For years, U.S. officials villainized end-to-end encrypted messaging apps like Signal as the domain of criminals and terrorists and a threat to national security.
As fallout over a Signal group chat about Yemen war plans ricocheted through Washington, however, CIA Director John Ratcliffe revealed at a Senate Intelligence Committee hearing on Tuesday that the app is approved for official communication and even comes installed on agency computers.
One longtime critic of government attacks on secure messaging said it was a sign that everybody else should follow suit.
“For everyday Americans, this seems like an inadvertent but strong endorsement of the cybersecurity and privacy value that Signal represents — assuming you actually know who you’re adding to the given chats,” said Sean Vitka, executive director of the progressive group Demand Progress.
“Going Dark”
The highly sensitive discussion over whether and when to attack Houthis in Yemen included two members of the panel at Tuesday’s hearing, according to a blockbuster report Monday from The Atlantic’s Jeffrey Goldberg.
There was particular irony to an FBI director’s presence on the panel next to members of the thread. For years, successive FBI chiefs Chris Wray and James Comey had lambasted end-to-end encryption. The FBI popularized the idea that terrorists and drug cartels were “going dark” on law enforcement, and that the government needed to step in to do something about it.
The FBI’s favored solution was to create a back door in the apps that would allow the government to snoop on conversations — but only with proper authority, the FBI said.
In a 2014 speech, then-FBI Director Comey said that the “post-Snowden pendulum has swung too far” in favor of privacy. Without creating a back door, he added, “homicide cases could be stalled, suspects could walk free, and child exploitation victims might not be identified or recovered.”
The FBI never made much progress in Congress toward securing a back d
10 Comments
gsibble
[flagged]
czk
https://archive.is/9LqJN
John Ratcliffe mentions it here: https://youtu.be/mz1sLlpee80?t=87
jandrewrogers
A lot of tech people here are obviously unfamiliar with the history of this. They used to use Gmail for nominally unclassified communication. Several years ago they unceremoniously dropped Gmail for all purposes, without much explanation. It was mostly replaced with Signal.
I originally started using Signal almost entirely as a side effect of this transition. It was blessed as a preferred choice of the US intelligence community for unclassified comms many years ago. And a lot of classified comms if we are honest. If you worked in the US government, you needed Signal.
This isn’t a value judgement, just an acknowledgement of reality. Given this, it would be weird if they didn’t have Signal installed.
ciafiles_org
[flagged]
lenerdenator
Nice feather in the cap.
But do they send the really sensitive stuff over it?
Or, rather, do the competent people send really sensitive stuff over it?
jaysonelliot
Does this mean the CIA is not subject to the Federal Records Act, or does it mean they're simply flaunting the law?
bediger4000
This is just an attempt at damage control over the Goldberg-in-the-chat thing, isn't it?
epistasis
Signal can be used to arrange meetings, but secret materials like war plans need to be in SCIFs
Everybody that saw that usage of Signal and didn't shut it down should face the normal consequences, in addition to the consequences that a leader undergoes for such terrible decision making.
colmmacc
I'm not saying this in humor, I'm genuinely curious … how do they handle Signal's absence of FIPS validation and FedRamp certification? Signal isn't even capable of being FIPS validated, the core cryptography is off NIST piste.
raggi
dedramp