End-to-end encryption for organizing groups

This post has more questions than answers.

At TA3M Seattle and Seattle Privacy Coalition I’ve been pushing for the use of a better communications platform. Email is not a sound decision anymore. PGP is too high an expectation, even for privacy advocates because too many things can go wrong and it doesn’t scale when communicating with stakeholders (people without PGP). I’m trying to find a better way.

What doesn’t work

E2EE (end-to-end encryption) is a requirement for better communication, including metadata. PGP doesn’t protect metadata. StartTLS helps protect some metadata, but when 5 or 10 (or more) people are emailing each other, not even privacy advocates are going to check the StartTLS status of each recipient.

OTR (off the record) encrypted messaging, typically used with Jabber/XMPP, is not a solution either. Like IRC, people are not going to stay logged in to a service, so not all messages are going to be delivered to all stakeholders.

What might work

I’ve been focusing on using TextSecure/Signal. It’s not perfect either. It has modern E2EE, most importantly for group messaging. It’s open source and the mobile apps are free to download.

TextSecure/Signal have downsides, but I don’t think they’re disconcerting for the groups I’m involved with. Each participant has to share their TextSecure/Signal number with everyone else, and for most people this means sharing their real cell number. While members can be easily added to a group conversation, anyone group participant can add anyone else, but this is also a benefit. More importantly, group participants cannot be removed, they have to voluntarily leave. Another thing to keep in mind that I discovered by accident is that creating a group on your TextSecure/Signal device, even if you don’t send any messages, automatically creates that group “discussion” on each participants device. Be warned!

Another TextSecure/Signal drawback is that it is for short-form text communications. Email can’t be completely abandoned since long-form writing is often necessary.

Importantly, TextSecure/Signal messages, even if just for communicating project statuses or meeting details, will reach each group member, and they don’t have to reply or acknowledge the information. It will be on their device for when they need it.

Please email or tweet at me your suggestions or concerns!