US Senate Adopts Signal, HTTPS A Year After Trying To Kill Encryption

After some attempts to backdoor encryption, led by Senators Dianne Feinstein (CA) and Richard Burr (NC), who are also the top ranking members of the Senate Intelligence Committee, the Senate staff has been approved to use the Signal messenger. Signal is currently considered by most experts as the most secure way to communicate due to its open source nature, use of end-to-end encryption, and self-destructing messages.

Anti-Encryption Bill

Early last year, Senators Feinstein and Burr co-sponsored a bill that would have compelled companies to provide encrypted data when requested by the U.S. government. Security experts reacted negatively to the bill, saying that it would end up forcing software vendors to avoid encryption altogether, resulting in a net loss to public safety.

After the bill was made public, Senator Ron Wyden (OR), who is also a member of the Senate Intelligence Committee, promised to filibuster the bill. Since then, the bill seems to have been forgotten, although it could still show up later if the senators who supported it find a good opportunity to promote it.

Senate Adopts Signal, HTTPS

Recently, the Senate adopted HTTPS encryption for the entire senate.gov domain, two years after the White House required that all new federal websites adopt it. This year, the General Services Administration also announced that it will automatically enforce HTTPS encryption by preloading them in modern browsers (with the browser vendors’ accord). That means no downgrade (to HTTP) or man-in-the-middle attacks should be possible.

In a recent letter, Senator Ron Wyden (OR) praised the Senate for adopting HTTPS, as well as for approving the use of the open source Signal private messenger. Signal uses state-of-the-art encryption and is developed by prominent cryptographers and privacy activists.

The Signal encryption protocol has also been implemented by apps such as WhatsApp, Facebook Messenger (Secret Conversations), and Google’s Allo (Incognito mode), but the first one may not guarantee security in all scenarios, while the rest don’t enable end-to-end encryption by default.

Feinstein’s own staff has been exposed previously to a hack from the CIA, and we have to imagine that rival nations constantly try to hack into U.S. government systems. Therefore, a good encryption protocol and a well-written application such as the Signal messenger may be necessary to preserve the confidentiality of communications between Senate members and their staff.

As the Senate and other arms of the government start using end-to-end encryption, their members may be less likely to want to ban tools using it in the future, which should be good news for people who care about their own privacy.

Privacy Enhancing Technologies

Senator Wyden recently recommended government agencies adopt other “privacy enhancing technologies” (PETs) such as differential privacy, which was implemented by Apple last year, and multi-party computation. Both are cryptographic mechanisms that allow services vendors to compute on private data without infringing on the users’ privacy.

“As the Commission on Evidence-Based Policymaking works to finalize its conclusions and recommendations to Congress, I write to remind the commission that new government databases, even if they are created for well-intended purposes, can both threaten the liberty of Americans and create an irresistible target for criminal hackers and foreign governments,” Wyden wrote to the Commission on Evidence-Based Policymaking.“For that reason, I strongly urge the commission to recommend that privacy enhancing technologies (PETs), such as secure multi-party computation (MPC) and differential privacy, must be utilized by agencies and organizations that seek to draw public policy related insights from the private data of Americans,” he added.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • poochiepiano
    I have a feeling that some of the senators above have a more, "encryption is for me, not for you" mentality.
    Reply
  • shrapnel_indie
    19702506 said:
    I have a feeling that some of the senators above have a more, "encryption is for me, not for you" mentality.

    Of that I have no doubt. I could at least name one that has exemplified that elitist attitude on other topics.
    Reply
  • Giroro
    Maybe they should instead, you know, actually write some laws to preserve people's right to privacy.
    Privacy should be a constitutionally protected right. I'm pretty sure that's one of the reasons the 3rd amendment exists. The fourth amendment simply isn't adequate to protect against the abuses of the Patriot act.
    Reply
  • hellwig
    "Feinstein’s own staff has been exposed previously to a hack from the CIA"

    Um, the American government doesn't spy on American citizens, duh! ... But seriously CIA, WTH?

    The wife and I adopted Signal after the election, didn't want Trump reading our txts and coming after us with his lawyers.
    Reply
  • DarkSable
    I'm sorry... In what world is it possibly a good idea for one of the least-trusted bodies of our government to be able to communicate with each other with zero record and zero accountability?
    Reply
  • eriko
    Signal is defo the way to go!

    Even the NYT asks you to use it for submitting stories.
    Reply