Things You Should Know But Don’t: Signal & End-to-End Encryption

Posted July 3, 2023

Anyone who uses the internet leaves a digital footprint. Each footprint can be an unwanted intrusion into your private life.  Over time these footprints can be accumulated and analyzed to create a profile that can become an information source for dangerous uses.  For the younger generation who grew up creating social media profiles and have never had a paper bill mailed to them, the dangers of a large digital footprint is especially worrying. The more online you are, the more you expose yourself to various security risks. Every account you make with a password is an opportunity for a security breach that might put your identity and privacy at risk. Aside from the clear danger of hackers, most major online companies make their living selling your data to advertisers. The government also uses this information to track you.

We’ve come to accept that publicly posting information comes with a certain amount of risk. But what about the information you share in private? Or the texts and emails you pass between friends and family? Do these things remain private?

The truth is a lot of casual online communication is easily intercepted and interpreted by third parties and not just the intended recipient. If you’re using an app to talk with your friends and family and it isn’t end-to-end encrypted (E2EE), then your data is far from secure. There are some apps (WhatsApp, LINE, and iMessage to name a few popular ones) that are E2EE by default, meaning that the data contained in your messages cannot be interpreted by any device other than the one receiving it. This is because the data itself is encrypted, and only the receiving device contains the decryption key. Think of it like any other cypher or code that can only be cracked with the right key.

So while there are a few different apps that offer E2EE, there is one app that stands out as the most secure amongst them all: Signal. Compared to the likes of iMessage or WhatsApp, it is lesser known, but this is because Signal is run by a non-profit organization. Without any ties to major tech companies, there is little incentive for the app to post ads, track you, or share your data with external sources. In fact Signal doesn’t even store most user data—their website has a page dedicated to posting various requests from law enforcement that they proudly deny. In their own words, “It’s impossible to turn over data that we never had access to in the first place. Signal doesn’t have access to your messages; your chat list; your groups; your contacts; your stickers; your profile name or avatar; or even the GIFs you search for.” In November 2021, following a Freedom of Information Act request, the FBI disclosed an internal “at-a-glance” document that outlines 9 major E2EE messaging apps and the kind of data that can be retrieved from each one. In this document as well, Signal stands out as one of the most user-privacy focused apps available.

Everyday people can, and perhaps should, consider making the switch to a more secure messaging app, but Signal has gained popularity among professions that are particularly focused on privacy. This would include journalists, activists, government officials, and other high-profile business leaders. Even law enforcement also has come to adopt the use of Signal—but there is some controversy over whether its use is appropriate or not when used in a professional context. In 2021 it was confirmed that many top officials from the Michigan State Police have Signal installed on their state-issued mobile phones. A year later police in Phoenix were also scrutinized for using Signal to discuss official business. Some believe that the use of E2EE messaging apps like Signal violates the Freedom of Information Act, which states that all communication that could be considered public records must be retained for some amount of time. Signal, with its option to permanently delete messages, may not fully comply with this when used by law enforcement agencies. However, some argue there are other times where E2EE is needed in order to exchange sensitive information.

This kind of tech is useful and important to the average user when it comes to taking back one’s privacy online and keeping conversations secret.  But Signal is also among the most popular messaging apps for criminals.  That makes sense.  They’re the most likely population that wants to keep their conversations out of reach by law enforcement.  Its use in larger organizations, like government or law enforcement, remains uncertain.  It’s no secret, however, that there are many ways law enforcement agencies like the FBI have an array of technology available to them to keep their own investigation techniques secret or to track a person’s activities.  I explore the use of intrusive technology by criminals and the FBI in my new novel, The Shakespeare Killer.

Leave a Reply

Your email address will not be published. Required fields are marked *