David Wiseman [00:00:00]:
It’s digital sovereignty, and what we mean by that is we control the data. We control that communication system. We control who’s in our environment, but we’re still able to leverage the global networks that are in place providing connectivity to people around the world. It’s gotta feel like a consumer app. But behind the scenes, it’s gotta be a system for government where they have control over the users. Are you actually communicating with who you think you are? I think from a UI, UX perspective, it’s like a never ending cycle. And that’s normal, and that’s good for innovation, but it also reinforces why you shouldn’t use the same tools for your personal communications that you use for your official communications, any of these apps, you know, Telegram, Signal, WhatsApp. As I mentioned earlier, they’re public registration, and that means it’s very easy for people to go in and spoof identities.
Karissa Breen [00:01:02]:
Joining me today is David Wiseman, vice president, secure communications at Blackberry. And today, we’re discussing the eroding trust in consumer messaging app. So, David, thanks for joining, and welcome.
David Wiseman [00:01:26]:
Thank you, Karissa, for speaking with me today and the opportunity to to speak with your audience.
Karissa Breen [00:01:31]:
Okay. So, David, let’s just so on the same page, what might be good is just give a little bit of context around BlackBerry. What are you guys up to these days as people may have a different version in their mind? And I just wanna be clear from the get go so people are aware what it is that you’re sort of doing day to day.
David Wiseman [00:01:51]:
Sure. BlackBerry is actually doing the same thing we’ve done for forty years, which is securing critical communications for governments and people around the world. That includes NATO, the five eyes, all of the g seven. But the fundamental difference is we don’t do that in hardware anymore. We don’t make phones. It’s everything we do is with software. So we’re providing those capabilities on Apple phones, on Android devices. At this point in time, there’s all the uncertainty in the world.
David Wiseman [00:02:20]:
You know, there’s a bigger and bigger drive for, digital sovereignty, both at a individual level and certainly at a national level. And even as people are using large tech platforms and the devices from folks such as Google and Apple, BlackBerry is providing them that digital sovereignty through our software on those devices. So you can have the benefit of big tech, but the security that people always trusted BlackBerry for. And as a result, we really can focus on how do we stop eavesdropping, how do we stop the interception of communications on mobile devices and networks, which is particularly relevant now with the SALT typhoon attacks in The United States and other countries in recent months. And then also the very recent risks that have come to be seen by people around consumer messaging apps, things such as Signal and WhatsApp, and the risk that those introduce. And those are the areas that, you know, Blackberry today focuses on providing protections to our customers around.
Karissa Breen [00:03:23]:
Okay. So there’s a lot of things I wanna speak to you about, and I’m cognizant of time because I wanna be able to I don’t wanna skim over details because details are really, really important. So going back to digital sovereignty that you mentioned before, so give us a little bit more context around that, obviously, because of geopolitical tension is rising, etcetera. What give us a little bit of context around what you’re seeing in, like you said, the AUKUS and the Five Eyes Alliance, etcetera.
David Wiseman [00:03:51]:
Yeah. What we’re seeing is that governments there’d been a bit of a trend to move official communications onto consumer consumer platforms. And people said, hey. These are end to end encrypted platforms. This will give us good security. But then there’s quickly the realization that they now have lost control over where that data resides, how that data is transmitted, who’s actually running and managing the systems. And and so, therefore, with some of the things we’ve seen in the recent attacks, the recent data leakages, and we say recent, but there’s a long history of this happening for many years, that there’s a drive now to say, how can we be more sovereign in our communication systems? And so it’s digital sovereignty, and what we mean by that is we control the data. We control that communication system.
David Wiseman [00:04:42]:
We control who’s in our environment, but we’re still able to leverage the global networks that are in place providing connectivity to people around the world.
Karissa Breen [00:04:52]:
Okay. So now I really wanna get into addressing the the elephant in the room. Recently in the news, there was that US sort of signal group chat leak, which has been in the headlines, etcetera. So I don’t wanna go too much into that, but it’d be good in terms of just getting your view and your perspective on that.
David Wiseman [00:05:10]:
Yeah. And and it’s not really a single country issue. You know, we we’ve seen, you know, the recent issue in The United States, but it’s happened to other places and other countries as well. But it just continued to raise the awareness in the world of a big risk to national security is when you’re using consumer grade applications, things like Signal, WhatsApp, Telegram to share sensitive information. And it’s not that these are bad apps. It’s not that they’re not secure. But the problem is they’re not allowing you to segregate your personal communications from your official communications. So it becomes very easy for people to, you know, by mistake, you know, add the wrong person to a chat group.
David Wiseman [00:05:51]:
By mistake, to paste and forward information to someone who is not who they meant to send that information to. But also back to the sovereignty point, these are systems that, you know, organizations and governments actually have no control over. So at the end of the day, you know, this government information, if you’re going through those systems, you don’t know where it’s gonna end up. You don’t know who’s managing those systems. And as a result, you know, it’s it’s just not appropriate, and you’re gonna have continued, you know, problems. And that’s why BlackBerry focuses on, you know, giving the capabilities to government, to organizations to have that same type of, you know, quick, easy messaging communication, but doing it in a much more sovereign, controlled, and then to the day, secure manner. And security is more than just encryption. It’s also identity, and it’s also having access to records so you can be compliant with, you know, Freedom of Information Act request and these types of things.
Karissa Breen [00:06:51]:
Okay. So just a couple more things on that. So you said before, like, you know, adding the wrong person to the group chat. Like, that was that was an accident. These things do happen time to time. So talking just on signal for a moment, in some you know, obviously, I do a lot of, you know, intel people, etcetera. And do you think that it just became more ubiquitous amongst the sort of intelligence community to be like, hey. Like, we’re gonna use signal.
Karissa Breen [00:07:10]:
We’re gonna talk on there. And I think when Facebook slash meta, like, you know, purchased WhatsApp, like, a lot of people that I speak to are like, oh, I’m not messaging on WhatsApp anymore. I’m gonna be leveraging Signal more so. So do you think that people there’s just been a little bit more of an uptake for Signal more specifically in that community?
David Wiseman [00:07:28]:
I think so. And part of it is just it’s the next phase of the consumerization of IT. Right? But the challenge here is whenever you have a public registration system, and whether it’s signal, whether it’s WhatsApp, you no longer can have confidence that you’re really communicating with who you think you’re communicating with. And while, you know, some people in intelligence community may feel, hey. This mass global community people in in a sense is giving me a sense the opportunity for obscurity for my communications. You really have to balance that with the risk of identity and no control over that identity. So I think that’s where the pendulum’s swinging back a little bit that, you know, yeah, that that was seemed like a good idea, but it’s becoming clearer and clearer to us that it’s introducing risks that we hadn’t fully appreciated.
Karissa Breen [00:08:19]:
So do you think as well, David, that people sorta don’t really think about it? And what I mean by that question is, for example, like, when you turn the light on at home, the light just turns on. Like, no one, probably nowadays, is really thinking about the mechanics and how it works and all of that type of stuff. Maybe back in the day when it was first invented, but not so now. It just sort of works. Do you think that sort of same mindset is towards these messaging apps as well? Like, it well, I can just message David on there and it’s somewhat secure, then that’s good enough for me.
David Wiseman [00:08:47]:
Oh, I think that’s definitely part of the mindset. And and the other part of it is that people feel like security can be difficult. Right? And there’s a history in the past of having secure communication devices. You you mentioned working with people in the intelligence community and the military, and and often these devices were difficult to use. And so, you know, people say, hey. This is an easier alternative. And so one of the things BlackBerry is focused on is, you know, how can we provide the security the governments need? How can we provide the sovereignty and control over the systems? But hide that from the end user because if people are gonna use it and they’re gonna adopt it, it’s gotta be really simple. And and I think that’s a lesson that’s, you know, governments are learning that, you know, whatever capabilities we provide that meet our governmental needs, they also need to be appropriate for the end users and feel like a consumer.
David Wiseman [00:09:41]:
Yeah.
Karissa Breen [00:09:42]:
Okay. So that’s interesting that you said before, like, difficult to use. So I’ve got a security background historically myself and then moved into this media side of it. So what we’ve often seen in security, as you would know, is like it’s like, hey. I’m gonna make this thing so difficult, but, like, no one can then leverage it. And that’s how things like shadow IT, etcetera, start to to be created within the in the organization or or governments because it’s just too hard because security’s architected in a way where we we can’t even there’s no usability. So how do you sort of balance and I know this is a hard question to answer, but I wanna get your view from a BlackBerry perspective. How do you sort of balance the the equilibrium between, hey.
Karissa Breen [00:10:19]:
They need to be secure. But, of course, we need people to use it or us as sort of counterintuitive by that point.
David Wiseman [00:10:24]:
Yeah. Absolutely. And and it’s it’s not really a technology thing. It’s more understanding the use case and what the sensitivity of it and what type of people are gonna need to do certain communications. And thinking about it is is a spectrum from, hey. Everyday communications, we really should have some level of protections around these, and I wanna be confident who I’m talking to, but I just wanna do it on my, you know, just regular phone. And there, you know, technology plays a big part. It’s you know, the policy is very lightweight.
David Wiseman [00:10:53]:
You know? Keep in mind what you’re talking about, to whom, you know, and where. Right? And then the other extreme is I wanna have, you know, classified level discussion, secret level information. And at that point, you know, people need to have the expectation that there’s gonna be a lot more controls and policies in place on how they can use these systems. And so I think the mistake that has been made in systems. And so I think the mistake that has been made in the past is any system go all the way to the right hand of the spectrum and try to lock it down fully, whereas that’s probably just a very small percentage of the use cases. You know, a lot of them are just bring your own device, be aware of what you’re doing, but most government works somewhere in the middle with some level of policy, some level of control. And you need to pick that right spot in the spectrum where people will say, okay. I know how sensitive whatever I’m working on is, and the tools they’re giving me and the policies they’re applying are appropriate for that, and then they’re more willing to do the adoption.
David Wiseman [00:11:53]:
So you really align with how you configure and how what rules you put in place with how people are using it in certain situations.
Karissa Breen [00:12:01]:
So how sort of is BlackBerry then sort of addressing that problem? And, I mean, there’s couple of things in there that you mentioned, like, you know, the the whole BYOD, especially if there’s contractors or people that are doing sort of off book sort of, like, intel projects that people don’t even know about, etcetera. So it’s sort of hard now. And the lines have been blurred, and we all sort of know that, which is making a little bit harder than the traditional four walls. What are your thoughts then around that? And how do you sort of do this with the intent of, like you said, we need to be able to the usability, we need to adhere to the policy, but also needs to sort of be secure as well.
David Wiseman [00:12:31]:
Yeah. So our approach on this is from a pure communication space, you know, you wanna call people, you wanna message people, you wanna share files. That that just needs to be a very simple, easy to use process. Find the people you wanna communicate, share with them. Did they read it? They reply to their messages. It’s gotta feel like a consumer app. But behind the scenes, it’s gotta be a system for government where they have control over the users. Are you actually communicating with who you think you are? They’ve got control over the data for things like records compliance in the back end.
David Wiseman [00:13:06]:
And, obviously, you have the encryption and that you need to feel high level of confidence that the information is gonna be appropriately protected. But take that baseline and put it on to just a regular phone, and and you’re, you know, you’re pretty far ahead, you know, where where you might have been in the past. But then one of the other things BlackBerry does is gives management capabilities for devices. And whether that’s a BYOD device where all we’re really managing is that secure communications to a government issued device where where then we are managing what app other applications people use, how they use those applications. We have that tooling that allows you to turn and dial those knobs to the appropriate level. But the important part is we started out with ease of use. It’s sitting on top of very high levels of security that, you know, the users don’t even realize are there. And so, you know, there’s not that learning curve resistance.
Karissa Breen [00:14:04]:
So, Debbie, the other thing that’s coming to my mind as you’ve been speaking and I literally had this conversation yesterday with someone, obviously, in media. Like, we’re sitting across multiple different angles, vendors, etcetera. One of the things that we don’t often hear about, I have to be honest, is definitely, like, mobile stuff. And if you look at I think every week, everyone gets that notification on our phone, like, how long we’re spending on our phone. It’s it’s probably could be a lot more than our laptop nowadays. So do you think that sort of mobiles and then obviously messaging apps, which is on a phone, do you think it’s sort of been a bit a little bit relegated perhaps? Like or it sort of just not popped up from nowhere, but people are so focused on, like, you know, protecting the laptops and, you know, our network and etcetera. But mobile and then to your point, like, like, messaging apps has just it hasn’t sort of been there in terms of, like, the focus that I’ve noticed out there.
David Wiseman [00:14:54]:
Yeah. I I agree with you, and and and I think that’s starting to change. I mean, on mobile, for example, companies, government agencies have, you know, had a long history of, like, how do we securely deliver email to our employees. Right? And so there’s a lot of effort that’s been put into that, but that’s really just taking how they did it on a laptop and and replicating it as much as possible to a phone. And it’s the same communication channel, so people are comfortable with that as an end user for your business email. But the messaging grew up, you know, from the consumer side, and then people just started using it more and more for business because they’re on their mobile device. It’s too much trouble to boot up your laptop that you don’t have the laptop with you. And and so it’s become kind of a reactive thing where, you know, organizations are coming back now and saying, they can’t say don’t use messaging, but they need to give people an alternative because that’s basically a preferred platform.
David Wiseman [00:15:53]:
And and that only accelerated, you know, with all of the work from home, things that happened coming out of the pandemic.
Karissa Breen [00:15:59]:
The other thing is as well, like, when I work in an enterprise, they would give you, like, the second phone, for example, because it’s got MDM, etcetera, for for this purpose. But then I just used to resort back to my original phone because every I’ve had this number literally for, like, twenty plus years, and I don’t I couldn’t even remember the other issued work phone as well. So I just used to resort back to my personal phone, which then sort of goes around the whole problem because, again, like, I didn’t wanna carry two phones. I’d forget it. When people ask me about my mobile number, I wouldn’t couldn’t remember it because I only remember my own personal number. So are you seeing that in terms of, like, behavior of people as well even if they are issued a work phone?
David Wiseman [00:16:39]:
Yeah. There there’s a big desire by people to to just have one device. Right? So how can I have one device that does my work as well as my personal and does both appropriately? But there’s something you said that I wanna drill into a little bit, and you were talking about how long you’ve had your phone number. And the reason I bring that up is when you start talking about a mobile centric world, the phone number is the identity. And as a result of that, once you know someone’s number, that identity association is probably gonna be good ten years from now even. So one of the risk we see is the collection of metadata and the scooping up of information about who’s communicating with whom means that adversaries know a fair amount about any particular person. And maybe as their career grows, as their role changes, and the sensitivity of what they do changes, it becomes really easy to target people on mobile, and you start to get the spoofing attacks. I’m sure you get text and WhatsApp messages all the time of, hey.
David Wiseman [00:17:40]:
Hadn’t talked in a while. What’s up? Or, you know you know, people trying to pretend they know you, and sometimes even the numbers feel familiar. Right? So people actually leverage the fact that you’ve had your number forever and probably will have it forever as a vector of attack. And that’s one of the other things that, you know, Blackberry really works on in terms of the identity is, you know, how do we let people have their numbers and not force them to learn a new number, but still be able to start to provide much higher levels of security for messaging.
Karissa Breen [00:18:14]:
Yeah. This is interesting because, like, I’ve spoken about this on the show before, and it’s like, you know, telcos have got some some responsibility in this. Right? But then they’re like, oh, well, it’s not us because it’s like, you know, we’re not issuing, like, necessarily, like, the phone device technically. So then it just gets like there’s a bit of that gray area as well in terms of, like, where the responsibility starts and then ends effectively. So do you think that as we sort of move forward now that this this problem will sort of start to get ironed out in terms of who’s sort of responsible for what, who’s who’s securing what, etcetera?
David Wiseman [00:18:47]:
I don’t think you can assume that it will because what what we’re seeing now, you you mentioned the telcos and where their line of responsibility is. So many of the services that people use now are over the top that, you know, the telco is just a pipe at that point. So they actually have very little control over, you know, over those systems and and very little control of, you know, monitoring them in a sense. Once you move beyond, you know, an SMS and MMS you know, type of thing, you move to an over the top messaging service. And it’s not really clear that it’s in the business interest of, you know, the large, you know, consumer IT companies to do a lot in that space. I mean, they’ll do some. But if they go too far, then just the next new company will come along, and it’ll have the shiny or new toy, and it’ll feel easier to people. And they’ll just switch over that.
David Wiseman [00:19:36]:
So it’s like a never ending cycle. And that’s normal, and that’s good for innovation, but it also reinforces why you shouldn’t use the same tools for your personal communications that you use for your official communications, particularly, you know, if you’re working in the government. And the pace and the change that happens on those official communication tools needs to be much more controlled, but it can’t be so controlled that it starts to feel old to people. So, you know, so there’s kind of a new balance and new expectation on how quickly tools need to evolve for people to keep using them, and that applies both to consumer things that you use in your daily life as well as to, you know, the tools that your organization’s providing you for communication. So it kinda the standards and the expectations of people have changed from when they were just doing all this on their laptops.
Karissa Breen [00:20:31]:
So when you say feel old to people, do you mean, like, from a UI, UX perspective? Or
David Wiseman [00:20:36]:
Yeah. I think from a UI, UX perspective and then also from a, you know, functionality perspective that, you know, just a very simple example now that, you know, everyone expects I should be able to share my location with somebody on where I need you know, from a map and tell them where we should meet up. Right? And you tap on that, you get walking directions. You know, that’s kind of a basic thing now that, you know, people expect.
Karissa Breen [00:21:00]:
So I wanna sort of go into now a bit more specifically on, like, signal, WhatsApp, more of the additional challenges perhaps that people just don’t think about, and what are you sort of seeing on that front? I know before you mentioned you could have different tools for your work slash, you know, government role versus your personal, but I wanna get into this a bit more because I think this is really interesting, and I just don’t think enough people are really actively thinking about it.
David Wiseman [00:21:25]:
Yeah. That’s that’s a great area to dig into a bit. The first thing I would say is, you know, people talk about end to end encryption, and that means I’m secure. I would say end to end encryption is just the starting point. And what do I mean by that? I can have an end to end pipe, encrypted. It’s gonna be very hard for people to listen to my conversation, but it doesn’t do me any good if I’m talking to the wrong person. So that’s the per first thing. You know, any of these apps, you know, Telegram, Signal, WhatsApp, as I mentioned earlier, they’re public registration, and that means it’s very easy for people to go in and spoof identities.
David Wiseman [00:22:00]:
And if you’re a serious adversary of foreign intelligence service, you can become very sophisticated in the way you do that. And I talked earlier about, you know, people have their numbers for a long time. What that means is that if you’re a sophisticated adversary, you actually have communication patterns. You know when people make calls. You know when they message. You know when they talk to certain people. So that means that you can take the identity spoofing and you can tailor it to be even more effective because now you’re gonna be communicating with someone, pretending you’re someone else at a time of the day when they expect it or at a pace of communications that feels right to them. So they’re more likely to fall into that.
David Wiseman [00:22:40]:
So that whole identity thing, it it people don’t think about that enough. And and and we saw that in the recent signal one where, you know, I accidentally added the wrong person, but you can cert the Russian intelligence, Google put out a recent report, where they’ve been actively using those tools so people actually didn’t feel like they added the wrong person. They thought they added the right person, but it wasn’t really that person. The second thing is around the metadata and who’s messaging whom and who controls that, and there’s two aspects to that. There’s the privacy aspect. If you look at, for example, Meta, their terms and conditions say, hey. We’re gonna encrypt your voice call, but we’re gonna take all the metadata and use it for business purposes. So you probably had that weird experience where you’ve talked to somebody and messaged them in WhatsApp about a particular topic, and all of a sudden you see an Instagram ad, they didn’t have to read your message.
David Wiseman [00:23:34]:
They knew who you were talking to. They knew what that person had been searching on on the Internet. Probably a good chance that, you know, similar of interest to you and use that to drive ads. But then the other part of it is from the actual government or even an industrial firm, they have a responsibility to keep records. Hey. Who do we communicate with when, particularly in regulated industries? And there’s a big gap when you start to use the consumer systems that people aren’t realizing, or maybe they are realizing it and they kinda like it, but it’s not appropriate that the whole record compliance, you know, methodology starts to fall apart. So, you know, so those are kind of some of the the the big areas. And then the third area is sovereignty of from a personal perspective of, do you really know who’s where your information is going? Who has access to it? You know, a pretty big topic that, you know, people haven’t thought about enough.
Karissa Breen [00:24:30]:
Okay. This is really interesting. I really wanna get into the identity side of things and the the spoofing example. So just so I have this right. So it’s basically you’re obviously in The US. I’m in Australia. Hey. I messaged you on signal.
Karissa Breen [00:24:42]:
Hey, David. You know, great chat, you know, on the podcast, etcetera. But you’re saying now it’s getting to a point where I think I’m messaging David Wiseman on signal, but it’s actually not you.
David Wiseman [00:24:53]:
Correct. And there’s actually a Google threat research report. They you know, I mentioned they, you know, they had identified an attack by some Russian intelligence agencies where they actually used some of the features of signal specifically and how you could link it to your desktop to basically intercept the communications and take them over. So you actually initially established a correct connection to me, but then they intercepted it and they take over that communication stream, and you’re not even aware of it, that someone’s using your account. So that’s kind of that’s the one extreme. But the, you know, the other extreme is I just go create accounts, and it’s easy to spoof a phone number. It’s easy to spoof an identity. And I get you you know, I start you off on a conversation from the beginning.
David Wiseman [00:25:39]:
It’s not the right person.
Karissa Breen [00:25:40]:
So for example, I’m a media. You could easily rip my photo off the Internet and pretend it’s some WhatsApp account of me. It’s like using certain parlance. Perhaps I would use, like, referring to KB rather than Carissa, perhaps. Like, maybe people would think that. But to extend a little bit more, would you also say, like, for example, the certain vernacular or certain slang words that Australians use or Americans use that perhaps would give you that indicator. But, again, you’re not really sort of looking for that unless it’s really, really obvious. But are you seeing people get caught out just on that, or you’re seeing people notice to be like, hey.
Karissa Breen [00:26:15]:
This definitely isn’t David. It sounds like a suspect, David. Or do you have any sort of insight on that?
David Wiseman [00:26:21]:
Yeah. And that kinda gets to this topic that’s pretty hot right now about deep fakes. Right? And and I think even in Australia, you know, some politicians have intentionally volunteered and had deep fake videos made and things like that. But this kind of this emergence of all of this metadata and data mining capabilities being combined with the AI capabilities, and there’s a lot of risk around that that make these deep fakes, you know, more and more effective. But I wanna go back to the salt typhoon attacks that, you know, became public in The US in November. I don’t know if you recall those, but it turns out that basically all of The US telecom networks had been infiltrated. And in real time, a third party was monitoring all that information, collecting who’s communicating with whom, but even being able to listen into phone calls and read text messages. And they particularly targeted political candidates and people close to those political candidates.
David Wiseman [00:27:23]:
But but that’s pretty scary, and it’s a big shift because we’ve had situations over the past decade where phone companies or others have lost records, but that was always retrospective. Hey. I lost this calling record. Now someone’s gonna go mine it and have their own, you know, nefarious purposes. But now it’s bedded in the network. It’s real time. And it’s not only who you’re talking with when in real time, but they know how you talk. They know how you text, putting that into an AI model that almost in real time, it turns around and reaches out to you, and you’re expecting to hear from me because we’d already had four messages back and forth today.
David Wiseman [00:28:02]:
And the tone is perfect. Right? And it’s on topic. And once that trust is established, then you start to evolve the conversation to extract information that’s what that you want. And I think, you know, the AI tools are you know, particularly now that these have access to all of this source communication information, doesn’t matter probably five years from now. Probably your tones are similar. Once you have that information out there, you know, these attacks are gonna be more and more effective.
Karissa Breen [00:28:31]:
Okay. So just to press on a little bit more, do you call people on, like, signal out? Because I often do, and the reason for that is they’re overseas. So I think a lot of people in The US, UK, etcetera, Netherlands, so it’s just easier for me to call them on there. So going back to, like, the whole spoofing of the identity, that still work, or do you think it’s even that sophisticated as, like, a deep fake KB boys, for example? But that I mean, that seems really, like, extreme. It would have to be sort of a very, very targeted attack. But what are your thoughts then on that?
David Wiseman [00:29:02]:
So I think it’s certainly possible. And, you know, as I mentioned, the the Google threat intelligence report on that Russia was doing on signal, It was that very purpose. Basically, they were able to insert themselves into all of the conversations and listen. Right? Now, obviously, they’ve got particular targets of interest, but I think, you know, that list could be pretty broad, and they might wanna collect as much information as they can because maybe in the future, you know, someone has an even more important role and and and, you know, they wanna roll back to that information. So I think it’s certainly possible. I think the bigger risk is around some of the organizations or the apps that are using the metadata aspects for business purposes because there’s all kinds of third parties and people that have access and even can subscribe to services around those. There are services out there right now where you can sign up and basically listen in to people’s you know, it says it’s basically, spoofing as a service, hacking as a service. You know, for a monthly fee, they’ll intercept and let you listen in to WhatsApp calls, for example, or read those messages.
David Wiseman [00:30:10]:
So who knows, you know, why someone might target a particular person? But if they want to, it’s not that hard right now to, you know, to basically take over their communications.
Karissa Breen [00:30:21]:
So you mean any sort of WhatsApp? You could just say, hey. Here’s the number. Let’s let’s let’s see what’s going on in there.
David Wiseman [00:30:27]:
Yeah. There’s there’s websites out there where they offer that as a service. No.
Karissa Breen [00:30:30]:
Okay. This is really interesting. So let’s so government, obviously, you know, for national security secrets, all of that. But then what about then on the enterprise? So IX Bank, so at times, we would catch people doing insider trading because they would communicate on, like, Microsoft link about some deal or trade that they were working on. So do you see that becoming a thing then as well if they were to listen in on someone’s call or WhatsApp or whatever in terms of, like, insider trading? Or where where do you see that heading?
David Wiseman [00:31:00]:
I think economic espionage, both at a government level and a corporate entity level, is is only gonna increase. And, you you know, it could be, hey. You wanna, you know, front run a trade that someone’s doing. You may be competing on a very large contract, and you wanna understand what your competitor strategy is. It may be I’ve got factories in foreign countries, and you wanna listen in and extract, you know, IP about their production processes. There’s a lot of reasons, you know, from a a business perspective beyond the obvious ones of, you know, just protecting personal information about your customers and your employees.
Karissa Breen [00:31:39]:
So do you think it’s just gonna potentially go full circle back to the the olden days of meeting people in person? Or, like, obviously, you you can’t because we’re working across, like, you know, different countries and regions, so I understand that. But do you think it’s gonna get to a point where it’s like, can’t even trust this at all? Or what what where do you see that heading then in the future?
David Wiseman [00:32:01]:
Yeah. Well, I think right now, people, for the most part, just assume their communications are safe, and I think we really need to change that mindset. And and I think what’s gonna happen is people are gonna become more selective about what types of methods they use to communicate in the future. And and and it might move away from this, you know, just total social openness to much more private communication networks. And, you know, maybe everything isn’t appropriate, you know, to be, you know, a Google chat on the Internet at this point. Right? And and I recognition of that, you know, I think is already happening at the government level. Let’s kinda pull back that control. But I think over time, that’s gonna happen at the personal level also, and people may have a whole series of applications that they use to talk to particular people just so that there’s not an aggregate view available to someone of their communications.
David Wiseman [00:32:56]:
So it’s kinda like, you’re not meeting in person, but I’ve got this private way to talk to you.
Karissa Breen [00:33:00]:
Got it. So before we go into the metadata, just one other thought as well as as you were speaking is going back to the whole end to end encryption.
David Wiseman [00:33:08]:
Mhmm. Do you
Karissa Breen [00:33:08]:
think that sort of just you know, when people see the word organic, they just automatically they think, oh, it must be good because the word’s organic on there. Whether it is or it isn’t, it’s a different conversation. But do you think that sort of assurance from an end to end encryption is sort of there for people as well?
David Wiseman [00:33:21]:
Oh, I I think people assume, you know, end to end encryption, it’s safe. However, assurance is the keyword there. Right? How do you know even if the company that’s saying that means well, how do you know it’s actually implemented correctly? How do you know they haven’t made a mistake? How do you know you’re act they’re actually doing what they say they’re doing? And that’s where certifications become important, particularly for corporate entities, particularly for government agencies that they need to actually see certifications that have been done by other government agencies around the world to back up that encryption. And that’s one of the things that BlackBerry invests very heavily in for our secure communications, our system called SecuSuite, that we actually have multiple five I governments that do security validations as well as, like, NATO and Germany and other org countries and organizations, and they independently validate it and make sure that, you know, things are implemented correctly. And as a result, they say, hey. This can be used for classified information in our country or sensitive information in our organization.
Karissa Breen [00:34:27]:
Okay. So, David, I wanna now move on to the whole metadata side. I think the one against a bit more. So what do you think people just aren’t aware of when it comes to metadata?
David Wiseman [00:34:36]:
How valuable it is. And by valuable, I mean, it becomes the tool that is the basis of a lot of cyberattacks and and how easy it is to, in a sense, get access to the metadata and how rich that information set is. You know, I’ll go back to WhatsApp, for example. You know, you can go into WhatsApp and you can download the data they have, and it’s gonna tell you who you’ve talked to, what groups you’re in, where you’ve been at different points in time, all this information. And that information is available and actively used by Meta to sell advertising. But the bigger risk there is that information is available for other people to steal. And, you know, you don’t actually have to listen in to our conversation to get a good sense of what we’re talking about. If you notice changes in communication patterns and, hey, what time and what other people are now being roped into the conversation, you can learn a lot about a person, about an organization, about a government just from that metadata.
David Wiseman [00:35:37]:
And and people have probably seen the police movies. You know, you have the wall, you got the string, the little pins, who was here, who was there, and they use that to solve the crime. That that’s that’s metadata.
Karissa Breen [00:35:47]:
But do you think as well, though, David, this is the only I’m hearing is, like, with, okay, all of these breaches. People are saying, like, oh, well, I didn’t care because at all, I’m already you know, with the whole Medibank and Optus and, you know, x y zed, the next breach is they’re gonna hear in the future. You think people are just becoming desensitized? People are gonna say, oh, well, David, who cares? So what? Are you hearing a little bit of that? I mean, maybe on a consumer front, but less so government. But what are your thoughts there on that? Because everyone’s like, you know, well, I’ve got my whole Facebook out there, and all my kids are on there, and, you know, my whole my whole life’s out there. What where do you think now in terms of do you think people just have given up on the whole sort of privacy, etcetera, or where’s the head at?
David Wiseman [00:36:25]:
Yeah. Maybe they feel that way, but I’m not sure they’re gonna feel that way when all of a sudden there’s a thousand dollars missing from their bank account. Or, you know, I don’t think they’re gonna feel that way if you’re a politician. All of a sudden, you’re on the front page of the paper for, you know, leaking very sensitive information that, you know, called in front of the legislature. But I think people are gonna look at what they do and say, okay. What are the actual things I do care about, and how can I be more careful about protecting that information? Already, a lot of people intentionally don’t put pictures of their children out on Instagram and stuff like that because, you know, they’re worried about what are the future implications to sharing that information. So I think there’s already a start of that in in kind of the public mindset, but I think that’s gonna continue to evolve. And it’s really gonna be people are going to, compartmentalize about, hey, what I’m willing to share and and what I wanna be a lot more careful around.
Karissa Breen [00:37:18]:
And would you say people are becoming a lot more cognizant of what they share versus what they are not sharing, for example?
David Wiseman [00:37:23]:
I think so. And I think it’s two parts to it. Part of it is I I run into a lot of people now. They’re like, oh, just, you know, call me because I’m taking a social media break for a while. Right? So there’s that, you know, overall, just take a break from it. But then I I do think I see a lot of people now, you know, using just auto expire messages and and things like that just so they don’t intentionally bill you know, at the end of the day, that data’s out there, but at least the long term history is not easily accessible to everyone. So I think more people are kinda defaulting to, you know, short term data visibility.
Karissa Breen [00:37:58]:
Yeah. That’s interesting. What about those, like, disappearing messages, for example? Do you think that they actually, in reality, really disappear, or they’re just stored somewhere, but you visibly can’t see it in the chat, for example?
David Wiseman [00:38:07]:
Well, I think they they they’re stored somewhere, and the data might eventually be written over. But, you know, there’s lots of you know, if you if you talk to people that are into digital forensics, if it it was ever on disk, there’s a good chance they can recover it.
Karissa Breen [00:38:21]:
So given everything that we’ve discussed today, which is a lot, where do you think so do we go from here? And I know that’s a very broad question. But just from given your role, your pedigree, your experience, what you’re doing, it’s just always interesting to get your perspective then.
David Wiseman [00:38:36]:
Yeah. So I’d say a couple of things. One, from a government perspective, you know, the digital geopolitical landscape’s increasingly volatile, and I don’t think that’s gonna calm down. And that, you know, data sovereignty is more critical than ever for national security, and and that needs to kinda feed into policy. And what that means is that, you know, organizations and industry as well as government, they need to take more control over their data, over their communications, but they need to do it in a way that’s not gonna chase their employees away from using the improved systems. So you need to educate on the risk of using consumer systems, but you gotta give them an alternative that, you know, makes sense to them as easy to use. And then the other thing is, you know, we kinda talked about, you know, deep fakes and voice spoofing and all that in terms of people information being gathered about particular people, but that also becomes a tool to flip around, and bad actors try to use that to influence public opinion. And we just look over the next few months, you know, we’ve got elections, you know, in Australia and Canada and numerous countries around the world.
David Wiseman [00:39:45]:
And every election cycle, you know, this negative influence aspect becomes, you know, stronger and stronger, tool that are that’s being used to try to manipulate things. So, you know, we have to understand this eavesdropping, the interceptions already happening. And with that in mind, what responses do governments have to take to protect their communications and to protect the integrity of the information that the public receives?
Karissa Breen [00:40:11]:
So, David, do you have any sort of closing comments or final thoughts you’d like to leave our audience with today?
David Wiseman [00:40:16]:
Yeah. My final thought is, you know, if you’re gonna rely on consumer apps for critical communication, you’re making a big gamble, particularly, you know, if you work for the government and that’s sensitive information. And it’s easy to make mistakes, and so you need to think about that, and you need to really put a messaging and communication system in place such as BlackBerry SecuSuite that’s gonna provide the controls that are needed.
Karissa Breen [00:40:49]:
Thanks for tuning in. For more industry leading news and thought provoking articles, visit kbi.media to get access today.
