Latest news with #MeredithWhittaker
France 24
3 days ago
- Business
- France 24
Why online privacy is vital: Insights from messaging app Signal's president
The president of Signal, a secure messaging app, spoke to FRANCE 24 about the urgent need to protect personal data. Meredith Whittaker highlighted how a handful of big tech companies collect vast amounts of information – often with little oversight and frequent misuse. She emphasised the need for structural change to regulate how companies handle user data. Signal is advocating for stronger privacy protections while defending freedom of expression. She spoke to us in Perspective.
Yahoo
26-03-2025
- Business
- Yahoo
What Is Signal, the App Used by Trump Staff, and Is It Safe?
The Signal app on a smartphone. Credit - Matthias Balk/Picture Alliance—Getty Images The Trump administration is facing heavy blowback for using Signal, a messaging app, to discuss sensitive military plans. On March 24, officials' usage of the app was revealed after The Atlantic editor Jeffrey Goldberg published a story titled "The Trump Administration Accidentally Texted Me Its War Plans," in which Secretary of Defense Pete Hegseth, among others, discussed upcoming military strikes on Yemen. The U.S. government previously discouraged federal employees from using the app for official business. Some experts have speculated that sharing sensitive national security details over Signal could be illegal, and Democratic lawmakers have demanded an investigation. 'If our nation's military secrets are being peddled around over unsecure text chains, we need to know that at once,' New York Democrat Chuck Schumer said on the Senate floor. Signal is one of the most secure and private messaging platforms that exists for general public use. But cybersecurity experts argue that the app should not have been used for this level of sensitive communication. 'Signal is a very robust app: a lot of cybersecurity professionals use it for our communications that we want to protect,' says Michael Daniel, president and CEO of the Cyber Threat Alliance and a cybersecurity coordinator under President Obama. 'But it's not as secure as government communications channels. And the use of these kinds of channels increases the risk that something is going to go wrong.' Signal was launched in 2014, with the goal of creating a privacy-preserving messaging platform in an age of increasing mass surveillance. Signal conversations are protected by end-to-end encryption, a technique that makes it extremely hard for a third party to intercept or decipher private messages. While other messaging tools may collect sensitive personal data, Signal prides itself on securely protecting information such as messaging contacts, frequency, and duration. The app has other privacy features, such as automatically disappearing messages after a set period and preventing screenshots of conversations. Signal data is stored locally on user's devices, not the company's servers. 'Our goal is that everyone in the world can pick up their device, and without thinking twice about it, or even having an ideological commitment to privacy, use Signal to communicate with anyone they want,' Signal President Meredith Whittaker told TIME in 2022. Read More: Signal's President Meredith Whittaker Shares What's Next for the Private Messaging App Over the last few years, Signal has been used by dissidents and protestors around the world who want to keep their conversations safe from political enemies or law enforcement. In Ukraine, the U.S. Embassy in Kyiv described Signal as critical to their work in its ability to ensure secure, rapid, and easily accessible communications. The app now has 70 million users worldwide, according to the tracking site Business of Apps. The usage of Signal for government purposes is more contentious. In 2021, the Pentagon scolded a former official for using Signal, saying that it did not comply with the Freedom of Information Act, which decrees the government has legal obligations to maintain federal records. Goldberg, however, reported this week that the Trump officials' Signal chat was set to automatically delete messages after a period of time. Sam Vinograd, who served in former President Barack Obama's Homeland Security Department, told CBS that sharing sensitive security details over Signal could violate the Espionage Act as well. Top intelligence officials testified this week that no classified information was shared over the group chat. CIA Director John Ratcliffe said that Signal was a 'permissible work-use application' for the CIA. Read More: Top Trump Officials Defend Signal Chat in Testimony to Congress Last week, a Pentagon advisory cautioned military personnel against using Signal due to Russian hackers targeting the app. The Cyber Threat Alliance's Daniel says that he was surprised that top officials were using Signal, given that they have access to government-specific channels that are more secure. When discussing sensitive information, officials are typically required to do so in designated, secure areas called Sensitive Compartmented Information Facilities (SCIFs), or to use SIPRNet, a secure network used by the Defense and State Departments. 'These are very senior officials who have a lot of options. They have people whose entire jobs are is to make sure that they're able to communicate at all times,' Daniel says. 'We've had that for decades now, and those procedures are really well honed.' Daniel contends that government tools could have prevented what went wrong in this instance: the human error of an outside party mistakenly being added to a message chain. He says that government channels have a 'much higher level of authentication' to ensure that members of communication channels are supposed to have access. Dave Chronister, the CEO of the cybersecurity company Parameter Security, says that the government's bespoke communications channels prevent other kinds of interlopers or hackers attempting to use phishing or malware techniques to learn information. 'If you're on a cell phone, I don't know who could be looking over my shoulder to see what I'm typing, not to mention I don't know what else is on that mobile device,' he says. Chronister adds that officials' use of Signal, as opposed to internal channels, also makes it harder for the government to identify and contain breaches once they've happened. 'We could have data out there we didn't know was compromised,' he says. 'If top cabinet officials are using Signal, I'm wondering how much is being done on a daily basis—and I think there's going to be a lot more fallout from this.' A representative for Signal did not immediately respond to a request for comment. Contact us at letters@
Boston Globe
26-03-2025
- Boston Globe
What is Signal, the chat app used by US officials to share attack plans?
Here's a look at the app in question. What is Signal? It's an app that can be used for direct messaging and group chats as well as phone and video calls. Signal uses end-to-end encryption for its messaging and calling services that prevents any third-party from viewing conversation content or listening in on calls. Advertisement In other words, messages and calls sent on Signal are scrambled and only the sender and recipient at each end will have the key to decipher them. Get Starting Point A guide through the most important stories of the morning, delivered Monday through Friday. Enter Email Sign Up Signal's encryption protocol is open source, meaning that it's freely available for anyone to inspect, use or modify. The encryption protocol is also used by another popular chat service, social media company Meta's WhatsApp platform. Encryption on Signal is turned on by default, unlike another popular messaging app, Telegram, which requires users to turn it on and does not make it available for group chats. Signal has features that are found on other messaging apps. It allows users to host group chats with up to 1,000 people and messages can be set to automatically disappear after a certain time. Is it secure? Signal touts the privacy of its service and its head defended the app's security practices on Tuesday. 'Signal is the gold standard in private comms,' Meredith Whittaker, president of Signal, said on X, without directly addressing the Atlantic report. Experts agree Signal is more secure than conventional texting. But it could be hacked. Government officials have used Signal for organizational correspondence, such as scheduling sensitive meetings, but in the Biden administration, people who had permission to download it on their White House-issued phones were instructed to use the app sparingly, according to a former national security official who served in the administration. Advertisement The official, who requested anonymity to speak about methods used to share sensitive information, said Signal was most commonly used to notify someone that they should check for a classified message sent through other means. Beyond concerns about security, Signal and other similar apps may allow users to skirt open records laws. Without special archiving software, the messages frequently aren't returned under public information requests. In the Atlantic article, Goldberg wrote that some messages were set to disappear after one week and some after four. Do other government officials use Signal? Encrypted messaging apps are increasingly popular with government officials, according to a recent Associated Press review. State, local and federal officials in nearly every state have accounts on encrypted messaging apps, according to the review, which found many of those accounts registered to government cellphone numbers. Some were also registered to personal numbers. Who's behind Signal? The app's origins date back more than a decade, when it was set up by an entrepreneur who goes by the name Moxie Marlinspike, who was briefly head of product security at Twitter after he sold his mobile security startup to the social media company. Marlinspike merged two existing open source apps, one for texting and one for voice calls, to create Signal. The nonprofit Signal Foundation was set up in 2018 to support the app's operations as well as 'investigate the future of private communication,' according to the foundation's website. The foundation says it is a nonprofit 'with no advertisers or investors, sustained only by the people who use and value it.' The foundation's board has five members, including Brian Acton, who cofounded WhatsApp and donated $50 million to set up the foundation. Advertisement Associated Press writers Tara Copp, Aamer Madhani and Eric Tucker contributed to this report from Washington.
Sky News
25-03-2025
- Sky News
What is Signal? The app where US officials accidentally shared war plans with a journalist
The security of messaging app Signal was compromised by human error when top US officials accidentally added a journalist to their group chat. But what is Signal - and did Donald Trump's team break the rules by using it? Signal is a secure messaging app that is end-to-end encrypted, meaning conversations on the platform can't be accessed by anyone except the people in the chat. Even Signal itself cannot see what is said. Although end-to-end encryption is now fairly common, with WhatsApp, Facebook Messenger and Telegram all offering it, Signal was ahead of its time and began offering secure messaging in 2013. The encryption technology it uses, called the Signal Protocol, is now considered the industry standard. It aims to "end-to-end encrypt everything that we possibly can and to store as little [user data] as possible", according to Signal Foundation president Meredith Whittaker and developer Joshua Lund. The non-profit's ethos of customer privacy has made it a go-to messaging platform for secure conversations. 0:57 Signal is also open-source, which means its users can check that the platform is actually doing what it says it is doing. It is also unable to hand over information to law enforcement authorities, which some other encrypted messaging platforms do, because it can't break its own encryption. "Signal protects all of this with strong encryption so even if Signal is threatened or coerced, Signal can't hand over that kind of data," Ms Whittaker said recently. That became a sensitive topic for the Home Office in February after it was reported the UK government tried to force Apple to create a backdoor to its end-to-end encryption. However, despite its focus on data privacy, Signal is still a commercial app and is not classified by US officials. According to US media, some officials were allowed to download Signal on their White House-issued phones under Joe Biden's administration but were told never to share classified information on it. Messaging apps "are NOT authorised to access, transmit, process non-public DoD information", Pentagon rules state. 1:08 When Trump officials accidentally included the editor of The Atlantic in a group chat where they discussed conducting airstrikes on Yemen's Iran-backed Houthis, it was not immediately clear if information on the military operation was classified. However, information like this often is and would usually be kept secure to protect service members and operational security. Brian Hughes, spokesman for the National Security Council, confirmed the veracity of the Signal group. "This appears to be an authentic message chain, and we are reviewing how an inadvertent number was added to the chain," he said.
Yahoo
24-03-2025
- Business
- Yahoo
Britain's blind trust in chatbots is playing into Russia's hands
Using technology that has more holes than a Swiss cheese, we've never been in worse shape to enter a new Cold War. And we're about to make it a whole lot worse. Cyber threats to UK plc have increased sharply in recent months. Late last year the National Cyber Security Centre warned how Russia's APT29 hackers were targeting areas that businesses have left exposed to the internet. But by rushing to install generative AI systems, organisations are exposing more than ever, and making it much easier to reach, too. No wonder that a third of UK SMEs, some 35pc, now see artificial intelligence as their biggest security headache, even more than malware, phishing and ransomware. AI attacks are so subtle and imaginative, there should be category for them in the BAFTAs. Let's see how it's done. In the classic enterprise, it was difficult to access that physical filing cabinet on the finance department's floor. Corporate information was distributed on a strictly need-to-know basis. That model was broadly replicated in the shift to digital: there were hard boundaries and strict permissions. But now, sloppy process automation dissolves those walls, the obstacles that technology designers put in place. AI agents are threatening to break the 'blood-brain barrier' between applications and the systems they run on, says Meredith Whittaker, who founded Google's Open Research Group, the AI Now Institute, and is now chief executive of Signal. The consultant-driven fad of 'breaking down silos' of information has made confidential critical data much easier to tap using AI chatbots like Microsoft CoPilot. Last year at the annual Black Hat security conference, delegates saw how an employee in the HR department of a company – who simply wanted to summarise a couple of corporate documents – punched huge holes in the firewall, allowing hackers direct access to company secrets. Almost two thirds of business chatbots that organisations thought were private were in reality being exposed to the world at large, the security firm Zenity, which gave the demonstrations, discovered. Today we use malware detection systems to stop malevolent code that has been attached to a Word document: the script is easily detached from the content. But an AI can't distinguish between data and instructions: it just does what it's told. The big new tech fad of 2025, agentic AI, makes this exponentially worse. AI agents yoke together AIs, so the output of one feeds into another – and set up a sequence of processes triggered by an AI. Whittaker gives us a recognisable example: an AI agent that finds seats at a concert, buys the tickets, books a calendar entry, and emails all your friends to tell them about it. The AI runs riot because we've allowed it to: a high trust system out of place in a low trust world. With data silos dismantled, and firewalls dissolved, the final coup de grace can then be applied. Which is that using AI, a hacker can steal your secrets, or corrupt the company's data, simply by talking to a chatbot: no technical skills are required. One recent piece of research demonstrated how easy it was. 'We convinced the chatbot it lives in another world,' Etay Maor, chief security strategist at Cato Networks and a professor at Boston College explained to me. As a research experiment, a detailed fictional scenario was created for the AI to inhabit, and once hypnotised, then helped the researcher syphon off personal data out of a Chrome browser. 'It's like putting VR goggles on the chatbot, we're immersing the AI in a different world,' explains Maor. 'We use an AI to write a story, and we send the story to AI telling it: 'This is the world you live in now', and we ask for characters in that world. It then helps us develop the malware.' Here's the thing: the researcher had never written malware before. I asked Zenity's founder Michael Bargury recently if the industry was taking security more seriously. 'Even though Microsoft blocked our specific jailbreaks last year, we found new ones within a day – and we keep on being able to remotely take over co-pilots wherever we try: Microsoft Copilot, Gemini, ChatGPT and Character AI's Einstein,' he found. 'It's not that these vendors aren't trying, it's just that it is not a fixable problem,' he says. That is how the industry has had to cope with malware – it's a problem to mitigate rather than solve. But we are making ourselves more vulnerable than we need to be by rushing out AI poorly. IT managers are under immense pressure from their directors or the consultant class to do so. So are government departments. The Blair and Schmidt advisers, and Big Tech, promise billions of pounds in savings. But they are salesmen and evangelists, unconcerned by the security concerns. Bargury reminds us that attacking a company that uses AI is easier than ever, by simply sending a Teams message. Just as it defies belief that a fire at a single electricity substation brought Heathrow to a standstill, it is astonishing to learn that UK plc is increasing its attack surface just as we need stronger defences. All because we have committed a fundamental mistake, confusing the appearance of intelligence for real intelligence. AI is acquiring the quality of one of Aesop's moral fables, in which a society is tricked into engineering its own demise. All the hackers are doing is preying on our gullibility: our willingness to believe in magic. Broaden your horizons with award-winning British journalism. Try The Telegraph free for 1 month with unlimited access to our award-winning website, exclusive app, money-saving offers and more.
