For years, U.S. officials villainized end-to-end encrypted messaging apps like Signal as the domain of criminals and terrorists and a threat to national security.
As fallout over a Signal group chat about Yemen war plans ricocheted through Washington, however, CIA Director John Ratcliffe revealed at a Senate Intelligence Committee hearing on Tuesday that the app is approved for official communication and even comes installed on agency computers.
One longtime critic of government attacks on secure messaging said it was a sign that everybody else should follow suit.
“For everyday Americans, this seems like an inadvertent but strong endorsement of the cybersecurity and privacy value that Signal represents — assuming you actually know who you’re adding to the given chats,” said Sean Vitka, executive director of the progressive group Demand Progress.
“Going Dark”
The highly sensitive discussion over whether and when to attack Houthis in Yemen included FBI Director Kash Patel, according to a blockbuster report Monday from The Atlantic’s Jeffrey Goldberg.
There was particular irony to an FBI director’s presence on the thread. For years, Patel’s predecessors Chris Wray and James Comey had lambasted end-to-end encryption. The FBI popularized the idea that terrorists and drug cartels were “going dark” on law enforcement, and that the government needed to step in to do something about it.
The FBI’s favored solution was to create a back door in the apps that would allow the government to snoop on conversations — but only with proper authority, the FBI said.
In a 2014 speech, then-FBI Director Comey said that the “post-Snowden pendulum has swung too far” in favor of privacy. Without creating a back door, he added, “homicide cases could be stalled, suspects could walk free, and child exploitation victims might not be identified or recovered.”
The FBI never made much progress in Congress toward securing a back door. Across the pond, attacks on end-to-end encryption are ongoing, with the United Kingdom reportedly ordering Apple in secret to create one. France’s National Assembly last week voted down a backdoor mandate sought by the country’s Interior Ministry.
The CIA Seal of Approval
The FBI’s official position became increasingly tenuous last year when revelations about “Salt Typhoon” hackers made clear that unencrypted communications were highly vulnerable to foreign adversaries.
The hackers, who were allegedly affiliated with the Chinese government, targeted phones used by Donald Trump, JD Vance, and the Kamala Harris campaign, according to reports, and in some cases were able to scoop up the content of text conversations.
By December, the FBI was still promoting back doors under the banner of what it calls “responsibly managed” encryption. At the same time, however, the Cybersecurity and Infrastructure Security Agency was advising end-to-end encrypted messaging apps such as Signal as a defense against Chinese hackers.
Signal, which is based on an open-source protocol and operated by a nonprofit foundation, is designed to reduce to a minimum the amount of information that the app can access. Only the users involved in a conversation have decryption keys, making it impossible for the Signal Foundation to view unencrypted conversations. The foundation also cannot see metadata such as a user’s contacts.
On Tuesday, Ratcliffe revealed that the government has adopted Signal at the highest echelons.
“One of the first things that happened when I was confirmed as CIA director was Signal was loaded onto my computer at the CIA.”
“One of the first things that happened when I was confirmed as CIA director was Signal was loaded onto my computer at the CIA, as it is for most CIA officers,” Ratcliffe said.
The practice began during President Joe Biden’s administration and had the official approval of CIA records management officials, Ratcliffe said, as long as “any decisions that are made are also recorded through formal channels.”
Critics of government secrecy were immediately alarmed that government officials might be trying to evade leaving records subject to the Freedom of Information Act or the Presidential Records Act by using private devices with disappearing messages.
Despite the high level of protection that end-to-end encryption provides in transit, however, the group chat also raised serious security issues. Even secure messaging apps cannot solve the problem of hackers who have compromised the device running them. Nor can they keep information secret in the event of human error — say, inadvertently adding a journalist to a sensitive discussion of military strikes.
Under questioning from Sen. Jack Reed, D-R.I., Director of National Intelligence Tulsi Gabbard refused to say whether she used a personal or government-issued phone for her part of the conversation.
Sen. Michael Bennet, D-Colo., also asked Ratcliffe whether he was aware that Trump’s special envoy Steve Witkoff, another member of the group chat, was on a trip in Moscow during the conversation, raising more concerns.
Signal offers users the ability to sync messages across multiple devices. Vitka, the advocate with Demand Progress, said that if government officials were syncing messages to vulnerable private devices, that would raise a host of questions.
“That personal device could be the liability. And as soon as any of these devices are compromised, then the entire chat, the entire thread — then all of the information in it is compromised,” he said.
Senate Republicans largely attempted to sidestep questions about the Yemen group chat during the committee hearing, but Democrats were united in their criticism.
“This is an embarrassment. This is utterly unprofessional. There has been no apology. There has been no recognition of the gravity of this error,” said Sen. Jon Ossoff, D-Ga.
(Except for the headline, this story has not been edited by PostX News and is published from a syndicated feed.)
