IA Fintech Member Insights: QWIL Messenger 

Professional firms have nothing to hide. So why are secret social chat apps still being used?

As all companies prepare for new data protection regulation, giving rights back to individuals and improved access by authorities to data, differentiating between secrecy and privacy has become even more important. This is especially relevant when we consider the importance of chat platforms in our daily life and the reliance on an un-interrupted service for professional communications.

Secrecy vs Privacy – the intent and implication

Whether information is classified as secret or private is linked to the intent of the person and the implication should it be revealed. This is independent from the level of security, or permission required to access it. Privacy is defined as information withheld from public view. Purposely or accidentally disclosing it would simply provide an insight into the situation or person. Secrecy on the other hand, is the act of deliberately keeping things hidden out of fear of the potential negative implications or harm should the information be revealed.

In most cases, it is how to access information which is to be kept a secret (i.e. password to bank account or to computer files) rather than the actual data, content, conversations or identity of those who are communicating. These are private and confidential but should authorised personnel have to gain access, for example a bank manager, regulator or even authorities, there should not be any negative impact for anyone involved. The data remains protected by the service provider. The identity remains confidential but is verified. Most importantly, no one is deliberately trying to hide anything.

Why authorities are cracking down on secrecy and disrupting the service for everyone?

Secret activities have always raised suspicion whether tax evasion, money laundering, criminal and illegal activity, civil unrest or even terrorism. For all individuals involved, the aim is to keep identities, content and intent hidden, mostly from authorities.

Whilst chat apps (WhatsApp, Facebook Messenger, Telegram to name a few) may be appropriate for personal and social use and have revolutionised the way we communicate, they have also been an instrumental tool for secret activities resulting in government intervention across the world and unfortunately service disruption for millions of users. These apps enable the actual identity of the participants to be unverified, the communications hidden (encrypted) preventing 3^rd parties reading the content. In addition, the data may be stored in jurisdictions which are reluctant to facilitate data access.

Action taken by authorities have ranged from banning access to chat services, asking for “back doors” or underlying data encryption keys, enforcing strict data hosting rules linked to the residency of the users and even building their own secured chat system. Recent examples include:

• April 2018: Russia bans Telegram chat apps over its failure to grant the country’s security services access to its users’ conversations including decryption keys
• April 2018: French government to build secured chat app mandatory for all employees to replace widely used Telegram (even by the President). Data centres will be located in France.
• April 2018: The Iranian government blocks the messaging app Telegram over national security concerns and replaces it with its own messaging app.
• February 2018: Telegram taken off the Apple app store after being notified of illegal content (via external plugin on app) and authorities informed.
• March 2018: Social media and messaging platforms including WhatsApp, Facebook Messenger, and Viber blocked in Chad linked to the tense political situation.
• September 2017: China blocks WhatsApp text messages ahead of upcoming Chinese Communist Party. As opposed to Whatsapp, WeChat provides users’ personal data to the Chinese government in non encrypted format.
• September 2017: WhatsApp rejects UK Government request to create a way to access encrypted messages — known as a backdoor. It was reported that 80 percent of investigations into terrorism and serious crime are affected by encryption.

Encryption by itself does not make communications secure and private (nor compliant)

Social chats allow users to self-register to use the platforms – with the name of their choice and in most cases a mobile number and/or email linking them to their account. Each user can also invite any other users to chat and share content. None of that information is verified nor can be trusted. Consequently, users have no control on either the privacy or the security of their content. Having these conversations encrypted (coded) from the sender to the receiver’s phone only prevents communications from being read other than by those holding the keys.

The recent news of WhatsApp co-founder (Jan Koom) allegedly resigning over Facebook’s plans to water down privacy policies and end-to-end encryption so as to be able to monetise the data for business/advertising purposes is a good example that privacy of data cannot be ensured.

Secure and private communications require that everyone is trusted on a platform (they are who they say they are), identity is continually verified (e.g. password protected access), with users agreeing and knowing who has access to the data, why and where it is located. This is the basis for new EU data protection regulation (GDPR).

Professional communications are about privacy, reliability, and connectivity

Regulated firms have used secured chats for many years to coordinate transactions and maintain the privacy of communications (and a full audit trail) which has contributed to the dominance of Bloomberg across banks. Bloomberg is known to be the most expensive chat platform at many thousands of pounds per year per terminal. However, having fixed terminals installed at each firm meant Bloomberg could ensure un-interrupted service from one end to the other without risks of 3^rd party disruption. This single common platform could be relied upon across firms globally with only trusted users and was the main driver behind its success.

Despite well documented legal, compliance and operational risks, the widespread adoption of social chat in the work place has made its use seem acceptable although no one would now consider using personal email for similar professional conversations. The high level of risks, and future fines under new data protection regulation, has led to most firms to implement policies explicitly forbidding staff from using them for business purposes. This is despite an ever-increasing demand from clients for communication via chat.

No doubt more data related fines and warnings will occur once GDPR is implemented in May 2018 but these recent examples provide some indication of what to expect:

• March 2017: The Financial Conduct Authority, the UK financial regulator fined Jefferies banker £37,000 for passing confidential client information to a “personal acquaintance and a friend” on WhatsApp to “impress”.
• March 2017: Singapore firm warned by the Personal Data Protection Commission after a staff member disclosed personal information of a former employee in a WhatsApp group.
• December 2016: A Deutsche Bank rates trader was suspended after asking a trading counterparty to join a WhatsApp group.

The focus on data protection regulation globally and the need to control data regionally, will further accelerate the need for a specifically designed business chat solution – one which connects but differentiates internal and external users, coordinating conversations across on one common secured platform whilst retaining the functionality and ease of use which has made chat one of the most popular channels. This is the premise of Qwil Messenger.

Qwil Messenger solves the challenge of making chat safe and compliant where it matters most

Qwil Messenger is a branded, multi-tenant platform designed specifically for firms who need to manage financial crime and fraud risks, as well as meet recording and auditing obligations.

To achieve the high standards required, Qwil Messenger has been engineered from the ground up to ensure each user’s identity is verified & trusted, their privacy maintained, and business data kept securely protected and hosted in line with regulatory requirements. Unique chat participation rules enable trusted parties to flexibly facilitate conversations as and when appropriate.

Unlike other internal chat solutions, Qwil Messenger’s single app provides a superior, branded chat experience that is both convenient and familiar for staff, clients and partners. At the same time, users can also safely maximise the benefits associated with what is the most popular and fastest growing form of electronic communication globally.

Further information about Qwil Messenger can be found at Qwil Messenger

Laurent Guyot, Chief Revenue & Finance Officer Qwil Messenger