Tech by Blaze Media

© 2024 Blaze Media LLC. All rights reserved.
Can we trust Signal to keep out government spying?

Bjorn Bakstad/Getty Images

Can we trust Signal to keep out government spying?

Responding to concerns that our favorite messaging app is compromised.

In City Journal, conservative activist and author Chris Rufo takes aim at the leadership of secure messaging app Signal, asking: “Is the integrity of the encrypted-messaging application compromised by its chairman of the board?” This article follows in a line of recent criticism of embattled NPR CEO Katherine Maher, who chairs the Signal Foundation board, and Signal Foundation President Meredith Whittaker. The article also raises concerns — echoed by Elon Musk and Jack Dorsey — about the app's trustworthiness, given its links to left-wing activists and U.S. government seed funding.

While we share Rufo’s concerns about Signal's leadership's outspoken leftist views and activism, we disagree with his alarmism over the app's core security and broad mischaracterization of internet freedom programs as vectors for domestic surveillance and censorship.

In contrast with Signal’s aloof anarchist founder, Moxie Marlinspike, Meredith Whittaker and Katherine Maher are both unapologetic progressive activists with radical views on the information ecosystem, online speech, and what values the tech industry should support. Before Signal, Whittaker was notable as a lead instigator of employee walkouts and activism at Google, attempting to stop the company from working with the Pentagon and leading an effort to purge then-Heritage Foundation President Kay Coles James from its AI advisory board.

Maher, who previously worked at Wikimedia Foundation, Web Summit, and progressive advocacy group Access Now, has a similar ideological record. As Reason magazine puts it:

Maher's past tweets would be hard to distinguish from satire if one randomly stumbled across them. Her earnest, uncompromising wokeness — land acknowledgments, condemnations of Western holidays, and so on — sounds like they were written by parody accounts such as The Babylon Bee or Titania McGrath.

Here, Rufo’s criticism is entirely fair, and Signal’s board would likely benefit from picking less controversial leaders while fostering intellectual diversity to reflect its global user base better.

Enemies of your enemies

But the fact that Signal is run by an outspoken anti-government, anti-corporate, privacy maximalist like Whittaker, who built her career opposing collaboration between tech and government, also makes it an unlikely tool of the surveillance state (not to mention that an avowed anarchist founded it). Rather than being evidence of any particular conspiracy, the involvement of leftists like Maher and Whittaker is best explained as a reflection of tech’s coastal elite cultural bubble.

Let’s look closer at Signal’s alleged ties to the government. Open Whisper Systems, the initial developer of its protocol, received a series of seed grants from a State Department-funded initiative called the Open Technology Fund, a nonprofit that gives grants to support open-source internet freedom projects. OWS was later dissolved and incorporated under the Signal Foundation. However, its open-source encryption protocol was widely adopted, vetted by security researchers, and integrated into apps including Facebook Messenger, Skype, and WhatsApp.

The OTF’s programs have supported numerous internet freedom tools, including virtual private networks, the Signal protocol, and Tor. What’s more, other government funding programs have supported the creation of the internet, GPS, and the core technologies in our smartphones, as do Silicon Valley giants like Intel, Tesla, Qualcomm, Apple, and Google.

The federal government has many legitimate policy interests in funding technology tools unrelated to surveillance, including foreign policy, geopolitical security, and economic competitiveness. In particular, the U.S. government’s internet freedom programs are directly from Cold War-era anti-communist radio and television.

Ronald Reagan 1950s Crusade for Freedom commercial soliciting funds for radio Free Europe

Today, these tools lend support to journalists, opposition parties, and dissident movements operating under authoritarian regimes like China, Russia, North Korea, and Iran. For instance, during the pro-democracy protests in Hong Kong, Signal rocketed to become the number-one downloaded app. Similarly, Signal usage has surged during the ongoing Russia-Ukraine war. Used in concert with VPNs, secure messaging access is a powerful freedom tool. Citing an anonymous source, Rufo’s article asserts the State Department and OTF “wield open source internet projects made by hacker communities as tools for American foreign policy goals.” Indeed. This is a feature, not a bug.

The OTF has its origins in a project of Radio Free Asia, the sister organization to Radio Free Europe, set up in response to the Tiananmen Square massacre and the growing threat of communism in Asia. Later, the OTF was spun off under the Trump administration as an independent nonprofit funded by the U.S. Agency for Global Media and chartered by Congress under 22 U.S.C. § 6208a. With a mission to “advance internet freedom in repressive environments by supporting … technologies that counter censorship and combat repressive surveillance to enable all citizens to exercise their fundamental human rights online,” the OTF is at the tip of the spear, helping support pro-freedom movements worldwide.

In the 20th century, America used radio and television broadcasts to spread freedom behind the Iron Curtain. In the 21st century, the OTF is breaking the Great Firewall and allowing people living in authoritarian states to access free and open information from around the world. The OTF’s funding of internet freedom projects such as VPNs, Tor, and yes, Signal, is intended to ensure that journalists and dissidents have “unrestricted access to uncensored sources of information via the internet.” To guarantee communications security over the technologies it supports, the OTF is legally required only to support fully open-source and auditable technologies. The OTF’s authorizing statute requires “comprehensive security audits to ensure that such technologies are secure and have not been compromised.”

If this isn’t enough, any attempt by the government to embed a secret back door would also have to get past its robust technical community and global security researchers, who can review and verify its source code on Github. Maher, a non-technical executive who joined the board in 2023, is unlikely to have had any involvement in its codebase.

For federal agencies like the State Department, knowledge of a back door would trigger the Vulnerability Equities Process, which requires federal entities, including law enforcement and intelligence agencies, to undergo independent review and disclose known exploits under certain circumstances where there is a significant risk of abuse by foreign governments, criminals, and other bad actors. On the black market, Russia-backed hackers are offering as much as $1.5 million for a Signal zero-day vulnerability.

Extraordinary claims require extraordinary evidence

To argue that Signal is insecure or untrustworthy because of indirect funding from the State Department is to fundamentally misunderstand the origins, mission, and practices of both Signal and the U.S.’ internet freedom programs. Critically, such thinking risks pushing people to far less secure alternatives like Telegram, SMS, and iMessage. While Telegram’s CEO has been an avid Signal critic, messages on its platform are still not encrypted by default. In addition to being open source and end-to-end encrypted, Signal has the added benefits of encrypting metadata, obscuring phone numbers, and employing quantum-resistant cryptography.

Internet freedom programs and their analog predecessors have historically enjoyed strong bipartisan support, including Republican champions like Newt Gingrich and Ronald Reagan. Here, Rufo’s criticism should be a warning to internet freedom advocates against placing lightning-rod activists in leadership or cultivating a partisan ideological monoculture.

Considering the federal government’s long history of abusing surveillance tools — from J. Edgar Hoover to the Patriot Act — a base level of skepticism or even paranoia is understandable. Civil liberties proponents on both sides of the aisle are right to question and challenge the security of their communication platforms, including Signal. However, as an indirect instrument of U.S. policy, Signal's role extends beyond just an app for secure messaging; it bolsters American values and safeguards the freedoms that define open societies.

Because it was created as open-source software designed to minimize what it collects and operate on hostile servers, who’s on its board or where its funding came from actually don’t matter that much. What matters is how it gets used in the world. On this count, Signal — and related programs like Tor, VPNs, and the OTF — have been a massive policy success and a worthy digital successor of programs efforts that helped bring down the Berlin Wall and end the Soviet Union.

Want to leave a tip?

We answer to you. Help keep our content free of advertisers and big tech censorship by leaving a tip today.
Want to join the conversation?
Already a subscriber?
Luke  Hogg

Luke Hogg

Luke Hogg is the director of policy and policy and outreach at the Foundation for American Innovation.
Zach  Graves

Zach Graves

Zach Graves is the executive director at the Foundation for American Innovation.