WASHINGTON, D.C. – In one of the top stories coming out of Washington, The Atlantic magazine editor-in-chief, Jeffrey Goldberg, shares he was added into a group chat which included the Vice President, Defense Secretary, the Director of National Intelligence, the National Security Advisor, and others. Goldberg said the group was detailing plans of an attack on rebels in Yemen. According to Goldberg, the group was using the app Signal to communicate. Experts explain why Signal is different from regular text messages and if the app is secure for sensitive conversations. Signal is an encrypted service for text messaging, phone and video calls.
“There’s a wide array of what can be an encrypted thing,” said Gregory Falco, an Assistant Professor at Cornell University. “The most basic form is where you use something like a cypher, basically switching out letters with other letters or numbers.”
Falco said it’s essentially tough to crack.
“If you have knowledge of that code, you can switch it back into the original information you’ve gotten, so it’s kind of like a decipherability kind of puzzle that people established a hundred plus years ago,” said Falco. “It enables people to have more secure messaging because if you don’t have the code, you don’t know what it says.
Anyone can download Signal onto their device. Journalists use Signal to chat with sources or whistleblowers. Government officials also use the app because of it’s end-to-end encryption, disappearing messages, and minimal data collection.
“And the reason why [officials use the app] is because it has a very strong [inaudible] curve, which is what you use to encrypt things,” said Falco. “It’s part of the algorithm you’re doing to encrypt the information and also it is something that we know there aren’t a lot of nation-state actors who haven’t been able to crack this.”
Falco said it’s a powerful tool, but it’s not perfect.
“The weaknesses actually happen on the phone,” said Falco. “So even though the data you’re encrypting or the information your encrypting is secret, when it gets to your phone, if your phone was compromised like let’s say there’s malware on your phone; that malware could read what’s going on in that encrypted app and that’s kind of where the risk is showing up. Using these encrypted messaging systems- it’s not because the encryption is crackable necessarily. It’s because your app, your phone might be compromised; And that compromised phone might be reading the stuff coming into that app and that’s why there’s a risk even if you are using a really powerful encryption mechanism that it still might not be so secret.”
But in this case, it wasn’t a security breach.
“It was someone who fat fingered it and added someone to a message they shouldn’t have been on,” said Falco. “That happens to everyone and it’s unfortunate.”
He adds there are secure communication channels government officials can use, but the challenge with those channels is that they’re not super-efficient.
“People who work for the government are normal people and they want to have convenience and want to have to pull up their phone and be like ‘hey so-and-so this is what’s going on right now,’” said Falco. “That doesn’t really exist on this super classified network, so you can’t just text someone on their phone in a very simple way like that doesn’t work that way. So, you might have communication channels that are encrypted and can absolutely tolerate the use of secret information but it’s not like using your phone. Therefore, they are not used as readily. Signal is used by a lot of government people that I work with. Its definitely not an official form of communication. People are not supposed to use it I think but it’s one of those things where convenience trumps security.”
Falco said this situation speaks to how well we need some solutions for the government to be more agile for secure communications.
“Because this is more of a human error mess than a technical mess,” said Falco.
