Our Interview with Joel Wallenstrom: Why Wickr is the Most Secure Communications App for Campaigns in 2020

As our country is searching for a light at the end of the tunnel in the wake of a global pandemic, most campaigns are now working remotely to help flatten the coronavirus curve. Candidates are hosting virtual town halls, Twitter chats, and Facebook and Instagram lives in lieu of in-person events.

To highlight our cybersecurity partners, DDC launched an interview series on our new blog and we are excited to introduce Joel Wallenstrom, President and CEO of Wickr.

DDC: Some people may not be aware of Wickr or encrypted communications. Can you describe what Wickr is and does? 

Joel: Wickr is a secure communications and collaboration company. We build software for mobile devices and desktop computers that provides the security of a face to face conversation over zero trust networks.  What's most unique is that we have built enterprise products on top of technology that has previously only been used in consumer products.

DDC: Now that most campaigns are working, to some degree, remotely to prevent the spread of the Coronavirus, how does Wickr help make them more secure when communicating and sending sensitive information?

Joel: Any time you’re communicating or sending sensitive information remotely there are risks. Wickr provides end-to-end encryption and a host of other security controls so that organizations can take the biggest risks off the table - risks like hostile mobile networks, public WiFi networks, etc. Wickr Pro users don’t have to trust these services because their data is secured prior to touching any of these potentially hostile systems.

The use of end-to-end encryption is different and often misunderstood.  Let me explain… Wickr Pro is fundamentally different from products like Zoom, Slack, WebEx, and Skype for Business that rely on client-to-server encryption. Client-to-server encryption (HTTPS, TLS) was built for web browsing. It’s really the wrong way to secure communications data. Client-to-server encryption essentially puts all your eggs in a single basket, in this case a server - and we have seen how unsuccessful corporations have been in their attempts to protect, patch and manage their servers!  If, or when, these systems are breached the attacker has access to everything. This is by design. It doesn't just have to be an outside attacker, insiders who are malicious or simply negligent have the ability to compromise all your centrally stored data and communications. End-to-end encryption completely eliminates this risk. 

DDC: For campaigns that are only communicating via email through services like Gsuite even with multi-factor authentication, how does it potentially put their campaign at risk?

Joel: Email just wasn’t built with security in mind, period. It’s not built for end-to-end security, for one, which leaves message content vulnerable to disclosure at key points along the path from sender to receiver, including as it sits in storage on the service provider’s servers. It’s not built to respect sensible data retention policies, either, which means it sits where it sits at the service provider for extended periods of time, needlessly extending the period of time in which it is vulnerable to unauthorized disclosure. If we look at recent attack trends as well, we see that web-based cloud email services are increasingly being targeted and losses are on the rise, and if you consider that web accounts of any kind are such an easy target for phishing and other attacks it kind of makes email communication the worst choice from a security perspective. 

DDC: Many people already use some form of encrypted communications, such as Signal or WhatsApp. How does Wickr differ from these services?

Joel: If Zoom and WhatsApp had a security baby the result would be Wickr Pro. The primary difference Wickr Pro provides is control and management. For example, we have 10,000 person corporate deployments that are managed and deployed by IT teams and small businesses managing their own free networks. Strong encryption is a critical component of Wickr Pro, and our encryption is second to none, but serious organizational use requires strong application security overall, administrative controls like SSO, privacy controls like 2FA, compliance features, etc. That’s what we provide in Wickr Pro. We also have Wickr Enterprise for customers who want to host their own instance, which is often the case in regulated industries and federal markets.

DDC: What are the most common concerns you hear from campaigns regarding adapting to secure communications?

Joel: First place would go to the perception that it will be hard to use. This stems from the traditional fear that security comes at the expense of usability. This goes away once you actually use Wickr Pro and see that it’s as easy as using your SMS app on mobile or email on desktop. Making security easy to use is the foundational goal of the product and company. Another concern is compliance.  Consumer products - you mentioned Signal and WhatsApp - tend to rub compliance officers the wrong way. When we set out to build Wickr Pro we knew there would need to be a way to keep the lawyers and compliance officers happy!   

DDC: Wickr recently announced an enhanced offering of its free services to help companies moving workers to remote working. What is that new offering and how do people take advantage of it?

Joel: We just wanted to do what we can to help. We’ve always offered a free option of Wickr Pro. Last week we decided to increase the size of Free Wickr Pro Networks to 30 and uncap features.  So, for example, you can now have a video conference for as long as you like. We wanted to remove economics as a barrier to access for organizations who need secure communications.

DDC: Wickr was one of the first companies to sign up with DDC to enhance the cybersecurity of campaigns. Why was it important for Wickr to join Defending Digital Campaigns' effort and how does it relate to Wickr's bigger vision and company values? 

Joel: DDC formalized what we and others were doing to make it more affordable for campaigns to acquire useful tools, and they did a fantastic job of it. We were all for it. This is the third election cycle where we have been helping campaigns, but the first where we have a real ally in the process.  We’ve all seen the dramatic impact data security issues can have on political campaigns (and by extension, all of us), so given how much we think we can help the situation we felt it important to step up.