The drama this week over the Trump administration Signal group chat about a strike on Houthis in Yemen in which The Atlantic Editor in Chief Jeffrey Goldberg was inadvertently included has been popcorn-worthy, if you’re into that sort of thing. But beyond the resultant posturing between screw-up bureaucrats and pompous politicians, we learned something of value from the incident: Government officials use the popular encrypted messaging app because the intelligence community considers it secure. While the political class argues over the details, the rest of us should consider that an endorsement of this technology.
Is It Snoop-Resistant?
Encryption software is widely used by businesspeople, journalists, and regular folks who don’t want to share the details of their lives and their finances with the world. But there’s always been speculation about how secure apps like Signal and Telegram are from government snoops who have the resources of surveillance agencies behind them. Are we just amusing the geeks at the NSA when we say nasty things about them to our colleagues via ProtonMail or WhatsApp?
One indication that private encryption software really is resistant to even sophisticated eavesdropping is the degree to which governments hate it. U.S. federal officials have long pushed for backdoor access to encrypted communications. Apple is currently battling British officials over that government’s requirements that the company compromise the encryption offered to users so that law enforcement can paw through private data. The Signal Foundation—creator of the open-source software at the center of the current controversy—threatened to leave the U.K. in 2023 during an earlier anti-encryption frenzy while Germany-based Tutanota said it would refuse to comply.
But then we got news of a group chat on Signal including such officials as Vice President J.D. Vance, Director of National Intelligence Tulsi Gabbard, Defense Secretary Pete Hegseth, CIA Director John Ratcliffe, National Security Adviser Mike Waltz and, of course, Goldberg as a plus-one. If administration officials including several from the intelligence community are willing to hold a conversation on the app, that’s important added testimony to the security of the software.
Endorsed by the CIA
Even more evidence came courtesy of the March 25 Senate Intelligence Committee Hearing on Worldwide Threats, during which attendees were understandably pressed to explain the incident and the use of Signal.
“One of the first things that happened when I was confirmed as CIA director was Signal was loaded onto my computer at the CIA, as it is for most CIA officers,” Ratcliffe told Sen. Mark Warner (D–Va.). “One of the things that I was briefed on very early, Senator, was by the CIA records management folks about the use of Signal as a permissible work use. It is. That is a practice that preceded the current administration, to the Biden administration.”
Later, in response to Sen. Martin Heinrich (D–N.M.), Ratcliffe added: “Signal is a permissible use, being used by the CIA. It has been approved by the White House for senior officials and recommended by CISA [the Cybersecurity and Infrastructure Security Agency] for high level officials who would be targeted by foreign adversaries to use end-to-end encrypted apps whenever possible, like Signal.”
Whether all popular encryption software is equally secure isn’t clear. But Ratcliffe’s mention that officials are encouraged to use apps “like Signal” suggests it’s not the only one that’s reliable.
Nothing Will Save You From Your Own Carelessness
Of course, Jeffrey Goldberg got access to the hush-hush meeting anyway, but that wasn’t a failure of the software’s encryption. Goldberg was apparently included in the chat accidentally, by the invitation of National Security Advisor Mike Waltz, according to his own embarrassed admission.
“A staffer wasn’t responsible, and I take full responsibility,” Waltz told Fox News’s Laura Ingraham. “I built the group. My job is to make sure everything is coordinated.”
Waltz claimed he had Goldberg’s phone number in his contacts under the name of a government official who he intended to add to the meeting. Basically, the fault lies with Waltz’ mastery of contact lists and how to make sure you share confidential info only with those you want to have it.
“There’s no encryption software in the world that is going to prevent you from making a blunder if you directly send classified information to a journalist accidentally,” Northeastern University professor Ryan Ellis, who researches cybersecurity among other topics, commented on the matter.
Ellis and his Northeastern colleagues emphasize that Signal and government-developed communications platforms don’t differ regarding the security they offer for data but in “safeguards to prevent the sharing of information with individuals without the proper clearance.” Presumably, government software doesn’t draw on generic contact lists. That means there’s less opportunity for officials to unintentionally share secrets—or dick pics—with journalists and foreign operatives.
Popular With Everybody (Just Watch That Contact List)
That said, commercial encryption software is as popular among government officials as it is with the public. “The AP found accounts for state, local and federal officials in nearly every state, including many legislators and their staff, but also staff for governors, state attorneys general, education departments and school board members,” the news service reported last week in a piece that emphasized transparency concerns around the use of encryption by government officials. Like Ratcliffe, the A.P. noted that CISA “has recommended that ‘highly valued targets’—senior officials who handle sensitive information—use encryption apps for confidential communications.”
After news of the administration group-chat breach broke, Frederick Scholl, a professor of cybersecurity at Quinnipiac University, discussed several apps that people can use to keep their communications secure “including Briar, Session, Signal, SimpleX, Telegram, Threema, Viber and Wire.”
That’s in addition to others including Meta’s WhatsApp. And encrypted RCS is replacing old-school SMS for basic text messages, though the transition isn’t complete. Even better, the new standard is supported by both Apple and Google so that encryption will work in conversations between Android and iPhone platforms.
Nothing is completely safe, of course. People developing security are in a constant race with those trying to compromise it. And, like Mike Waltz has discovered, nothing can save you from embarrassment if you invite the wrong person to the chat.
|
|
By the way, If you like this newsletter and want to support it, you can:
Contribute to Reason. This newsletter (and everything Reason produces) relies on the support of readers like you. Contributions help us spread commentary like this to more people.
Forward this newsletter. Know of someone who needs to read it? They can sign up for free at this link.
|
|
Related
