European Commission switches staff from WhatsApp to Signal

Signal is an end-to-end encrypted messaging service that uses phone numbers as identifiers. Unlike the most popular encrypted messaging app, WhatsApp, Signal was developed in the early 2010s by a non-profit organisation and includes privacy-focused features, such as the ability to set messages to self-destruct after a specified time has elapsed.

Signal is entirely open-source, permitting more scrutiny than WhatsApp and Telegram. It has been well received by security experts and privacy advocates, including whistleblower Edward Snowden and WhatsApp co-founder Brian Acton.

According to a Politico report, the European Commission has told its employees to switch to using Signal via a message on internal communications boards earlier this month: “Signal has been selected as the recommended application for public instant messaging,” the message said.

It is understood that Signal is mainly recommended for private external communications; staff already use encrypted email to exchange sensitive information, with stricter measures in place for classified information.

The cybersecurity clampdown is likely to be motivated by several embarrassing incidents involving EU staff in recent years. In June 2019, it was reported that hackers had targeted computers containing diplomatic information during a visit to Russia by EU delegates. Previously, security research company Area 1 Security claimed to have found that thousands of diplomatic communications had been downloaded in 2017 from the COREU system used by governments and European agencies.

The European Commission announced recently that it would prepare a new cybersecurity strategy following these incidents.

The Commission’s recommendation could attract accusations of hypocrisy by privacy advocates on account of continued pressure from the UK government, EU leaders and US government agencies to permit back-door access to encrypted messages for law-enforcement and national security purposes. Cybersecurity experts and privacy advocates have argued against allowing governments access to encrypted communications on account of seriously weakening security across the entire app and potentially rendering countries more susceptible to hostile state-backed cyberattacks.

Following its resounding success in the December 2019 general election, the UK Conservative Party switched from using WhatsApp to Signal for internal communications, motivated by frequent leaks. Jim Killock of the Open Rights Group told The Guardian that the adoption of Signal was ironic, commenting: “I guess [Home Secretary] Priti Patel must be quite confused and alarmed as her party votes with its feet for secure messaging platforms, while she’s campaigning to stop them from protecting these very same users.”

The UK government has threatened to introduce laws forcing companies to introduce back doors if they do not voluntarily permit government agencies access.