The Atlantic’s editor-in-chief recently landed in the middle of a Signal chat between senior Trump administration officials over bombing Yemen. But why were they using Signal in the first place and not WhatsApp or another messaging service?
It’s simple: The app has a strong security structure, which has led to its use to discuss upcoming military strikes in Yemen, because it uses end-to-end encryption and open-source technology.
End-to-end encryption is a method that allows only the sender and recipient to read the messages. When a message is sent, it is encrypted using a ‘key’. No key, no access.
This means no middleman, including service providers, and not even Signal itself, can access the message.
Signal also pioneered an open-source approach to encryption, called the Signal Protocol. Encryption is most secure when it’s built on open-source algorithms, the Open Source Initiative (OSI) told Euractiv.
Open source means the code behind the encryption is made public and available online for anyone to see. So any issues can be checked and reviewed for security.
Using strong encryption is a matter of national security. Not doing so can expose people and infrastructure to significant vulnerabilities, Meredith Whittaker, Signal’s president, said in a recent interview.
WhatsApp adopted end-to-end encryption in 2016, using the Signal Protocol as a basis. However, it made a closed-source version, which means outsiders cannot see its workings – you just have to trust that it’s secure.
Telegram, another alternative that is often mentioned, doesn’t use end-to-end encryption at all. It’s a given that a third party can intercept any Telegram messages you send or receive.
On top of this, Signal operates as an independent non-profit in the US and is not tied to any major tech companies, according to its website. WhatsApp has been part of Facebook founder Mark Zuckerberg’s Meta since 2014.
Why institutions are switching to Signal
Signal’s stronger security is why it’s gaining traction in political circles, including Brussels.
Both the European Commission and Parliament recommend the app when staff cannot access secure communications tools that the institutions are otherwise paying for.
In its internal communication to parliamentary staff in February, seen by Euractiv, the IT services said that Signal was the recommended solution for messaging when using Parliament’s corporate solutions was “not possible.”
The Parliament currently uses Microsoft Teams and Jabber, a messaging service operated by US tech group Cisco, for official communication.
The guidelines cited an “increase in threat to the commercial telecommunications infrastructure” and several recent incidents targeting large US telecommunication companies.
One example is the “Salt Typhoon” attacks, in which Chinese hackers exploited weak encryption “back doors” integrated into the US telecom systems to gain access to information on US citizens – including Donald Trump.
Similarly, the Commission confirmed to Euractiv that it recommends the use of Signal, as it is a “safe alternative” where no equivalent corporate tool is available, although there is “no obligation” to use it.
Ultimately, the leaking of US national defence plans was not due to a problem with Signal’s encryption but to human error within Trump’s inner circle. So, the right app – just the wrong people in the chat.
[MM]
