“Drunken Determine?” I say, reading the words on my iPhone screen.
“Yep! That’s what I’ve got too, ‘Drunken Determine’” says my friend Matt.
“Great! The line’s secure!”
We’re not plotting our escape from the FBI, or trying to rob a bank. We’re making plans to make tacos for dinner using Signal, the Edward Snowden-approved app that promises to encrypt your messages and phone calls for free. Because of Open Whisper Systems open source encryption tool, making encrypted calls is no longer reserved for criminals, governments and the uber wealthy.
After the election of Donald Trump, Signal saw a surge of downloads, which isn’t that surprising given that many Americans are bracing themselves for expanded surveillance. For one, Trump has voiced his plans to surveil targeted groups, like mosques. Many in his cabinet also want to expand surveillance. For instance, the Senate voted this past Monday that Rep. Mike Pompeo will head the CIA; Pompeo hopes to get rid of certain limits on the NSA’s surveillance powers–enabling them to collect bulk telephone records and hack into computers with less restrictions—and increase the monitoring of Americans’ Facebook activities.
The Magic Sauce of Signal Messaging App
So how does Signal work? “All Signal messages and calls are end-to-end encrypted, which means they’re only readable by the sender and their intended recipient,” Signal’s founder Moxie Marlinspike tells me. Even if government bodies want to get their hands on your conversations, they likely won’t be able to do so. When the Feds subpoenaed Open Whisper Systems in 2016, much of the user information they requested didn’t exist. “The Signal service has also been designed so that it does not have to retain information on Signal users,” explains Marlinspike.
Signal operates without leaving your metadata behind–like your location, or information about the recipient of your messages. Your conversations are further protected as Signal uses an algorithm they’re calling the “double ratchet” to ensure that if someone does hack into an encrypted message, they won’t be able to crack all your past messages, as each of your messages uses a totally different encryption key, even when you send several messages in a row to the same user.
Those who aren’t on board are countries frustrated that they can’t crack Signal. The United Arab Emirates and Egypt have tried to block Signal, but Signal was able to get in through a back door. “We use a censorship circumvention technique known as ‘domain fronting’ in those countries,” says Marlinspike. “It makes Signal traffic looks like normal traffic to google.com or popular content delivery networks, so that to block Signal they would have to block all of google.com or entire CDNs.” On Open Whisper Systems’ website, they explain:
“The goal for an app like Signal is to make disabling internet access the only way a government can disable Signal.”
This bold mandate should come as no surprise as Marlinspike has developed a colorful reputation as an adventurous cyberpunk with a taste for high risk hobbies: he is rumoured to have crashed an air balloon he bought off Craigslist in the desert after teaching himself to pilot it (according to Wired), and he blogs about his sailing addiction, which once resulted in hypothermia. But his Signal Protocol has quite the opposite reputation, as Signal is widely regarded as one of the most secure messaging apps on the planet. For anyone who has been following cybersecurity trends, Marlinspike is certainly no newcomer to the scene. He’s the founder of the Android apps, Redphone and TextSecure, he was Twitter’s director of product security, and the Signal Protocol he developed has been integrated into What’s App, Facebook and Google’s Allo.
It’s important to note that there are key differences in the ways Facebook, Allo, WhatsApp and Signal use Signal’s security tools: “Signal and WhatsApp both use Signal Protocol for end-to-end encryption by default,” explains Marlinspike. “Allo and Facebook both use Signal Protocol as well, but only in ‘secret chats’ rather than by default.”
My Own Private iDaho
For many, the old adage “if you don’t have anything to hide, you don’t need to worry,” isn’t comforting anymore, which is why people are turning to Signal. Just a few years ago, over half of Americans reported being “very concerned” or “somewhat concerned” about government surveillance of their electronic communications and messages, according to PEW Research Center–with the pending changes in government leadership and policy, those numbers are unlikely to go down any time soon. The Senate is set to vote again on The Email Privacy Act, which would update the 1986 Electronic Communications Privacy Act (ECPA). Until that passes, though (if at all), law enforcement can access any of our emails or messages that are at least 180 days old.
A growing number of online privacy watchdogs are encouraging Americans to take their digital privacy into their own hands by encrypting their computers and devices, and by using apps like Signal’s. “Encryption is always a good security feature to enable when possible, and is quickly becoming an industry standard for operating systems and platforms providing data storage or transmission,” says Brenda Leong, senior counsel and director of strategy for Future of Privacy Forum, a nonprofit organization that tasks itself with advancing principled data practices for new technologies. “Seeking out providers and products that offer proven high security and privacy standards is always advisable.”
As I gleefully bug my sister while she’s at work, sending her a senseless series of texts, stringing together words referencing illicit drugs just because I can, I feel a newfound sense of freedom. It’s easy to totally forget what privacy feels like.
