X
Tech

Trump aides' use of encrypted messaging may violate records law

Using disappearing messages in government could be a "recipe for corruption," says one expert.
Written by Zack Whittaker, Contributor
signal-iphone-hero.jpg

(Image: ZDNet)

Senior Trump administration aides communicating over encrypted messaging apps may be violating federal record-keeping laws.

The Wall Street Journal reported that political aides close to the president are using Signal, an end-to-end encrypted messaging app. And it's not just in the White House. Aides close to the New York governor and the mayor and Obama administration staff also use the encrypted messaging app.

It's no secret that many in politics are taking security more seriously following the hacks that hit the Democratic National Committee, which led to the leaking of thousands of emails to WikiLeaks.

But by keeping those messages and communications private, top administration officials may be falling foul of the Presidential Records Act, a law that requires staff to keep records of those conversations.

"If new agency appointees are using Signal or other disappearing message apps routinely for work, even if it's not classified, that's a serious lapse in records retention policy," said Michael Morisy, founder of non-profit investigative news site MuckRock.

"Email retention is still a huge struggle, and I have a hard time believing that Signal messages are properly being archived," he added.

Alex Howard, deputy director of the Sunlight Foundation, called it a "recipe for corruption" and a "willful effort not to be held accountable."

"If you're a public official and you're using an encrypted messaging app, you're intentionally hiding from scrutiny," he said. "When you are a public servant, your work is in the public. Unless there is a compelling security reason it should be open."

He argued that the trouble with secure messaging is the retention. "It's a whole new challenge: Can you use something that intentionally can't be tracked?" he said.

Federal and presidential record-keeping isn't just another chore of being in high office, it's the law.

Every record, such as documents, memos, and even emails and instant messages of government business, has to be preserved by the National Archives and Records Administration (NARA) within a few days of its creation. That said, presidential records are treated slightly differently from federal records. Most of the president's senior aides are not subject to freedom of information requests until after the president leaves office, but they must still retain and archive their work communications for later release.

"Technically and legally, it's not something that's their choice," said Patrice McDermott, executive director of OpenTheGovernment.

While the records are kept for future transparency or in case of litigation, the archivists don't automatically keep track of every communication, she said.

There are policies that aim to help. An update to the law in 2014 expanded what tools federal employees can use, including a wide range of instant messaging and social media platforms for communication, but all messages must still be archived using "third-party services to capture messages, such as a service that captures all email, chat, and text messages created through agency-operated electronic messaging systems," according to a recent 2015 bulletin by NARA.

The problem is that end-to-end encrypted messaging apps by design make that capture process impossible, meaning much of the archiving or individual app backup effort would have to be self-policed.

"Encryption and messaging apps like Signal make life difficult for the archivists who are responsible for implementing those requirements," said Steven Aftergood, a government secrecy expert at the Federation of American Scientists, in an email.

He warned that aides using encrypted messaging apps can "make it easier to circumvent" those legal requirements without detection.

A White House spokesperson did not respond to our question about whether the Trump administration has set up data retention policies for its encrypted messaging use.

Tweets can be archived, papers can be stored, and government email accounts can be saved. But while messages apps need to be secure, reconciling that with a need to be transparent later on is a challenge in itself.

And while falling foul of those rules may lead to administrative sanctions or their eventual dismissal, Morisy says that if the problem isn't discovered until after they leave, there's "nothing that can usually be done."

"That's one good reason why this stuff should be highlighted sooner rather than later," he said.

Stop using '123456' as your password:

Editorial standards