Sen. Warren Worried About Banks’ New Encrypted Messaging Platform

UPDATE–The list of politicians in Washington wringing their hands over the increasing use of encryption by consumers and businesses is growing longer by the day. Sen. Elizabeth Warren added her name to that list on Monday.

Warren (D-Mass.) sent a letter to Attorney General Loretta Lynch expressing concern about a new encrypted communications platform that a group of 14 banks are planning to roll out soon. The platform is being built by Symphony Communications and is designed to provide encrypted messaging for financial services firms, which work in a highly regulated environment. Warren’s concern is that banks and other financial firms will be able to use the platform to circumvent some compliance requirements.

“When banks fixed interest rates (LIBOR) in direct violation of the law, they used chat rooms and text messages to coordinate their activities, and it was the trail of such messages that permitted regulators both to discover and prosecute these financial crimes, resulting in this case in admissions of wrongdoing and settlements of $6 billion both in fines and penalties,” Warren said in her letter.

“The communications that Symphony will allow companies to hide from ‘government spying’–such as text messages and chat room transcripts–have proven to be ‘key evidence’ in in previous regulatory and compliance cases that have uncovered criminal action by Wall Street. If banks are now making this information more difficult for regulators to obtain and interpret, it could prevent regulators from identifying and preventing future illegal behavior.”

The banks that will be rolling out the Symphony platform include Merrill Lynch, Bank of America, Citigroup, Credit Suisse, Goldman Sachs, and several others. Those firms also are investors in Symphony, which is run by a former Skype executive, David Gurle. The company describes its platform as providing secure one-to-one and group messaging on PCs and iOS. The system uses customer-owned hardware security modules and each customer stores its own master encryption key.

Symphony officials said in a statement that the company’s product is meant to help with compliance and protect customers’ data.

“Symphony is designed to meet the cyber-security and compliance needs of financial firms. The use of Symphony does not change regulators’ ability to obtain messages from our clients. Symphony delivers messages to its clients to download, decrypt, and archive, and they are able to provide those messages to regulators just as they would with other compliant messaging systems,” the statement says.

“Symphony is innovative because of its ‘end-to-end’ security capability that protects communications from cyber-threats and the risk of a data breach—while safeguarding our customers’ ability to retain records of their messages.”

In her letter, Warren requests a briefing from Attorney General Lynch’s office on a number of topics, including the effect of the encrypted platform on the Justice Department’s ability to get bank communications, and whether Symphony’s tools make it easier for banks and financial firms to evade existing rules on data retention.

In July, the Department of Financial Services in New York sent a letter to Symphony requesting information about the company’s platform and its encryption and data deletion capabilities.

This story was updated on Aug. 11 to add the statement from Symphony.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.