Beware of SORM

Smartphones (iPhone, Galaxy S6, etc.) are pocket-size computers that let users make telephone calls, send and receive SMS text messages, e-mail, photos, video, and more. While our smartphones let us communicate with friends, family, and business associates, that communication is not secure. Even though most communication is encrypted in transit, it can still often be read by our Internet and Cellular Service Providers, may be stored by and passed between service providers as plaintext (unencrypted), and may be intercepted by skilled hackers and cyber-criminals. Information on your smartphone is also available to law enforcement with a warrant, subpoena, or other legal discovery motions; although it should be noted that Apple has stated they are unable to decrypt a locked iPhone running iOS8 or later, and Google has made similar statements concerning its Android 5.0 "Lollipop" operating system.  

Smartphone encryption apps add an additional layer of security to our wireless communications by encrypting the content of our messages with end-to-end encryption so that not even the service provider can read the messages sent using these apps. These apps may also use WiFi connections to support communication so that there is no record of communication between parties in the cellular service provider’s call records. Note that your cell-phone service provider may store the details of your text messages for several years, and the actual content of the text message for up to 90 days. 

Here is Russia we say "Beware of SORM". The System of Operative-Investigative Measures, or SORM, is Russia’s national system of lawful interception of all electronic utterances - an Orwellian network that jeopardizes privacy and the ability to use telecommunications to oppose the government. 

Over the last few years, the Kremlin has transformed Russia into a surveillance state - at a level that would have made the Soviet KGB (Committee for State Security) envious. Seven Russian investigative and security agencies have been granted the legal right to intercept phone calls and e-mails. But it’s the Federal Security Service (FSB), the successor to the KGB, that defines interception procedures.

The FSB has control centers connected directly to Internet and Cellular Service Providers’ computer and cellular networks. To monitor particular phone conversations or Internet communications, an FSB agent only has to enter a command into the control center located in the local FSB headquarters. This system is replicated across the country. In every Russian town, there are protected underground cables, which connect the local FSB bureau with all Internet Service Providers (ISPs) and telecom providers in the region. SORM is a holdover from the country’s Soviet past and was developed by a KGB research institute in the mid-1980s. Recent technological advances have only updated the system. Now, the SORM-1 system captures telephone and mobile phone communications, SORM-2 intercepts Internet traffic, and SORM-3 collects information from all forms of communication, providing long-term storage of all information and data on subscribers, including actual recordings and locations. 

There are several smartphone encryption apps available to protect your private communication. The following five apps provide very good security and are available for free to individual users. To communicate securely with someone each party to the communication must be using the same encryption app. Choose one or more of these apps and keep your private conversations private. 

(The following descriptions are taken from the web-pages of the apps shown.)     

ChatSecure - (https://chatsecure.org/) ChatSecure is a free and open source messaging app that features OTR encryption over XMPP. You can connect to your existing accounts on Facebook or Google, create new accounts on public XMPP servers (including via Tor), or even connect to your own server for extra security. Unlike other apps that keep you stuck in their walled garden, ChatSecure is fully interoperable with other clients that support OTR and XMPP, such as Adium, Jitsi, and more.

Cryptocat - (https://crypto.cat/) Cryptocat is a fun, accessible app for having encrypted chat with your friends, right in your browser and mobile phone. Everything is encrypted before it leaves your computer. Even the Cryptocat network itself can't read your messages. Cryptocat is open source, free software, developed by encryption professionals to make privacy accessible to everyone. Chat with groups of friends at the same time using Cryptocat's group chat encryption. Send files and photos to friends quickly and easily, with the assurance that not even the Cryptocat network itself can read your data. Connect to Facebook Messenger to see which Facebook friends are also using Cryptocat, and set up encrypted chat with them instantly.

Telegram - (https://telegram.org/) Telegram is a messaging app with a focus on speed and security, it’s super-fast, simple and free. You can use Telegram on all your devices at the same time - your messages sync seamlessly across any of your phones, tablets or computers. Telegram’s special secret chats use end-to-end encryption, leave no trace on our servers, support self-destructing messages and don’t allow forwarding. About the only thing secret chats don’t have is cloud storage - they can only be accessed on their devices of origin.

WhatsApp - (https://www.whatsapp.com/) Some of your most personal moments are shared on WhatsApp, which is why we built end-to-end encryption into the latest versions of our app. When end-to-end encrypted, your messages and calls are secured so only you and the person you're communicating with can read or listen to them, and nobody in between, not even WhatsApp. This is because your messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read them. For added protection, every message you send has its own unique lock and key. All of this happens automatically: no need to turn on settings or set up special secret chats to secure your messages. 

Wickr - (https://www.wickr.com/personal) Send and receive secure messages, documents, pictures, videos and audio files. Wickr removes all records, geotags and identifying information from your messages and media. Your conversations can not be tracked, intercepted or monitored. Your Wickr ID is anonymous to us and anyone outside your Wickr network. Wickr's Peer-to-Peer Encryption does not rely on centralized private KDC for decryption. ID and device undergo multiple rounds of salted cryptographic hashing using SHA256. Data at rest and in transit is encrypted with AES256. Messages and media are forensically wiped from the device after they expire.