Security Experts:

Wickr Partners with Psiphon to Improve Network Availability

Despite government demands for backdoors into end-to-end encryption, it remains a legitimate requirement for business. Political tensions affect, but don't stop, international commerce; and business teams visiting foreign countries need to know that their communications are secure and delivered. The problem is domestic as well as international -- staff are increasingly mobile and work from any hotspot or free WiFi location they can find.

Such internet users need to know that their data remains secure from whatever location they use. This is a requirement solved by Wickr. It provides encrypted communication from source to destination whatever the location. Traveling staff can use any internet cafe or hotspot confident that their content cannot be sniffed.

But there remains a problem. Some of those source locations impose local restrictions on traffic -- it could be anything from traffic management controls to ISP restrictions, or simply a flakey network. The result is that Wickr content may be secure, but delivery can become problematic. To solve this problem Wickr has partnered with Psiphon to create WOA -- Wickr Open Access.

"Wickr already solves the crypto part," Joel Wallenstrom, president and CEO of Wickr told SecurityWeek. It triple-encrypts every bit of streaming data and applies perfect forward and perfect backward secrecy. "But a really critical part of enterprise communication is availability. That's why we've partnered with Psiphon. Together, we've developed something unique in the market, combining our encryption with how Psiphon ensures a robust and always-available network."

Psiphon can be described as a smart VPN. WOA combines Wickr's cryptography with Psiphon's network availability to provide consistent deliverable security, anywhere.

Chris Lalonde, Wickr's COO, explains. "Global enterprises have teams all over the world and they have people traveling all the time. The challenge that you face is that in many cases you are on an unpredictable network -- whether that's a coffee shop in Soho, a cafe in Paris, or some place in Hong Kong. What happens in a lot of those cases is users end up getting frustrated. They tend to think that it is the application when really it's the network they're using."

Enterprises have two problems. Mobile workers traveling locally, using local coffee shops with poor network connectivity and the potential for industrial espionage; and international business teams visiting nations with what we might term repressive governments. Wallenstrom describes the first. "If you're in a local coffee shop with free wifi it may have certain protocols restricted in order to maximize web-serving traffic. What that means for an end user trying to get on a call for a business meeting is it just doesn't work. This happens anywhere where the coffee shop is trying to optimize its free stuff -- to the end user, it just feels like the application is crappy."

Michael Hull, president of Psiphon Inc (which grew out of a Citizen Lab project) provides the international perspective. "There are probably 30 to 40 countries in the world where governments, ISPs and security agencies are all colluding together to control the local population and economy," he told SecurityWeek. "This is the problem that Psiphon was founded to solve. We've been providing an anti-censorship solution to the big international broadcasters for the last ten years or so. The BBC uses us, the Voice of America, Radio Free Europe and more use us to make sure that when governments try to intervene to prevent people from accessing information in contravention of Article 19 of the UN Declaration of Human Rights, we have a very sophisticated smart VPN that is capable of getting around large scale filtering systems and so on. We've honed our technology in the classic regions like China, Iran and Russia. The internet is being regularly disrupted by different ISPs for various reasons, some of them human rights related, some are business related."

Wickr has integrated the technology developed by Psiphon to ensure reliable network routing through the vagaries of both the local coffee shop and intrusive foreign governments. Psiphon operates 3500 servers, hosted on third party cloud providers, throughout the world -- ensuring that Wickr's encrypted traffic can get from anywhere in the world to anywhere in the world safely, securely and predictably.

"We're enabling users to simply put their application to work all the time, anywhere," said Lalonde. "Combining with Psiphon, WOA enables users to have a one-two punch to not only secure their data end-to-end but to make sure it gets to where it needs to go."

This gives it another practical enterprise application: incident response. "Let's say that my corporate network has been hacked," explained Wallenstrom, "and I don't know what to trust and what not to trust on my infrastructure. An attacker could be doing all sorts of things to my network traffic in order to see what the incident response team is doing. This happens -- it happened in the Sony hack. WOA gives the CISO and incident response team assurance that not only are the messages encrypted, but they are getting through to the destination when they need to."

"In today’s world," says Chris Lalonde, Wickr's COO, "end users are rarely aware of the networks across which their data is transmitted. Sometimes networks are restricted, other times they are degraded or monitored. With WOA, users can be certain that their data is secure in transit, their critical communications make it to the intended recipients and no service provider -- including Wickr -- has access to end user data."

Psiphon describes its product as a circumvention tool that utilizes VPN, SSH and HTTP Proxy technology to provide uncensored access to Internet content. But it is more than a VPN that gives access to Pirate Bay when the local ISP blocks it. Wickr is using Psiphon to not just bypass the local ISP, but to bypass problematic local networks to ensure that traveling teams can maintain secure communications from even the most far-flung locations.

The enterprise version is available today. It will be rolled out to other versions of Wickr, including the free version, in the future.

Related: Microsoft Rolls Out End-to-End Encryption in Skype 

Related: The Argument Against a Mobile Device Backdoor for Government 

Related: Foreign Companies in China Brace for VPN Crackdown 

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.