation
   Clear and comprehensive documentation of the cryptographic design should be available, ideally in the form of a white paper for professional cryptographers to review. It should detail:
   • Algorithms and parameters used in encryption and authentication.
   • Key generation, storage, and exchange mechanisms.
   • Key lifecycle management, including revocation procedures.
   • Security properties and threat models, including scenarios where the protocol may be vulnerable.
7. Independent Security Audit
   A security audit must have been conducted within the past 12 months, covering both the application's design and implementation. This audit should be performed by an independent and named security entity. While public disclosure of audit results is not mandatory, verification that an audit has taken place is required.

By applying these evaluation criteria, the Secure Messaging Scorecard aims to drive improvements in messaging tools' security and usability, fostering greater adoption of strong cryptographic practices in digital communications.