 "The Signal app. Image courtesy: Signal.org")
The app Signal has found itself in the centre of controversy.
This comes after the White House confirmed that The Atlantic Editor-in-Chief Jeffrey Goldberg was added to a group on the messaging app in which officials were discussing their Yemen plan.
“On Tuesday, March 11, I received a connection request on Signal from a user identified as Michael Waltz,” Goldberg wrote in piece on Monday.
Waltz is the United States National Security Advisor.
The group also included users “JD Vance” – who is the Vice-President – and “Pete Hegseth.”
Hegseth is the US Defence Secretary.
America on Sunday said it launched a series of “decisive and powerful” airstrikes on the Houthis in Yemen.
But what do we know about the Signal app? Is its use against the law?
Let’s take a closer look:
What is Signal?
Signal is a free, open-source messaging app.
The app was released in 2012.
Signal works on Apple and Android devices.
It is used by an estimated 70 million people across the world.
Its USP is privacy – its end-to-end encryption allows people to send messages to each other securely.
“Signal is a non-profit with no advertisers or investors, sustained only by the people who use and value it,” its biography reads. It is “protecting free expression and enabling secure global communication through open-source privacy technology.”
“Your profile information is end-to-end encrypted with a unique profile key that is securely shared via the same Signal Protocol messaging channel that already protects your conversations and calls,” Signal says on its website.
This means a third party like the government or state actors cannot intercept your private conversation.
Signal, unlike some other messaging apps, does not collect and store user information on servers.
“Signal is designed to never collect or store any sensitive information,” Signal states on its website.
It tracks minimal metadata, according to Tech Crunch.
Its messages also disappear – providing an additional layer of security for users.
As per CNET, you can either keep your number visible on Signal or hide it.
You can also allow people to find you on Signal or keep yourself hidden on the app.
Signal also assigns safety numbers when you chat with someone.
This allows you to make sure you know whom you are talking to.
It also lets you know if the safety number, for some reason, has changed.
You can also use Signal to make voice and video calls, create groups and share files.
Signal became more popular post 2021 – after WhatsApp, which is owned by Meta, changed its privacy policy.
Signal leadership has also publicly recommitted its efforts goal of protecting privacy.
TechCrunch quoted Signal president Meredith Whittaker as saying, “Signal’s position on this is very clear –- we will not walk-back, adulterate, or otherwise perturb the robust privacy and security guarantees that people depend on.”
“Whether that perturbation or backdoor is called client-side scanning, or the stripping of the encryption protections from one or another features similar to what Apple was pushed into doing in the UK.”
However, it must be noted that when it comes to sending messages online, nothing is 100 per cent sure.
Is its use against the law?
Not in general.
Which is why journalists often use apps like Signal when talking to sources or whistleblowers.
An investigation by The Associated Press also found that over 1,100 government workers and officials across America have accounts on signal.
This includes state, local and federal officials in nearly every state, including many legislators and their staff as well as staff for governors, state attorneys general, education departments and school board members.
However, in this instance, the use of Signal might be against the law.
This is because of national security implications.
As Goldberg, who received the text from “Michael Waltz,” wrote in The Atlantic, “Conceivably, Waltz, by coordinating a national-security-related action over Signal, may have violated several provisions of the Espionage Act, which governs the handling of “national defence” information.”
The Atlantic consulted multiple national security experts and presented them with just such a scenario.
All of said Signal has not been approved by the US government as a space in which to share sensitive information.
They said that no US official should be discussing such classified actions on Signal and that such information, if sent out, matched the law’s classification of “national defence.”
The US government has its own protocol for sharing top secret information.
If officials want to coordinate, they have to go into their sensitive compartmented information facility – also known as SCIF.
This facility, which most Cabinet-level officials have in their home, work on government equipment.
Even cellphones are not allowed inside the SCIF.
The use of Signal gives rise to yet another problem.
Some of the messages in the group are slated to disappear after one week, while others are set to disappear after four weeks.
However, experts say that under federal law officials are required to preserve records.
“Under the records laws applicable to the White House and federal agencies, all government employees are prohibited from using electronic-messaging applications such as Signal for official business, unless those messages are promptly forwarded or copied to an official government account,” Jason R Baron, a professor at the University of Maryland and the former director of litigation at the National Archives and Records Administration, told The Atlantic.
“Intentional violations of these requirements are a basis for disciplinary action. Additionally, agencies such as the Department of Defense restrict electronic messaging containing classified information to classified government networks and/or networks with government-approved encrypted features,” Baron said.
The US Cybersecurity and Infrastructure Security Agency, or CISA, has recommended that “highly valued targets” — senior officials who handle sensitive information — use encryption apps for confidential communications.
But those communications are not typically releasable under public record laws.
The White House , confirming the development, telling ABC that the messages “appear to be authentic” and that the incident is being reviewed.
“The thread is a demonstration of the deep and thoughtful policy co-ordination between senior officials,” the representative said. “The ongoing success of the Houthi operation demonstrates that there were no threats to our servicemembers or our national security.”
But Washington Post quoted Hegseth as saying on Monday, “Nobody was texting war plans.”
Trump told reporters he was unaware of the incident.
He also took aim at The Atlantic, “I think it’s not much of a magazine but I know nothing about it … well, it couldn’t have been very effective because the attack was very effective. I can tell you that I don’t know anything about it. You’re telling me about it for the first time.”
Signal’s founder, Moxie Marlinspike, mocked the White House.
“There are so many great reasons to be on Signal. Now including the opportunity for the vice president of the United States of America to randomly add you to a group chat for co-ordination of sensitive military operations,” Marlinspike wrote on X. “Don’t sleep on this opportunity.”
Democrats and Republicans alike have slammed the White House.
The Washington Post quoted Democrat Bennie G Thompson of Mississippi), the top Democrat on the House Committee on Homeland Security, as saying “should go without saying that Trump administration officials must not use Signal for discussing sensitive intelligence matters reserved for
Republican representative Michael Lawler of New York wrote on X, “Classified information should not be transmitted on unsecured channels — and certainly not to those without security clearances, including reporters. Period. Safeguards must be put in place to ensure this never happens again.”
Pete Buttigieg wrote on social media, “From an operational security perspective, this is the highest level of ($##%) imaginable.”
“These people cannot keep America safe.”
Former Secretary of State Hillary Clinton wrote on social media, “You have got to be kidding me.”
Clinton, ironically, was heavily taken to task by Republicans and the US media for a private email server she used.
Subsequent investigations determined that she should not be prosecuted criminally.
Democratic Senator Chuck Schumer has called for a “full investigation” and warned of “very harsh consequences” for anyone found leaking sensitive information.
What do experts say?
That people in general can use these apps.
“The fundamental problem is that people do have a right to use encrypted apps for their personal communications, and have those on their personal devices. That’s not against the law,” said Matt Kelly, editor of Radical Compliance, a newsletter that focuses on corporate compliance and governance issues. “But how would an organisation be able to distinguish how an employee is using it?”
They say stronger and clearer laws are needed.
The best remedy is stronger public record laws, said David Cuillier, director of the Brechner Freedom of Information Project at the University of Florida. Most state laws already make clear that the content of communication — not the method — is what makes something a public record, but many of those laws lack teeth, he said.
“They should only be using apps if they are able to report the communications and archive them like any other public record,” he said.
Generally, Cuillier said, there’s been a decrease in government transparency over the past few decades. To reverse that, governments could create independent enforcement agencies, add punishments for violations, and create a transparent culture that supports technology, he said.
“We used to be a beacon of light when it came to transparency. Now, we’re not. We have lost our way,” Cuillier said.
With inputs from agencies