Senate Given The Go-Ahead To Use Encrypted Messaging App Signal

from the feinstein,-burr-will-continue-to-use-AOL-chatrooms dept

Certain senators have repeatedly pushed for encryption bans or encryption backdoors, sacrificing personal security for national security in a move that will definitively result in less of both. Former FBI Director James Comey's incessant beating of his "Going Dark" drum didn't help. Several legislators always managed to get sucked in by his narrative of thousands of unsearched phones presumably being tied to thousands of unsolved crimes and free-roaming criminals.

It will be interesting if the anti-encryption narratives advanced by Sens. Feinstein and Burr (in particular -- although others equally sympathetic) continue now that senators can officially begin using an encrypted messaging system for their own communications.

Without any fanfare, the Senate Sergeant at Arms recently told Senate staffers that Signal, widely considered by security researchers and experts to be the most secure encrypted messaging app, has been approved for use.

The news was revealed in a letter Tuesday by Sen. Ron Wyden (D-OR), a staunch privacy and encryption advocate, who recognized the effort to allow the encrypted messaging app as one of many "important defensive cybersecurity" measures introduced in the chamber.

ZDNet has learned the policy change went into effect in March.

If this isn't the end of CryptoWar 2.0, then it's at least a significant ceasefire. Senators are going to find it very hard to argue against encrypted communications when they're allowed to use encrypted messaging apps. It's not that legislators are above hypocrisy. It's just that they usually allow a certain amount of time to pass before they commence openly-hypocritical activity.

This doesn't mean the rest of the government is allowed to use encrypted chat apps for official communications. Federal agencies fall under a different set of rules -- ones that provide for more comprehensive retention of communications under FOIA law. Congressional communications, however, generally can't be FOIA'ed. It usually takes a backdoor search at federal agencies to cut these loose. So, members of Congress using an encrypted chat app with self-destructing messages may seem like the perfect way to avoid transparency, but it's the law itself that provides most of the opacity.

If encryption's good for the Senate, it's good for the public. There's no other way to spin this. Even Trump's pro-law enforcement enthusiasm is unlikely to be enough to sell Congress on encryption backdoors. With this power in the palm of their hands, they're more apt to see the benefits of leaving encryption un-fucked with.

Filed Under: encryption, end to end encryption, messaging, senate, signal

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 20 May 2017 @ 12:56pm

    Re: Re: Re: Re: Re: Open Source Security Question

    The biggest protection that open source in general has against nasties being introduced into the code, is that nobody knows how many copies of the repositions exist, or how they track the official development path. While the development model is no guarantee of perfectly clean code, at least the code is open to review, and as the code distribution is source code, there is no way to introduce a backdoor into every binary without putting it in the source code.
    Could another key weakening trick, like the promotion of selected elliptic curves happen,. Wellyes of course it could, but specific suggestions like that will be viewed with more suspicion going forward. Elliptic curve cryptography is still used, it now known that some curves make iit easier to attack, but then all cryptography based on more complex maths ay turn out to have such a weakness. Such attacks however are hard to find, and so only turn up rarely. Also, they tend to nbe of limited use, by bringing the time to decode a message to level where it is useful for selected messages, but nowhere fast enough for geberal surveillance.

    Is open source encryption invulnerable to introduced weaknesses, no, but they will have to be subtle and hard to find, in the mathematical sense, and found by someone who will keep them secret, rather than publishing for academic glory. Also code bugs will occur, but here the open source community can usually respond with a patch to fix the issue within hours.

    With a proprietary binary software model, even if you can examine the source under an NDA, there is no way to check that it is the code running on your system.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Show Now: Takedown
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.