The European Commission has told its staff to start using Signal, an end-to-end-encrypted messaging app, in a push to increase the security of its communications.
The instruction appeared on internal messaging boards in early February, notifying employees that “Signal has been selected as the recommended application for public instant messaging.”
The app is favored by privacy activists because of its end-to-end encryption and open-source technology.
“It’s like Facebook’s WhatsApp and Apple’s iMessage but it’s based on an encryption protocol that’s very innovative,” said Bart Preneel, cryptography expert at the University of Leuven. “Because it’s open-source, you can check what’s happening under the hood,” he added.
Signal was developed in 2013 by privacy activists. It is supported by a nonprofit foundation that has the backing of WhatsApp founder Brian Acton, who had left the company in 2017 after clashing with Facebook’s leadership.
Privacy experts consider that Signal’s security is superior to other apps’. “We can’t read your messages or see your calls,” its website reads, “and no one else can either.”
While WhatsApp’s technology is based on Signal’s protocol (known as Open Whisper Systems), it isn’t open-source. Another popular messaging app, Telegram, meanwhile, faces similar concerns over the lack of transparency on how its encryption works.
After a series of high-profile incidents that shocked diplomats and officials in Brussels and across the Continent, the European Union is beefing up its cybersecurity standards.
In December 2018, cybersecurity research firm Area 1 Security said it found that thousands of diplomatic cables were downloaded from the EU’s COREU (or Courtesy) system, which is used by national governments and EU institutions to exchange day-to-day information on foreign policy.
Then in June last year, the news broke that the EU’s delegation in Moscow had suffered what appeared to be a cybersecurity breach in 2017, with two computers allegedly hacked to steal diplomatic information. The Commission said it was investigating the issue and informed its top diplomats.
The EU on Wednesday said it would soon draft a new European cybersecurity strategy. It announced earlier it would set up a “joint cybersecurity unit” to support EU countries and organizations in the event of an attack.
Commission officials are already required to use encrypted emails to exchange sensitive, non-classified information, an official said. Classified documents fall under tighter security rules.
The use of Signal was mainly recommended for communications between staff and people outside the institution. The move to use the application shows that the Commission is working on improving its security policies.
Promoting the app, however, could antagonize the law enforcement community.
Officials in Brussels, Washington and other capitals have been putting strong pressure on Facebook and Apple to allow government agencies to access to encrypted messages; if these agencies refuse, legal requirements could be introduced that force firms to do just that.
American, British and Australian officials have published an open letter to Facebook CEO Mark Zuckerberg in October, asking that he call off plans to encrypt the company’s messaging service. Dutch Minister for Justice and Security Ferd Grappehaus told POLITICO last April that the EU needs to look into legislation allowing governments to access encrypted data.
Cybersecurity officials have dismissed calls to weaken encryption for decades, arguing that it would put the confidentiality of communications at risk across the board.