ACLU Calls On Congress To Use End-To-End Encryption To Thwart Spying

Signal application

The American Civil Liberties Union (ACLU) called on Congress to enable end-to-end encryption for its communications, by moving to apps such as Open Whisper Systems' Signal, Whatsapp or iMessage.

This year was a rather bad one for the U.S. government in terms of cybersecurity, considering it experienced the biggest hack in its history, when the Office of Personnel and Management (OPM) data breach happened. The hackers stole sensitive information of over 21 million people dating back 30 years that could be used for blackmail or for further penetration into the government's systems.

The ACLU has already been pushing the White House, as well as the military, FBI and CIA, to adopt encryption for their websites and email communications, and some of those calls actually turned into results. For example, starting with this year, all federal agencies will begin to use HTTPS encryption for their sites.

The ACLU is now calling on the members of Congress to adopt strong end-to-end encryption for their communications, too, as they could be targeted by foreign intelligence agencies, much like how the NSA targets other countries' politicians. In fact, when asked about this problem, current NSA chief Admiral Mike Rogers said that U.S. policymakers and other government employees are attractive targets to other nation states.

The civil liberties organization also said in its open letter to Congress that it's important to have separation of powers in the government, and that, for instance, the executive shouldn't be able to easily spy on Congress if it so decides, or simply as a part of its "collect it all" surveillance strategy.

The ACLU suggested Congressional members and their staffs use end-to-end encrypted applications such as Signal (E2E texts, E2E group texts, E2E calls), Facetime (E2E call), iMessage (E2E texts) or Whatsapp (E2E texts), as a way to thwart any spying, whether domestic or foreign.

The group also said that wireless network connections use encryption protocols developed in the 1980s that have been broken since the 1990s. Right now, they all support LTE connections, which come with better security (not end-to-end, though), but devices can still be forced to use 2G and 3G connections with weaker encryption that can be broken by devices called IMSI Catchers.

So far none of the major mobile OS providers have implemented any security mechanisms against this sort of attack, but there are certain apps that can alert you when such a device is used against you.

However, for members of Congress, it would be much easier to use data-based chat and voice applications that have end-to-end encryption by default to bypass any issues that arise from the lack of wireless network security.

Follow us @tomshardware, on Facebook and on Google+.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • toadhammer
    Excellent notion! Get them hooked before they start listening to the intelligence community say no one should have encryption!