Skip Navigation
BlackBerry Blog

Are WhatsApp and Signal Secure Enough for Confidential or Secret Communications?

Are consumer level encrypted communication tools like WhatsApp and Signal secure enough for your organization’s confidential data? And how about secret military or government communications? I’m repeatedly asked these questions. The answer is, it depends both on what you need and what you expect.  
 
In my role, I work with militaries, all seven of the G7 governments, eight of the ten largest banks and half the Fortune 100. These organizations have something in common: they’ve realized that limiting espionage and sensitive data loss due to intercepted communications is a key element of holistic cyber defense. As a result we are engaged in constant discussions about BlackBerry® SecuSUITE® our secure communication platform.  
 

The Difference Between Consumer Encryption Apps and BlackBerry 

What is the difference between consumer grade apps and something like SecuSUITE? Well, I recently appeared on a Land Forces 2024 podcast, where host Grant McHerron asked me about this. Keep reading for a portion of our dialogue or listen to the complete interview for yourself.


Podcast Host:
Now, let’s discuss something about secure comms that we all know about. WhatsApp — or personally, I prefer using Signal. That's just me. But you said something the other day when we were chatting that these apps...are not as secure as we might think.

My response: Well, when we look at Signal and look at WhatsApp, they both use the same cryptography. And there is nothing wrong with that cryptography! However, cryptography is just a small portion of the secure communication challenges you need to address.

Additionally, when you talk about the most sensitive communications for militaries, for executives, for foreign affairs and parts of the government — they need to have something where they have control over the system. 

Control means several things. For one thing, it means understanding where the data resides, they need to know they have control over the computing architecture or environment of that system. And even more importantly, they have control over the users.

In this case, by control, I also mean they're specifically authorizing people to be part of that secure communication network, whereas with a Signal or WhatsApp, you self-register. This leads to a lot of the issues around identity spoofing, identity fraud and worrying about deep fakes. Anytime you have an open system where people self-register that is very high risk. 

And then another part that comes into that is, it's one thing — and it's important — to encrypt the conversation strongly, whether you and I would talk over the phone or through messages. But there's also all the associated metadata information, who's calling whom, who's messaging whom and for how long? 

I'm sure you've seen the police movies where they start drawing the strings on the board with all the connections? That's exactly what metadata is. Recognizing the value of that from an intelligence perspective, we actually encrypt that data as well and put it into a tunnel so that it’s not visible to anyone else but the actual customer. Therefore, an adversary cannot capture and harvest the metadata. 

Podcast Host: Let's say I'm, for instance, a large corporation. I want to make sure I'm securing the comms between my executives. How do we go about getting that set up? How does BlackBerry go about making sure that my data is in my country, not on a server somewhere in North America, or the world or things like that? I mean, you're Canadian, so we like you and all that kind of stuff, but how do we ensure this?

My Response: We provide two approaches, let’s begin with the first one. Normally, if it's a commercial organization, we're going to provide software as a service (Saas), a cloud-based system. And one of the key things about the data is we don't store the customer's data in our system. It's just there on a temporary basis while the message is delivered and then it's gone. 

At the government level, and for some of the organizations like those in critical infrastructure, some of those highly regulated organizations, we actually provide the ability for them to deploy the back-end system in their own cloud and their own data center, and so there's no connectivity to any BlackBerry networks or storage or anything at all in that sense. We have a discussion with each customer asking about their risk level and regulatory requirements, and then based on that we'll help them with the right deployment method.

[Read The Case Study: How Conflict International Utilizes BlackBerry SecuSUITE In Its Global Operations]

The second approach we take is to focus on the actual people using the system. If they write a message or they send a document, then they own and control that document. They control the lifecycle, so even if it's a year down the road, they can pull that document back or they can pull a photo back.

And that's a fundamentally different model than you get with a consumer system like Signal or WhatsApp. The model there for consumer apps is, you might be able to temporarily edit or change something for a few minutes or a few hours, but once you give somebody data, it's their data. Our BlackBerry SecuSUITE model is different. What’s sent is the company's data or the government's data — and the person that's making the decision to send it — can control it and pull that back. 

How to Learn More About BlackBerry SecuSUITE

Organizations around the world have trusted BlackBerry for secure and efficient communications for nearly 40 years. Today, we don’t make devices, but we can secure them all with our secure communications software and tools incorporated into BlackBerry SecuSUITE. Having high security voice and messaging for iOS® and Android™ is possible around the clock and around the globe with BlackBerry. 

Join the world’s largest and most secure organizations who use BlackBerry SecuSUITE to defend against espionage and interception attacks. Reach out for a conversation or learn more here

For similar articles and news delivered straight to your inbox, subscribe to the BlackBerry Blog.
David Wiseman

About David Wiseman

Vice President Secure Communications, BlackBerry

David Wiseman is the head of BlackBerry's Secure Communications business unit, providing secure mobile voice communications for North American governments, with responsibility for sales, marketing and partnerships.