In brief
- The European Commission is getting its staff to use Signal.
- Signal is a messaging app that offers strong privacy.
- The commission will also be drafting a new cybersecurity strategy.
We do the research, you get the alpha!
The EU's executive body, the European Commission recently issued an internal statement, prompting all employees to switch to Signal—an encrypted messaging app.
As reported by Politico, the instructions were released to the European Commission's internal messaging board earlier this month, stating "Signal has been selected as the recommended application for public instant messaging."
Crypto figureheads have supported the move. Josh Swihart, vice president of marketing at the Electric Coin Company—which builds privacy coin Zcash and where employees tend to use Signal for communications—said that using greater encryption is a smart idea.
“End-to-end encryption is not only critical for security, as the EU discovered, but also critical for protecting our freedom to communicate in confidence and only share it with others when we consent,” he told Decrypt.
Why is Signal good for privacy?
In development since 2010 and first launched on Android and iOS in 2014, Signal was designed to ensure chats, group messages, and any included files are secured by end-to-end encryption. Because of this, the app has earned a reputation of being one of the most secure messaging clients around, and is now favored by American whistleblower Edward Snowden and many other security analysts.
Developed by the Signal Foundation, and prior to that by Open Whisper Systems, Signal uses the cryptographic protocol known as the Signal Protocol as the basis of its security. As an open-source protocol, cryptographers have had the chance to look into exactly what makes Signal tick, and many of which have been impressed by what they found.
"After reading the code, I literally discovered a line of drool running down my face. It’s really nice," said Matt Green, a cryptographer at Johns Hopkins University, according to the Signal website.
Conversely, though WhatsApp uses similar technology, it is not open-source, which means it cannot be thoroughly audited by external researchers. Telegram Messenger CEO Pavel Durov has recently criticized WhatsApp, calling it dangerous.
As it stands, the recent memo appears to be simple advice on how employees can remain secure when they leave the workplace. There is no indication that the European Commission has any plans to switch from encrypted-email based communication to Signal or any other encrypted messaging app for its internal communications.
A new cybersecurity strategy
The move came just days before the commission announced it will be drafting a new cybersecurity strategy, to better protect EU member states against cyber threats after several recent security incidents in recent years. One of which included a huge hack, that saw thousands of diplomatic cables (confidential messages) exfiltrated from the EU's COREU system back in 2017.
With the switch to Signal, it appears the EU is looking to minimize its attack surface area, and reduce the odds of any leaks occurring as a result of employee negligence outside of office hours. But it might not be enough.