The news of Trump officials using Signal for a group chat on military operations has raised many questions about just how secure such messaging apps are and the risks if government officials use them on their personal devices. Lisa Desjardins reports.
Read the Full Transcript
Notice: Transcripts are machine and human generated and lightly edited for accuracy. They may contain errors.
-
Geoff Bennett:
Well, that Signal group chat has also raised many questions over just how secure such messaging apps are and the risks if government officials use them on their personal devices.
Our Lisa Desjardins has more.
-
Lisa Desjardins:
That's right, Geoff.
The Signal chat among Cabinet members has highlighted a cybersecurity concern, the growing use of personal phones and downloaded apps by public officials who handle sensitive information. Attorney General Pam Bondi has dismissed calls for a criminal investigation into the Signal conversation. She says the app is secure.
Joining me now to discuss is Thomas Rid, professor of strategic studies at Johns Hopkins University.
Thomas, thanks for joining us.
Signal is an app that many folks may know is used for texting and messaging. You just type into your phone like other ones, but can you explain why it's become the go-to app for people handling sensitive conversations?
Thomas Rid, Johns Hopkins School of Advanced International Studies: Signal is the most secure messaging app that we have, because it is end-to-end encrypted. So that means there's effectively a tunnel of encryption going from your phone all the way to my phone should we talk via Signal or text via Signal.
And that means anybody listening in between — that could be Signal, that could be AT&T or somebody who owns a Wi-Fi network — they will not be able to see our text messages, end-to-end encrypted.
-
Lisa Desjardins:
So then let's go to what the attorney general is saying. Here are her words last night on FOX News.
Pam Bondi (R), U.S. Attorney General Nominee: I think Signal is a very safe way to communicate. I don't think foreign adversaries are able to hack Signal, as far as I know.
-
Lisa Desjardins:
That's the question. Are foreign adversaries able to hack into Signal?
-
Thomas Rid:
I think it's important here to be very specific. Technically, the attorney general is correct that so far we have no precedent of an adversary ever hacking into Signal the platform, as far as I'm aware of.
However, Signal is sitting on your phone on just commercially available phones like iPhones and Android devices. We have many examples of these phones getting hacked. And, of course, we should assume that high-value targets like, for example, the vice president or the secretary of defense or the national security adviser, that their phones are targeted by some of the most capable adversaries.
So the phones are vulnerable. Imagine literally somebody looking over my shoulder at my phone. They can see what's in it and what I'm texting on Signal. And so can somebody remotely reading my screen. That does not mean Signal has been compromised. It means the phone has been compromised and you can look inside the tunnel at the opening of the tunnel.
-
Lisa Desjardins:
Which foreign adversaries are the most likely to be doing this?
-
Thomas Rid:
That, of course, is an invitation to speculate. But high up on the list would be China, Russia, Iran, but many others as well.
-
Lisa Desjardins:
Now, in 2023, the Department of Defense sent out a memo telling employees that Signal should not be used for information that wasn't already public.
-
It wrote that:
"Mobile apps may contain malware and have vulnerabilities." And also: "This is possible without the user's consent or knowledge."
This goes to what you're saying about people getting onto phones, foreign adversaries. But I want to ask you, do you have a sense of how seriously the federal government structure, employees in the federal government have been taking that warning about Signal? Is it common for people to use it? Or do you feel like there's a culture of not using those apps?
-
Thomas Rid:
I mean, let's be very specific. Signal, for most normal people, for confidential, for conversations and phone calls that are confidential, that are just private — we call it private in public life. Signal is the best you can do.
However, the government, of course, has more secure systems available for classified information, like when you're planning a military operation. So Signal should not be used, very clearly, for any classified information, because it doesn't even reside in classified — in a classified environment.
So while it is the safest you can do as a commercial, private person, and indeed as a government employee outside of the classified system, it is not OK to use it for classified content. That is a fundamental difference that I think we should be very clear about.
-
Lisa Desjardins:
Something else about Signal is that it's designed so that messages can disappear very quickly, an hour after they're written, if the users choose to do it that way.
Can you help us with how that overlaps or if that's a problem with federal records law, which requires these conversations to be kept?
-
Thomas Rid:
Federal records law, indeed, requires information to be kept in an archive for future use. And, of course, if you set your disappearance time to something quite short, one minute, five minutes, or even just a day, it will be very hard to keep track because messages just disappear.
I'm not sure there's a process in place for capturing Signal traffic for archival purposes.
-
Lisa Desjardins:
Thomas Rid, thank you for giving us some answers. Still more questions out there. We appreciate you.
-
Thomas Rid:
Thank you.
Listen to this Segment
