Skip to content

Balancing Privacy vs. Security is the Key to Safer Online Messaging

Kurt Long talks about balancing privacy vs. security in messaging and why it's so important.

If someone asked you if you want the messages you send and receive to be private, you’d probably say “yes.” Most of us want at least some degree of privacy with our messages. Some of us even choose messaging apps with disappearing messages or other guarantees of complete privacy. But in the evolving landscape of technology, total privacy sounds appealing, but it may not be everything it’s cracked up to be. Rather than keeping everything completely private, striking a balance on privacy vs. security and safety may be a better choice for most of us.


See Balancing Privacy, Security, and Accountability with Kurt Long for a complete transcript of the Easy Prey podcast episode.

Kurt Long is an entrepreneur with over twenty-five years of experience starting and growing businesses in privacy and information security spaces. His current startup is BUNKR, a messaging solution designed to help answer the privacy vs. security question. He is also the chair of the Long Family Force for Good Foundation, which is dedicated to increasing the mental and spiritual well-being of children and families. It aligns with his deep and lasting interest in creating a business that is both financially beneficial and can do good in the world.

A Part of Something Bigger

Kurt grew up in Florida, and he was able to see the Apollo launches when they happened. Since he lived on the other side of the state, he obviously couldn’t see much detail, but he could still see the rockets streaking up into space. For a few days after each launch, he would look up into the sky and think about the astronauts on the moon or in orbit and think, This is real. It was his first real concept of what technology could do.

After graduating from the University of Florida with a degree in Computer Information Science, Kurt went to work at the Kennedy Space Center. It was a foundational first experience with technology. He was surrounded by bright people who cared about the mission and each other. If it hadn’t been for these people and the mission of space flight, Kurt doesn’t think he would have stayed in tech his entire life. But he got addicted to doing hard things that were bigger than himself with other people who also cared.

We should aspire to do things bigger than ourselves.

Kurt Long

Kurt has worked on the Hubble Space Telescope, Venus Radar Mapper, Galileo, and Ulysses missions. His part was small, but important. Even now when he sees pictures taken by Hubble, there’s a small sense of ownership – this happened in part because of the work he did. The same is true for the James Webb telescope. Kurt didn’t work on that mission, but it’s part of the heritage of the work he did on Hubble. Whether in space or computing, we stand on the shoulders of the people who came before us. The older he gets, the more Kurt finds a deep respect for his predecessors in all areas.

A History of Messaging Platforms

At the beginning of his career, Kurt was a TCP/IP programmer, or what was then called a sockets programmer. It was lower-level programming that you could use to send messages to computers. He was interested in the idea that you could connect computers around the world.

The commercialization of the internet in the mid-1990s was the best thing that could have happened to a TCP/IP programmer. He got involved with Netscape Communications when it was still called Mosaic and only had a few dozen employees. He set up his first security business around the Netscape platform. Essentially, he wrote a reverse proxy server so companies could put billing information in a secure space and avoid exposing it. Later, he started a company around single sign-on access controls, which sold its products all over the world and was later acquired by BMC.

Through this career, Kurt got a firsthand look at how internet and messaging online evolved and changed. In the early internet, there was a lot of implicit trust. If you were sending data, the process assumed you were the legitimate originator. It assumed everyone who touched the data was going to handle it correctly and the person who received it was the intended recipient. It was a system where everyone trusts everyone. No one had really thought about how bad guys might use or exploit it.

Security and Privacy Challenges

Kurt spent the first decade of his work on security and privacy in this infrastructure, improving authentication processes and making sure information could get to the right place. Along the way, he started to realize that tools like email were very insecure. There was no concept of built-in authentication, and they could pass through many different routers and switches that could be compromised. Even when those risks are managed, email is still vulnerable to impostor and social engineering attacks and phishing.

Messaging apps were not developed with privacy or security in mind. But we generally have no choice but to use them. Emails and text messages are vulnerable. Social messengers and some messaging apps have encryption and other tools, but are still vulnerable to social engineering.

The public is almost forced to use … a collection of tools that were absolutely never intended to secure our communications.

Kurt Long

This has fed a huge outbreak of cybercrime. By 2025, cybercrime is going to be the third largest economy in the world, just after the US and China. Even now, the damages have hit $8 trillion. People have realized that not everybody out there is a good person.

Taking Privacy vs. Security Too Far

We’re now seeing a lot of people and platforms swing from implicit trust to implicit distrust. Apps are enabling end-to-end encryption and messages that disappear after being read. People are choosing “encrypted” and “secure” messaging apps more often. We’re getting to the point where Apple is telling the federal government that they can’t provide text messages because not even the company can see through the encryption.

When even law enforcement can't access the messages, you've taken the privacy end of the privacy vs. security question too far.

The founders of WhatsApp wanted to create a messenger that gave people both privacy and security. Their intentions were genuine, and they succeeded. But then Facebook bought WhatsApp. Famously, Facebook’s treatment of privacy and security frustrated at least one founder so much that they left WhatsApp to found Signal, another private messenger. Snapchat was the first to make disappearing messages famous, but now other apps have picked up on the idea.

There are now a whole collection of messenger apps whose entire purpose is to prevent legal due process. They ensure your privacy by deleting messages, encrypting so that even they can’t look at it, or other tools. But they make it harder for law enforcement because even with a warrant, they still can’t get access to that evidence.

Criminals Love Excessive Privacy

Using an app where nobody can get access to your messages under any circumstances can be good in some cases. If you’re a reporter in a conflicted area whose messages might cause a government or military force to harm you or your family, that kind of privacy is essential. But for the average person, emphasizing privacy too much in the privacy vs. security question can cause us to support apps that help criminals do their dirty work.

Privacy to the point where a platform can’t cooperate with law enforcement breeds criminal use. Criminals, terrorists, and other nefarious actors flourish when they have a way to communicate that law enforcement can’t see. That’s why there has to be a balance on privacy vs. security. It’s great to have privacy if you’re, say, reporting in a war zone where your messages could get you killed. But we also don’t want to have crime bosses sending out their hit lists through a channel that law enforcement can’t ever access.

There need to be alternatives in the marketplace. The public does have a right to privacy – in the US, you’re guaranteed protection from warrantless search under the 4th Amendment, and Kurt believes that protection is important. But it’s also essential that there be some measure of security so that law enforcement (with the proper warrants) can get the information they need for an investigation.

I have the right to be protected until there’s a legitimate court order for otherwise.

Kurt Long

You could argue that you don’t trust politicians or the courts. But at some point, we all have to decide we’re going to trust somebody. Otherwise society breaks down. Kurt thinks the justice system is one of the best chances we have at a system we can trust.

Why Privacy vs. Security Balance is Beneficial for Everybody

The Securities and Exchange Commission (SEC) fines the finance industry for using apps that don’t support legal due process. You want the people handling your money to be transparent. Another example is the FBI. If they take action based on an informant’s tip, they need to be able to prove they acted with good reason. And in healthcare, you want your doctor’s communication about your health to be private – but if they malpractice, you also want to have the record to prove it.

Here’s another example, based on something that actually happens fairly frequently. Say Kurt has a friend named John. John mainly uses a super-private messaging app to talk to Kurt. Nothing they talk about is suspicious or illegal in any way. But one day John gets investigated for insider trading. Because he uses a super-private app, law enforcement can’t look at the messages. They can tell he messaged Kurt, but not what they talked about.

So now Kurt is under investigation too. Kurt needs to show evidence that he wasn’t involved in the crime. But since the app is so private, especially if the messages disappear, he will have a hard time proving himself innocent.

Law enforcement doesn’t have any choice but to … be a little suspicious of people using secret messengers.

Kurt Long

In this scenario, Kurt didn’t break any laws and he’s not legally liable. But because it’s so hard to prove himself innocent, he’s now guilty by association. He may have to be involved in a lawsuit or trial. It could cost him his job if his employer doesn’t want that association with criminal activity. When the messaging is so private, you can’t prove yourself innocent without a lengthy discovery process, and that makes it harder than it needs to be.

Privacy s. Security in Legislation

In the United States, there are some logjams when it comes to balancing privacy vs. security in the law. Congress has drafted legislation multiple times and several segments have gone through different steps of the process. But it’s nowhere close to being done. The US is limited to industry regulation and state regulation for the foreseeable future.

This isn’t the case with other countries. The UK has passed legislation banning messengers that are too focused on privacy to the detriment of security. But there’s also no evidence that they’re doing anything about it. What little they are doing skips over the warrant process and borders on surveillance. The situation is similar in France and in the EU in general.

In those markets, they do want to pull back some of that privacy to catch what the bad guys are doing. But they can’t overreact. Kurt believes this is one of the most important issues of the 21st century. It’s carrying forward hard-earned human rights while still providing protection.

How BUNKR Helps the Privacy vs. Security Challenge

What Kurt is trying to do with BUNKR is bring balance to the privacy vs. security debate. It has public usage in thirty-two countries around the world and is popular with families. In addition to messaging, it has other features that adds to a family’s security, such as password management and cloud storage. And it’s not just families using it. Athletes, entrepreneurs, physicians, pilots, and more are using it all over the world. There are lots of great use cases for lots of people.

Better privacy and better security in messaging is great for everybody.

BUNKR is special because you’re not going to get spam or impostor attacks. They might have to cooperate with law enforcement – but if you’re doing something that you don’t want law enforcement to see, use a different app. It’s not a free app because free means no certainty around who anyone is. You can download a free app, register, and claim to be whoever you want. BUNKER’s first step towards privacy and security is charging a small amount to use it. Just that factor of having to have payment on file deters most bad guys. Making it clear that they cooperate with law enforcement gets rid of the rest. It’s the radical idea of providing legitimate software at a low price for legitimate public users and legitimate businesses.

BUNKR also has invitation-only messaging. You literally can’t get a message from someone you don’t know. There won’t be any spam texts from “Bob” asking about his “appointment” or about an Amazon package that’s on its way but needs your credit card information. There are a lot of people who use the platform who have said that if they ever allow people to search and try to connect with them they will quit. It’s a platform that is very private, very secure, and very legitimate.

Supporting Privacy and Security Around the World

With any app like BUNKR, there’s the question of privacy vs. security in a global context when oppressive regimes get involved. A lot of it comes down to payment. BUNKR gets some registrations from difficult countries, but not a lot.

The entire planet deserves to conduct their affairs with dignity at bank-level security.

Kurt Long

Some people think that for an app to be truly private and secure, it has to block certain countries, like Yemen or North Korea. But BUNKR doesn’t do that. Someone from Yemen can register and pay for the platform and use it to talk to their family and people they know. But by the nature of the app itself, they can’t go after people they don’t know. This can actually help people in unstable countries have a more stable life.

Other people are concerned about a situation where, say, the Yemeni government says that Yemeni law should let them look at Yemeni users’ messages. BUNKR has lawyers to help figure out that complex legal decision. But Kurt is a law-abiding US citizen. While he respects everyone, his instinct is to follow the regulations of the US State Department. It’s not a legal position at this point, but more of a values position. There may be difficult decisions in BUNKR’s future, but Kurt welcomes them.

Learn more about BUNKR on their website bunkr.life, on Instagram @bunkr.life, and on X @bunkrlife. You can connect with Kurt Long himself on LinkedIn.

Related Articles

All
  • All
  • Easy Prey Podcast
  • General Topics
  • Home Computing
  • IP Addresses
  • Networking Basics: Learn How Networks Work
  • Online Privacy
  • Online Safety
Machine Learning can be utilized in fraud detection

How Machine Learning Works in Fraud Detection

As Artificial Intelligence technology continues to evolve, the multitude of ways in which it can help us…

[Read More]
Jeremiah Grossman talks about computer security incident management and prevention.

Computer Security Incident Management Requires Planning Ahead and Making Hard Calls

A lot of things about cybersecurity aren’t easy. From evaluating the value of your digital assets to…

[Read More]
Quantum Computing and Cybersecurity

Quantum Computing and Cybersecurity: Preparing for the Future

Today’s world moves at lightning speed compared to the previous generation. To stay ahead of the curve,…

[Read More]
Check your work for plagiarism with tolls online

About Those Online Plagiarism Tools…Do They Actually Work?

If you have ever been a student or a teacher, you know how big of a deal…

[Read More]
Using ChatGPT at Work

Using ChatGPT at Work: What to Do and What Not to Do

When ChatGPT exploded onto the scene in 2022, you could immediately see the ripples that went through…

[Read More]
These romance scam statistics show why we need World Romance Scam Prevention Day.

Why Romance Scam Prevention Matters: Key Statistics and Insights

October 3rd is World Romance Scam Prevention Day. Though the officially recognized day is new, the need…

[Read More]