What is Signal and why were Trump officials using it to plan a military strike?
National security experts say that discussing classified information on a commercial app like Signal would be a serious breach of security procedures.
Signal, the favourite chat app for spies and journalists, got an unusual kind of endorsement this week after US national security officials were revealed to be using Signal to share information about a pending US military strike, and mistakenly included a journalist in the chat.
Here’s what you need to know about Signal:
What is Signal?
Signal is an encrypted chat app that offers text, voice and video chats for free. The app, which works on phones and desktop computers uses a technology called end-to-end encryption. That means that it scrambles your messages on your device in a way that should only be able to be unscrambled on your recipient’s device. In theory, this protects messages against anyone being able to understand them as they pass through the internet.
National-security experts say discussing classified information on a widely used app like Signal would be a serious breach of security procedures and create a big risk for leaks. But paradoxically, encryption experts also have long said that Signal is perhaps the safest encrypted app available on a commercial phone—making it widely used by government officials, intelligence sources and journalists. But that doesn’t make the phone you use immune to being hacked itself, which is why the government doesn’t want classified information shared on personal devices.
How are government officials meant to communicate securely?
Normally, conversations concerning classified military plans to strike foreign targets would be expected to occur solely in secure compartmented information facilities, or SCIFs, rooms that are specifically designed to prevent conversations from being spied on by any unwanted third parties. Cellphones, which can be hacked, are typically banned from SCIFs, as are other electronic devices.
While most SCIFs are housed within government offices, there are overseas secure facilities in embassies, and very senior national-security officials often have personal SCIFs built into their private homes to be able to communicate about sensitive matters around the clock.
Government officials also use a second, high security system for classified email messages, known as the “high-side,” system. This is a system government lawyers said that Hillary Clinton didn’t use in some classified email communications when she was secretary of state.
Who owns Signal?
Signal is owned by a nonprofit organization called the Signal Technology Foundation, which is largely financed by donations and grants. That structure was set up by the app’s founder, cryptographer and entrepreneur Moxie Marlinspike, with an initial $50 million from WhatsApp co-founder Brian Acton. The foundation structure is intended, in part, to keep Signal from having any commercial incentive to keep or monetize user data.
Acton left WhatsApp owner Meta Platforms in 2017, but remains on Signal’s board. The app is now run by Meredith Whittaker, who previously worked at Google and co-founded the AI Now Institute.
The app shot up the app-store rankings after news broke about the breach.
Is Signal more secure than WhatsApp?
WhatsApp actually uses Signal’s open-source encryption protocol to power its end-to-end encryption, making the level of encryption between the two apps similar. Because the algorithm is open-source, anyone can try to break it, but no one has succeeded.
Cybersecurity-industry players, however, say Signal is the safest encrypted app. Signal, in addition to being encrypted, also says that it keeps almost no data about how its users use the app. That means that even if it were hacked, or if the government came with a subpoena to ask for information about a user, it would only be able to provide two kinds of what is called metadata: the date an account was created and the last time it was used, but not when messages were sent or to whom.
Could Signal be hacked?
So far, there is no evidence that Signal’s open-source encryption algorithm has been broken—and indeed intelligence officials sometimes use the app on their personal smartphones or computers as what they say is the safest option. Following revelations first reported by The Wall Street Journal last fall about the deep compromise of US telecommunications firms by Chinese state-backed hackers, Signal grew even more in demand as cybersecurity officials urged everyone to move to encrypted apps to protect themselves from foreign espionage.
But the issue in this case goes beyond Signal. This conversation was happening on mobile phones, including one belonging to a journalist, and phones can be hacked. End-to-end encryption can work perfectly, but if the phone is compromised, then all bets are off because the hacker could simply read the messages off the hacked device. There is a long history of hackers, governments and intelligence agencies breaking into phones directly to read messages, whether they are encrypted or not.
The Wall Street Journal
More Coverage
Add your comment to this story
Israel supplied intelligence in air strike discussed in Signal chat
Israel has complained to the US after intelligence it supplied to the US on a Houthi target was discussed by Mike Waltz on the Signal war chat.
US deploys its stealthiest big bombers in range of Iran, Yemen
The Trump administration has deployed B-2 bombers to a base in the Indian Ocean amid its campaign against the Houthi militia.
To join the conversation, please log in. Don't have an account? Register
Join the conversation, you are commenting as Logout