It was Alex Henthorn Iwane of Wire’s article on SignalGate that attracted our interest. Wire has been part of TADS for years, here are the old CEO and CTO keynoting at TADHack in 2015.
This is a fun discussion, as Johnny made clear at the start he is a fan of Wire, he was there when they received funding from his good friend Roland Dennert of Cipio Partners. Though they are forbidden from talking with each other. We’ll find out how that came about in the next Truth in Telecoms, you know the situations Johnny seems to find himself in.
We reviewed Alex’s five key lessons from SignalGate: from risks of consumer apps to why UX and admin controls matter in secure comms.
For those in the communications industry the statements are obvious, but it’s clear that those at the highest levels of government do not understand the exposure risks of state secrets in using consumer messaging apps, and that controls must be baked into the collaboration tool to protect them. Hence why Wire is built for purpose for exactly these scenarios.
Johnny mentioned how SignalGate is an important lesson, and how the creator of Signal was having fun about the situation.
Alex provides a nice intro to Wire, it’s an enterprise collaboration platform that is built from the ground up to be secure. In the enterprise communications / messaging platforms like Skype became Microsoft Teams, Slack got started around 2009. More collaboration focused were WebEx and Zoom. They all exploded through the COVID pandemic.
They’ve become the default for many enterprise workflows. BUT they leave many things open or poorly controlled, as the providers are mining the enterprise data for their product development, AI training, etc. This results in severe weaknesses, one weakness is admins become unwitting “critical guardians”. As shown in the Disney Slack data breach, and the Rippling Deel lawsuit.
Most collaboration platforms are dangerously open. To Alex’s initial point on Wire. It must be built from the ground up to be secure.
To Johnny’s question on how does a phone number get sucked into a Signal App. It’s a click on yes to allow Signal access to your phone book. So they can see who you know is already using the app, and virally spread relevant connections to make their app stickier. This results in insecurity by design to make money as a social app.
The challenge is market education, end to end encryption means little without the baked in controls to protect groups. For example, blocking guest access, only an approved list of employees are allowed in, etc.. Zero trust and zero knowledge (servers are just transport) are key principles.
Alex highlighted an important recent development in enabling end to end encryption to scale, rather than hundreds of devices in a group there can be tens of thousands.
This is made possible by the IETF MLS (Messaging Layer Security) standard, RFC 9420, and Wire announced its general availability on their platform. Interestingly, this can be extended to post-quantum scenarios, as we’ve discussed at TADSummit with Cavero Quantum.
MLS enables a delightful security experience, which sounds like an oxymoron, but simply means the secure controls are baked into the platform. Rather held in an OpSec document, and consistently implemented by admins. Simply, Wire can now be the enterprise wide collaboration platform.
Johnny highlights the importance of educating the market on the risks of using collaboration platforms that are not built from the ground up to be secure like Wire. Wire have a free product, so there is no reason not to experiment with Wire. Some of the largest enterprises in Europe use Wire, e.g. Schwarz Group, with revenues of 155B Euro and over half a million employees.