What Happened?
A magazine editor revealed that they were mistakenly added to a Signal group for U.S. military operations. This incident not only sparked concerns about potential leaks of classified information but also prompted many users to question the government’s use of the Signal software.
Signal is an encrypted communication app that registers accounts using users’ phone numbers. It offers features such as disappearing messages and screenshot protection, ensuring that messages remain encrypted during transmission.
Although powerful, the app still poses risks if devices are stolen or if users are negligent, as sensitive information could be leaked. As a result, there remains debate over whether governments should use such software.
What is Signal?
Recently, The Atlantic editor-in-chief Jeffrey Goldberg revealed that he was mistakenly added to a Signal group for U.S. military operations, where he saw confidential discussions about the Yemen operation. This incident has sparked discussions about government data leaks, while also piquing the curiosity of many about what Signal actually is.
According to ABC News, Signal is an encrypted messaging app launched in 2014 by the nonprofit organization Open Whisper Systems. It has become popular in political, business, and tech circles due to its strong privacy protection features. Signal uses peer-to-peer encryption technology to secure user communications and promises not to collect or store sensitive data, making it a trusted private communication tool.
Similar to WhatsApp and iMessage, Signal requires users to register with their phone numbers. It offers features like disappearing messages and screenshot protection, ensuring that messages remain encrypted during transmission and can only be read by the sender and receiver. The official website also makes it clear that messages and calls on Signal are not accessible to either the company or third parties.
However, even with advanced encryption technologies that guarantee the safety of data during transmission, Signal is not foolproof. MIT cybersecurity expert Stuart Madnick pointed out that while peer-to-peer encryption ensures the safety of data in transit, the security of the “device itself” remains the biggest risk.
If a device is stolen or compromised by malicious software, passwords, unlock codes, and other information could still be stolen, compromising the confidentiality of the messages.
Looking at the case involving journalist Goldberg, these military messages were supposed to be under strict protection, yet they were still leaked due to user negligence.
Debate Over Government Use
While the number of Signal users continues to grow, the U.S. government remains cautious about its use for official business. The Department of Defense’s internal watchdog pointed out in 2021 that former official Brett Goldstein used Signal for exchanging sensitive information, which was considered a violation of the Department of Defense’s “record-keeping policy,” meaning such practices are not allowed.
The report noted that Goldstein, during his tenure as head of the Defense Digital Service, used Signal to discuss official Department of Defense data and encouraged his subordinates to use the app for communication.
However, during a recent U.S. Senate Intelligence Committee hearing, CIA Director John Ratcliffe stated that many CIA officers were approved to use Signal. He explained, “When I was appointed CIA Director, Signal was installed on my computer, and this was the case for most CIA officers.”
Additionally, when Ratcliffe took office, the CIA’s records management department briefed him on the usage regulations for Signal and informed him that it could be used as a tool for work purposes.
Although Signal is a communication app built around privacy and encryption, and it technically provides strong security protections, its use for government and sensitive intelligence communications remains controversial. Whether in business or government agencies, these tools should not be over-relied upon, and strict adherence to confidentiality and data protection policies must be followed.
Source: ABCNews, CNN