What happened?
A magazine editor revealed that he was mistakenly added to a Signal group related to U.S. military operations. This incident not only raised concerns about leaks but also sparked curiosity among many users about the government’s use of the “Signal” software.
Signal is an encrypted communication software that allows users to register an account using their phone numbers. It offers features such as disappearing messages and screenshot protection, which ensure that messages remain encrypted during transmission.
Despite its powerful capabilities, sensitive information may still be leaked in cases of device theft or user negligence. Consequently, there remains controversy over whether the government can use this software.
What is Signal?
Recently, Jeffrey Goldberg, editor of The Atlantic, disclosed that he was mistakenly added to a Signal group concerning U.S. military operations, where he witnessed confidential discussions about actions in Yemen. This incident ignited discussions about government secrecy breaches while also making many curious about what Signal actually is.
According to ABC News, Signal is an encrypted communication software launched in 2014 by the non-profit organization Open Whisper Systems. It has gained popularity in both political and business circles, as well as the tech industry, due to its robust privacy protection features. Signal uses end-to-end encryption technology to ensure the security of user communications and promises not to collect or store sensitive data, making it a trusted private communication tool.
Similar to WhatsApp and iMessage, Signal requires users to register an account using their phone numbers and provides features like disappearing messages and screenshot protection, allowing messages to remain encrypted during transmission, ensuring that only the sender and receiver can read the content. The official website also clearly states that messages and calls on Signal are not accessible to the organization or third parties.
However, despite Signal’s advanced encryption technology guaranteeing that data is not scrutinized by third parties during transmission, it is not without vulnerabilities. Stuart Madnick, a cybersecurity expert at MIT, pointed out that while end-to-end encryption ensures data security during transmission, the security of the “device itself” remains the greatest risk. If a device is stolen or suffers from malicious software attacks, passwords, unlock codes, and other information could still be compromised, jeopardizing the confidentiality of message content.
From Jeffrey Goldberg’s incident, it is evident that military information, which should be strictly protected, can still be leaked due to user negligence.
Controversy over Government Use
As the number of Signal users continues to grow, the U.S. government remains cautious regarding the software’s use in official business. The Department of Defense’s internal oversight body noted in 2021 that former official Brett Goldstein used Signal for sensitive communications, considering it a violation of the Department of Defense’s (DoD) “record-keeping policy.” Therefore, such practices are not permitted.
The report indicated that Goldstein used Signal to discuss official DoD information while serving as the head of the Defense Digital Service and encouraged his subordinates to use the application for communication.
However, during a recent Senate Intelligence Committee hearing, CIA Director John Ratcliffe stated that many CIA officials were approved to use Signal. He explained, “When I was appointed Director of the CIA, Signal was installed on my computer, and this was the case for most CIA officials.”
Additionally, when Ratcliffe took office, the CIA’s records management department briefed him on the usage guidelines for Signal, informing him that it could be used as a work tool.
While Signal is a communication application focused on privacy and encryption, providing good security guarantees from a technical standpoint, its use in government and sensitive intelligence communications remains controversial. Whether in corporate or governmental contexts, reliance on such tools should not be excessive, and strict adherence to confidentiality and data protection policies must be maintained.
Source: ABC News, CNN