Despite Pete Hegseth, Signal is Good
Why you should use Signal (But maybe ditch Whatsapp?)
Pete Hegseth is Bad at His Job
The Secretary of Defense and Fox Host Pete Hegseth keeps using Signal to talk about war plans with people he’s not supposed to be talking with at his day job. He also gets caught, because he’s bad at security as well as his job. Hegseth uses his personal phone for Department of Defence business, including killing a lot Yemenis.
What Hegseth was supposed to use instead of his consumer cell phone is a SCIF, or Sensitive Compartmented Information Facility. I’ve been in one. I was emphatically invited to leave my phone at the door. There were large men making this point to me, and I took it to heart. A SCIF is secure, but it is as much about control and legal obligations as it is about security, and rightfully so. Secure communications for a national government don’t just require security, they require accountability, integrity, and a durable record. After its classification period, that information belongs to all Americans. Historical accountability is something we’ve decided matters, and encoded into our laws.
On a technical level I wouldn’t be shocked if SCIFs use some of the same technology that’s in Signal to secure communications. It’s good stuff! But SCIFs are SCIFs, and consumer cell phones are cell phones. Your phone is not designed for government records retention, or hardened against specific nation-state threats. But modern, up-to-date phones have very good security, more hardened then most of the government systems that have ever existed. And it’s right there! In your phone without you having to do anything to get it! (Except apply new software updates when they turn up.)
So despite the fact that Hegseth’s phone would be one of the more targeted in the world, and Hegseth himself is an idiot, his phone isn’t necessarily compromised. It might be, but it’s hard to be sure. It’s quite hard to hack a modern phone, especially if the person using the phone updates it every time there’s an update released, and doesn’t click on things they don’t know are OK. There are fancy attacks, called Zero-Click Attacks, that don’t require any user interaction, but they’re hard to build and expensive.
At any given moment, you don’t know whether someone had a working attack against an up-to-date iPhone or Android until it’s discovered and patched. But mostly, the average user doesn’t have to worry about trying to secure their phone. You already secure your phone when you update it. The hackers aren’t in a race with you, or even Pete Hegseth, they’re in a race with large and well-funded security and design teams at Google and Apple — and those people are very good at their jobs. This is why the nerds (like me) always tell you to update software as soon as possible; these updates often patch security holes you never knew were there.
You’re more likely to download a vulnerability in something like Candy Crush, weird social media apps, or random productivity tools you’re tying out. But the folks at Google and Apple have your back there, too. They’ve put every app into its own software-based “container,” and don’t let apps directly interact with the core functions of your phone, or the other apps on it. Hackers try to break out of these containers, but again, it’s not easy. Even if they get a foothold in one, they might know a lot about how good you are at subway surfing, but not much else.
It’s hard out here for a phone hacker.
Sometimes the hackers hit pay dirt, and find some flaw in phone software that lets them take over the phone from the air, with no user interaction — that zero-Ccick attack. This is very scary, but also very precious for the hackers. Unless there’s a very good reason, no one is going to risk burning that bug on you. If an attack like that is found, it will be top priority for those big smart security teams at Google and Apple. There will be long nights. There will also be an update that fixes it; apply updates as soon as you see them. Once a vulnerability is patched, the malware companies have to go back to the drawing board and look for another bug they can exploit to get their revenue stream back.
The high profile malware companies often sell their software, especially if they have a zero-click attack, to governments and corporations. They don’t want normal people using it, because the more it gets used, the faster they will be back at square one after Google and Apple take their toys away.
Nerd’s Delight
Signal is usually the favorite app your exhausting nerd friend keeps badgering you to download. It’s risen to even more prominence due to Pete Hegseth’s repeated idiocy. But this has caused doubt and confusion, because if you found out what Signal was from Hegseth’s leaks and blunders, it doesn’t look so good. Using Signal for DoD high level communications is not only illegal, it is stupid. Signal isn’t meant for government classified communications.
But it is meant for you, and it’s very good at what it does.
Signal is two things: First, an app for Android and iPhone (with a handy desktop client) which encrypts chats and phone calls. That’s the Signal app you see on your phone. second, the other part is the Signal Protocol, Signal’s system of scrambling communications so that people outside of the chat can’t see or hear anything inside the chat.
Signal Protocol, the encryption system Signal uses, is a technology called a Double Ratchet. It is an amazing approach that is pretty much unbreakable in a practical sense. The very short version of how that encryption works is this: Your computer finds a special number on a curve (think of the pretty graphs in trig class) and combines this number with another number the other person has, from a different spot on another curve. These numbers are used to encrypt the messages in a way that only you both can see them. (This number generation is done by your phone and servers on the net in the background of your chat, and you never have to see any of it.) You each use the numbers from picked out these curves to encrypt a message that only the other person can read. Picking out the number from the curve is easy, but guessing it from the outside is functionally impossible. Any attempt to figure out the points on the curve you used is very hard and tiring — meaning it takes the computer a lot of energy to try. In computers, very hard always translates to expensive and slow. The extra trick in Signal’s double ratchet is a mechanism for taking that already hard number to guess and “ratcheting” it to new hard numbers – with every single message. Every Hi, Whatup, and heart emoji get this powerful encryption. Even if someone was using super computers to break into your chat (and they aren’t) every time they broke the encryption, they’d just get that message, and be back at square one.
That’s expensive, frustrating hard work, and your chats aren’t worth the bother.
The Strongest Link, Weakened?
Messenger also uses the Signal protocol
Whatsapp adopted Signal Protocol in 2014, granting encrypted privacy and safety to over a billion people.
Signal is secure. Whatsapp and Facebook Messenger use Signal protocol too, and are also secure, for now… but Meta has made some decisions that complicate things. In a rush to add AI to everything whether you want it or not, Meta has added AI to its Signal Protocol-secured chat rooms. This doesn’t break the Signal Protocol, that works fine. But to have AI in chats means that by definition, there’s another participant listening in your chat. If there wasn’t, it couldn’t reply with AI things. If you’re not comfortable with this, it might be time to ditch Whatsapp and Facebook Messenger for Signal.
I’m personally not comfortable with it, in part because as far as I can tell, there’s nothing technically or legally stopping law enforcement from demanding access to that listening function in any chat room. It may only give the police access to parts of the conversation, but I’d like the chance to defend my data myself if it comes to it. I don’t want to have it picked up from a third party without so much as notice to me.
Meta is in the the room with you, like it or not. Is it recording all your chats somewhere? I doubt it. It’s a bad idea that would make too much trouble for Meta if it got out. But I can’t know for sure. I know there’s no listener in Signal, because the protocol makes hiding a listener functionally impossible. (To be clear, Meta isn’t hiding it, they’re advertising it. But it’s still a listener.)
Encryption for All
Make no mistake, that Whatsapp and Facebook Messenger use Signal’s protocol is wonderful news. It means that, without having to know anything about internet or computer security, one day there was an update, and billions of users got to rely on some of the best encryption ever designed, without even knowing it. This is important both for keeping people safe online, and for making society better, as activists, small businesses, families, and everyone with and internet connection can talk freely and safely to their people and their communities. It doesn’t stop ill-intentioned people from doing bad and deceptive things like lie, cheat, and steal, but it makes it harder for them to enlist the computers into their schemes.
The problem with Pete Hegseth using Signal is two-fold: He has to retain records legally, and ratcheting encryption is intentionally ephemeral. Signal is the worst way to retain records, beyond perhaps toilet paper and sharpie. The second problem is that if he does have a vulnerable app on his phone, or there’s a general vulnerability the teams at Apple and Google haven’t found yet, someone could be listening into what his phone is doing. Maybe even through his Candy Crush Saga, a fun game you will never find in a SCIF, no matter how much you wish you could.
SCIFs are kind of boring. No phones, the windows are weird (to defeat directional mics) and in my case, I had to have security escort me to the bathroom. I imagine that’s why an exciting guy like Hegseth doesn’t use them. But he is not only putting people in danger with his shenanigans, he’s also robbing the American people of a record that is, by law, our right to have. And it’s looking like an era of American history in which we want to be preserving evidence.
The Online Lives of Others
If you’ve never seen the movie The Lives of Others, go watch it. It’s great, and annoyingly relevant right now.
There is another threat coming from the EU and UK that rears its head every few years, and probably from the US soon enough as well. Many governments and law enforcement agencies want, have wanted for years, a scheme digital rights advocates call Chat Control. Law enforcement would have a back door into everyone’s encryption, usually a listener, like the Meta AI, but much worse. It would bug all chats — a spook in every phone. The excuse is always CSAM, or Child Sexual Abuse Material, but the proposal is always the same – to strip every person of privacy and the technical means to protect it, in the name of protecting children. This ignores a lot of of issues that I won’t go into here, but suffice to say the argument is as dishonest as it is ineffectual.
It’s an ongoing fight pitting children against a right of privacy and personal integrity, and it always will be an ongoing fight, because it would give the police and governments nearly limitless power to spy on the entire populous all the time.
Total digital surveillance is simply not a feasible way to run a society. It is the police state the East German Stasi dreamed of having. It must be resisted for human decency and flourishing. Let’s give the totalitarian desire for a spy in every phone no oxygen, it has no decency, no matter who it claims to be protecting.
Even if you never do anything that could be of interest to governments or law enforcement, using encryption creates more freedom for all. If only “criminals” or “enemies” use Signal, then using Signal becomes a red flag. If everyone uses Signal (or Signal protocol in Whatsapp/Messenger), then it’s normal. You get the measure of protection it provides from scammers and hackers, and you help people fighting criminals and resisting tyranny, all over the world. This is one of the reasons adding Signal protocol to the Meta systems was such a great moment in the history of the net. A good portion of humanity gained a real measure of privacy that day.
If activists and people “with something to hide” are the only people using encryption like Signal, it’s grounds for suspicion. But if everyone is using it, the journalists and activists who need it for political reasons don’t stand out. The battered partners and endangered kids can find it and use it safely to get help. And everyone is safer from scams and hacking attacks — because what you do and say has some of the best protection we’ve every conceived of as a society, even if it’s just your shopping list.
Correction: A previous version of this article included a description of
I know about Tempest qualifications for hardware. I wonder if Kegseth does.
(This kind of stuff is why my computer has a shielded cable connecting it to the [broadband] modem, which connects to the landline. It’s why I use a wired keyboard and a wired mouse. It’s also why I don’t have apps on my phone, and why I don’t usually carry it with me.)
Without hesitation, I would suggest using Signal, though IOs limits its use to other Signal users and forces you into it proprietary messaging app for everyone else. Signal can also be used on a laptop or desktop. Without hesitation, I would suggest ditching WhatsApp. Neither is any more suitable than Xitter for government communications, let alone secure communications.
With regard to senior American political operatives, they are targets for foreign state and organized crime actors, among others, both of which have the will, money, and access to supercomputers to enable their hacks. Their conversations are worth the effort. Senior political operatives should not make their jobs easier.
For a lot of people, ditching Whatsapp means ditching encryption altogether. I’ve definitely come to a harm reduction viewpoint of digital security — the perfect can be the enemy of even trying to make things safer at all. I want everyone on Signal or equivalent. I’m not going to get what I want.
But senior political operatives are not moms fleeing DV with their kids, or activists trying to organize under an oppressive regimes, or women trying to get abortion meds in Texas, or any of the other many very human use cases for which any decent encryption, even the questionable choices of Whatsapp and Messenger, are much better than the alternatives.
Most DoD employees, like me, go through some form of counterintelligence training. One form of “spilling the beans” is to correct someones’ intentional misstatement of facts. This misstatement is an elicitation technique. I’m not suggesting that the author is doing this, so I will make a few generalizations. A SCIF is just an office space that keeps out those who don’t have a need to know and keeps in important information. People are vetted to be in them and some technologies are not allowed to be inside. A cell phone is not allowed. There are also technologies at work to sense forbidden technologies and block their use. Any cell phone would be sensed and its use would be blocked. Angry people will come to your desk, confiscate the offending technology, and escort you to a small room where you will be questioned by other angry people. Hegseth, being these peoples’ penultimate superior, probably waived them away with a “don’t you know who I am?” look. Still, I’m sure that there is a written record of his transgression, most likely classified to avoid the firing of the angry people.
Yes, it is quite easy to hack a modern phone. It is done quite often at airports and border crossings. Probably a 50/50 mix of the lack of security hygiene and “groovy” USG tools. BTW, any “international” airport is automatically a border crossing for about a 100 mile radius. The Northeastern U.S. is just one big DHS playground.
If you ever go to an foreign embassy for a Visa or a tour, expect your cell phone to be hacked.
That is how I described a SCIF, so we’re on the same page there. Glad to know I got it at least mostly right. My understanding, and you might be able to help me here, is that there’s non-office building SCIFs, rooms in houses, embassies and the like that are also functionally considered SCIFs?
As for hacking a phone with ease, this was true up until a few years ago. Now even with physical access it’s quite hard, and the cracking kits your typical gov buys and hands out to CERTS and other such teams is difficult with an up-to-date, powered down (un-loggedin) phone. Sure, if you smash thumbs with hammers until someone unlocks their phone for you, the forensics is easy. But if all you have an up-to-date phone and no thumb/face ID it’s a task until a new bug is found.
Maybe the National Archives could ask the NSO group for records of all Hegseth’s chats?
Under what penalty for failure to respond? Or saying “I’ve handed over all relevant communications, in keeping with advice of counsel and the terms of my pardon from President Trump”?
It was a joke. The NSO Group is the Israeli company that makes Pegasus.
The acting head of the National Archives is Marco Rubio. The National Archives has been purposefully neutered, as per the plan.
Oh, for fuck’s sake.
I think “Oh for fuck’s sake.” might be the name of this era in the history books, at this rate.
Thank you for this.
Those large men by the door, “suggesting you surrender your phone.” I bet they looked like the last joke they laughed at was from their 5th birthday party, right?
“The only way to figure out that secret number is to factor the very large number and then start guessing based on the factors.”
I agree with the sentiment of this post (Signal good!), but I have one minor and probably overly-pedantic correction:
The difficulty of factoring a large composite integer is called the “integer factorization problem”.
The public key cryptography used by the Signal protocol for key agreement does not rely on the integer factorization problem.
Until recently the public key cryptography used by the Signal protocol for key agreement relied on the difficulty of the Elliptic-Curve Discrete Logarithm Problem (ECDLP). Newer versions rely on a combination of ECDLP and the Module Learning With Errors (MLWE) problem.
The distinction and rationale aren’t relevant for this discussion. If folks are interested, a more technical explanation is available here:
https://pablotron.org/2025/03/31/ml-kem-vs-dh-and-ecdh/
And in case it’s not obvious to community members, the link you’ve shared is to your own website.
Welcome to emptywheel.
Hi Rayne,
I appreciate the welcome; I’ve been reading emptywheel for years but have never had anything useful to add because I’m a nerd, not a lawyer.
Thanks for adding the note about the link to my personal site. I didn’t intend to deceive anyone; the linked post is an explanation of ML-KEM that I wrote last year in response to a question in the comments of an Ars Technica article. Folks seemed to appreciate it, so I cross-posted it to my personal site last month.
Anyway, below is a bit of additional information about what is currently happening with the public key cryptography used by Signal and the technology industry in general…
All public key cryptography is based on “trapdoor functions”. A trapdoor function is a function which is easy to calculate in one direction but “hard” to calculate in the other direction without some additional information.
Trapdoor functions are based on “hard” mathematical problems, where “hard” means “believed to be computationally infeasible to solve without an implausible amount of processing power, memory, or time”.
Until very recently the trapdoor functions used by most public key cryptography have been built on the following hard mathematical problems:
1. The integer factorization problem.
2. The discrete logarithm problem.
3. The elliptic curve discrete logarithm problem.
The problem is quantum computers. If someone can build a quantum computer powerful enough to run Shor’s algorithm, then they may be able to solve all of the hard problems labove substantially faster.
Right now no such quantum computer exists. It’s not clear if it’s possible to build one or when that might happen.
That said, Cryptographers are a cautious bunch. In anticipation of an eventual viable quantum computer, a lot of work has been done to create new “post-quantum” public key algorithms which are based on mathematical problems that are believed to be less susceptible to quantum computers.
Unfortunately it takes years to design, standardize, and deploy new cryptographic algorithms.
Three post-quantum algorithms were standardized by NIST in August 2024: ML-KEM (FIPS 203), ML-DSA (FIPS 204), and SLH-DSA (FIPS 205). Several other post-quantum algorithms are in the process of being standardized by NIST, ISO, and other organizations.
Applications (Signal, SSH, web browsers, etc) are gradually adding support for these standardized post-quantum algorithms.
Most applications are doing so via a “hybrid scheme”. A hybrid scheme is a combination of two public key algorithms: a battle-tested classical algorithm (example: Curve25519) and a newer post-quantum algorithm (example: ML-KEM).
The hybrid scheme used by Signal is called PQXDH and it is documented here:
https://signal.org/docs/specifications/pqxdh/
iMessage, Google Chrome, OpenSSH, and other applications have been taking a similar approach to adopting post-quantum algorithms, although with slightly different hybrid schemes and algorithm choices.
Hope this helps…
Great explanation. I look forward to reading your posted notes.
It’s interesting how we can get way down into the weeds, technical details on a lot of the lawfare and political happenings. I guess that’s what is special about EmptyWheel.
It’s also good when we get into the weeds for non-legal/political issues. Jim White’s great discursions are also so welcome.
I had forgotten that they moved to EEC, will post a correction (once I’m not on a train)
Hi Quinn,
It’s a really trivial issue.
The overall post is fantastic. I agree with the points you’re making and I appreciate the effort you took to use language intended for a broader audience.
I plan on borrowing some of your examples the next time I’m talking about this stuff to a non-technical family member.
Thanks,
I agree that Signal’s e2e encryption protocol is really good, and probably good enough even for TS/SCI info. However, this may not be the case for the end user device.
Any device connected to the internet can never be secure enough. Any device with internet connection is always vulnerable to various social engineering techniques, including targeted/spear phishing etc. Esp. if you are a high-value target like Pete Hegseth. And zero-day vulnerabilities are still a significant issue. Government systems for highly classified information gain extra security by being isolated from any external system. No matter how hardened your phone OS is, how good the sand-boxing gets etc., it could never compete with an isolated network which is accessible only by those with suitable security clearance.
And since a network is as secure as the weakest link in the chain, Signal on a private phone is just not secure enough.
“It’s quite hard to hack a modern phone, especially if the person using the phone updates it every time there’s an update released, and doesn’t click on things they don’t know are OK. There are fancy attacks, called Zero-Click Attacks, that don’t require any user interaction, but they’re hard to build and expensive.”
Zero click attacks are still out there, and probably still work on the newest and currently patched phones and they are discovered by among others government spooks.
Hegseth of course is a prime target for said spooks from Russia, Iran, China, NK, Israel etc. (though he’d probably say yes if Israel asked him to install spyware) so being “quite hard” to attack shouldn’t give him or anyone else comfort, though most of us aren’t subject to that kind of interest.