Top 5 Myths and Misconceptions that May Drive U.S. Government Agency Users to Rely on Unsecure Communications Apps
The pandemic accelerated government agencies’ adoption of new technologies to support collaboration and more flexible work environments, but when it comes to messaging, government users often default to consumer messaging apps—whether their devices are personal or government-issued and whether the apps are approved or not.
While these apps are convenient and easily accessible, they can pose significant security risks.
Consumer apps are designed for scale and extensibility, not necessarily for security. They often lack the encryption and security protocols that are necessary for sharing Controlled Unclassified Information (CUI), mission-critical communications and National Security Information (NSI).
Secure collaboration has become a top priority for U.S. federal agencies. However, it is an ongoing battle given the omnipresence and momentum of consumer apps that have become so central to modern life.
So why do some agency users rely on unsecure communications and collaboration apps? Five common myths may be leading them to believe they don’t have a better option.
Myth #1: Commonly used consumer communications apps, such as messaging, are approved for use.
Federal departments and agencies have not approved the use of consumer messaging apps. In addition to data privacy laws, government organizations are subject to records requests under the Freedom of Information Act (FOIA) and various state sunshine statutes. Consumer-grade solutions are not built to meet the security, privacy or data retention requirements of the U.S. government.
Myth #2: Communications sent through messaging apps aren’t federal records.
The National Archives and Records Administration (NARA) defines federal records as “all recorded information, regardless of form or characteristics, made or received by a Federal agency under Federal law or in connection with the transaction of public business.” In January 2023, NARA added all “electronic messaging systems that are used for purposes of communicating between individuals” to its digital records retention guidance. This includes text messages, chats, and instant messages.
Consumer apps that rely on individual users to back up messages and share phone records do not provide a scalable or reliable method of adhering to the new data retention requirements.
Myth #3: Government personnel and teams don’t need to use an approved app if conducting business from their personal devices.
Anytime agency personnel and teams are conducting government activities, they must use only approved encrypted services. This ensures that security, privacy and data retention requirements are met, whether it is a government-issued or personal device being used.
Myth #4: Government personnel can communicate and collaborate with contractors or partners outside of their agency using consumer apps.
Government personnel cannot use a consumer app to communicate and collaborate with contractors or partners. All government-related activities must be conducted using approved services that meet security, privacy and data retention requirements.
Myth #5: There is no convenient, easy-to-use collaboration app that can be used on government and personal devices.
Wickr RAM is an end-to-end encrypted messaging and collaboration service that was built for the Department of Defense (DoD). Wickr protects one-to-one and group messaging, voice and video calling, file sharing, screen sharing and location sharing with 256-bit encryption. No one except intended recipients has access to the keys required to decrypt the content.
Flexible administrative controls make it easy to manage communication channels and retain data to meet requirements, and Wickr Bots can be used to automate workflows. The best part is, it is convenient for personnel and teams, and simple to access and download.
Wickr RAM eliminates the need for users to depend on their own solutions; it is in use today and has an Air Force Enterprise ATO at Impact Level 5 (IL5) with agency reciprocity for both government and personal devices over any network. Wickr RAM can be installed with confidence that communications will remain secure and private, regardless of the device used.
Learn more about Wickr RAM, and how government agency personnel and teams can collaborate securely while working to meet legal and regulatory data retention requirements.