Encrypted Messaging App ‘Signal’ Approved for Use by U.S. Senate

The U.S. Senate has approved popular encrypted messaging app Signal for official use by staffers in the chamber, it was revealed yesterday (via ZDNet).

The news came in a letter sent on Tuesday by Senator Ron Wyden (D-OR), known to be a staunch privacy advocate, in which he underlined his belief that "backdoor-free" encryption should be embraced by the state at all levels rather than something the government should fear.

I have long argued that strong, backdoor-free encryption is an important cybersecurity technology that the government should be embracing, not seeking to regulate or outlaw. My own Senate website, which has used HTTPS by default since 2015, was the first Senate website to do so. With the transition to default HTTPS for all of the other Senate websites and the recent announcement by your office that the end-to-end encrypted messaging app Signal is approved for Senate staff use, I am happy to see that you too recognize the important defensive cybersecurity role that encryption can play.
Signal by Open Whisper Systems is widely considered by security experts to be the most secure mobile messaging platform on iOS and Android, due to features like end-to-end encryption of text, picture, and video messages, support for private calling, and a lack of separate logins.

Members of Congress are for the most part exempt from record-keeping laws, so long as encrypted communications are not "historically valuable", or do not include committee documents. However, workers of the federal government and those who work directly with the president are governed by federal and presidential record-keeping laws. Indeed, communications over encrypted apps may fall foul of the Presidential Records Act, which requires staff to keep records of those conversations.

In January, The Wall Street Journal reported that political aides close to the president had been using Signal, but the White House declined to comment on whether the Trump administration has set up data retention policies for its encrypted messaging use.

Last year, Apple was embroiled in a public dispute with the FBI over a request to create a backdoor into iPhone software so that it could unlock the phone of the San Bernardino shooter. Apple refused to comply with the request, claiming that the code would lead to weaker smartphone encryption and inevitably get into the wrong hands.

Eventually the FBI backed down in its request and resorted to third-party hacking tools, but throughout the case, Apple CEO Tim Cook remained adamant on the company's continuing stance for user privacy, calling the FBI's request for entering an iPhone "the software equivalent of cancer".

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

Signal Privacy Messenger Users Advised to Turn Off CallKit Support in Latest Update

Encrypted communications app Signal received an update yesterday that enabled video calling for the first time, but the latest version also brings CallKit support to the platform, which may leave some privacy-conscious users wary.

Introduced in iOS 10, the CallKit SDK allows incoming calls from third-party VoIP apps to appear on the iOS lock screen and recent calls list, just like standard cellular IDs do. The concern among the privacy community is that their call data – including who they called and how long they spoke for – could be synced to iCloud.


In a blog post announcing the new beta features, Signal developers Open Whisper Systems noted that like video calling, CallKit integration is optional, and those concerned about data leakage can turn the support off in settings (Settings -> Advanced -> Use CallKit). The developers also told Wired that in the future, CallKit might only display "Signal users" in an iPhone's call log, to prevent the disclosure of identifying information.

Back in August, Russian security firm Elcomsoft discovered that iPhones automatically send a user's call history to the company's servers if iCloud is enabled, but the data gets uploaded in many instances without any user notification. The fear among privacy-minded users is that state actors could theoretically gain access to this information through cooperation with Apple, or that hackers could crack iCloud passwords and break into accounts.

More recently Elcomsoft revealed that when iPhone and iPad users permanently deleted their Safari browser history off their devices, iCloud had been storing that history for several months to over a year, before Apple reportedly fixed the issue. Concerned users are advised to turn off iCloud backups to keep their browsing history private, and be sure to check out the MacRumors Safari privacy guide for more useful information regarding browser settings on iOS devices.

Signal Private Messenger is a free download [Direct Link] for iPhone and iPad available on the App Store.

Tags: privacy, Signal

Discuss this article in our forums