Image courtesy: 360b / Shutterstock.com
Prime Minister Malcolm Turnbull and his most senior cabinet ministers are using a third-party messaging application to conduct confidential discussions, prompting cyber security experts to warn the innovation could actually pose a security risk.
WhatsApp is also being used by senior cabinet members, government chiefs of staff, media advisers and a ‘broadcast group’ used by Defence Industry Minister Christopher Pyne to chat between staff, The Sydney Morning Herald reported.
The founder of security consultancy firm Hivint, Craig Searle said WhatsApp was not an approved platform on the ASD (Australian Signals Directorate) and should not be used in place of secure government email. Apple’s iOS operating system and Blackberry’s operating system were on the ASD list of Evaluated Products or Certified Cloud Services.
“Should government be using secure messaging apps? Yes, they are a great idea. But for government staff in particular, they have to be cognisant of data classification requirements, they should behave securely and use products on the Australia government’s certified list,” he said.
“If a government employee were to transfer classified data across a non-approved app or network, that could be a potential security breach.”
WhatsApp is owned by Facebook, with which it has recently shared more user data of its close to one billion people database.
Australian Strategic Policy Institute cyber security expert Tobias Feakin said despite WhatsApp trumpeting end-to-end encryption – which secures a message once it is sent from one phone, via a server, to another phone – risks remained.
“The risk of WhatsApp is at either end of the cycle, on the sending device or receiving device. People can misplace a device and then it can potentially be accessed. Then there is phishing – someone clicking a link or opening an attachment [in the app] which downloads software,” Dr Feakin said.
“The headache for government is that this is a platform that rests outside government’s purview and that therefore poses some security risks.”
US presidential candidate Hillary Clinton has faced months of criticism after it emerged she used a private email server while Secretary of State, a revelation which sparked a criminal investigation by the FBI and repeated attacks by Republicans and rival Donald Trump. Emails recovered from Mrs Clinton’s accounts and released by the US government have been the subject of intense media attention.
The use of the app also raises questions about whether the communications are covered by Australia’s Freedom of Information laws because the content of the messages are not stored on government servers – as emails are – but instead exist on an individual’s phone.