In the wake of the devastating wildfire that swept through a Maui town, claiming over 100 lives, a series of text messages exchanged among emergency management personnel has emerged as a crucial record for investigators. These communications provide insight into the government’s response to the tragic events of 2023. One particular exchange raised eyebrows, suggesting that officials might have been utilizing a second, untraceable messaging service. “That’s what Signal was supposed to be for,” remarked Herman Andaya, the then-administrator of the Maui Emergency Management Agency, in a message to a colleague. Signal, known for its end-to-end encryption and message auto-delete features, is among several apps that prioritize user privacy.
While these applications offer enhanced security, they also pose challenges to transparency, often circumventing open records laws designed to promote public awareness of governmental decision-making. Without specialized archiving software, messages sent via these platforms frequently evade public information requests. An extensive review by the Associated Press across all 50 states uncovered over 1,100 government officials and elected representatives registered on encrypted platforms, raising questions about the balance between security and public accountability.
Government Use of Encrypted Messaging
The investigation revealed that accounts linked to state, local, and federal officials exist in nearly every state, encompassing a wide array of public servants, from legislators to school board members. While the presence of an account does not imply misuse, it highlights a growing concern regarding the potential for encrypted communications to hinder transparency. Many accounts were associated with government-issued cellphones, though some were registered to personal numbers, complicating the landscape further.
Instances of improper use of these apps have surfaced over the past decade in various states, often due to leaked messages. Despite the warnings about hacking and data breaches, the very technologies designed to enhance privacy can inadvertently diminish governmental transparency. Applications such as Signal, WhatsApp, and Telegram utilize encryption to safeguard messages, ensuring that only intended recipients can access them. However, these messages typically do not reside on government servers, and some apps even feature automatic deletion and restrictions on sharing.
Matt Kelly, editor of Radical Compliance, articulated the dilemma: “People have the right to use encrypted apps for personal communications on their devices, which is not against the law. The challenge lies in distinguishing how an employee is utilizing these tools.” The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has advised senior officials handling sensitive information to employ encrypted messaging for confidential communications, yet these exchanges often fall outside the purview of public record laws.
As journalists increasingly rely on encrypted messaging for discussions with sources, the gap between evolving technology and public record laws becomes more pronounced. Lanika Mamac, general manager of Smarsh, a company that assists governments in archiving digital communications, noted a growing concern among local governments about cybersecurity and the need to balance security with transparency.
Despite the rise in inquiries regarding the use of encrypted apps, many governments have yet to implement clear regulations or restrictions. A notable example occurred in 2020 when the New Mexico Child, Youth and Families Department’s new division director instructed employees to use Signal for internal communications, advising them to delete messages after 24 hours. This led to a court settlement following an investigation into potential violations of document retention rules, yet New Mexico still lacks comprehensive regulations governing the use of encrypted messaging.
In Michigan, the use of Signal by State Police on government-issued devices prompted lawmakers to ban such apps if they impede public record requests. However, the absence of penalties for violations and the challenge of monitoring devices used by thousands of employees complicate enforcement efforts.
Experts like David Cuillier, director of the Brechner Freedom of Information Project at the University of Florida, advocate for stronger public record laws. He emphasizes that the content of communication, rather than the method, determines public record status. Cuillier suggests that governments should only utilize encrypted apps if they can adequately report and archive communications like any other public record. He lamented the decline in government transparency over recent decades, proposing the establishment of independent enforcement agencies and penalties for violations to foster a culture of openness.
“We used to be a beacon of light when it came to transparency. Now, we’re not. We have lost our way,” Cuillier stated, reflecting the sentiment shared by many regarding the current state of public accountability.
