On Wednesday, a team of security researchers published their findings on a startling number of vulnerabilities in Confide, the secure messaging app allegedly used by White House staffers in the midst of a leaking epidemic. The app, which brags about its “military-grade end-to-end encryption,” enables users to send ephemeral messages—and that raises serious security concerns and may also violate record-keeping in the White House, where all correspondence is required to be archived.
The discovered security issues, identified by IOActive in a report, include a failure to utilize SSL server certificates to send messages as well as poor protection on user accounts that would enable a hacker to gobble up user information like email addresses and phone numbers. The company told The Register, “not only have these issues been addressed, but we also have no detection of them being exploited by any other party.”
Regardless of the latest vulnerabilities found in Confide, some say that the issue of top government officials using secure messaging apps raises much broader security and record-keeping concerns. White House officials, for one, are supposed to use encrypted devices provided by the Secret Service that are unable to download new apps. We know that President Trump is still using his old, unsecured Android device because he tweets from the device—although there’s probably nothing the government can do to stop him. Meanwhile, it’s been reported that White House Press Secretary Sean Spicer and others have downloaded Confide on their personal devices, and intelligence officials have said they’ve seen a spike in the use of secure messaging apps across government agencies. According to Axios, Confide is the app of choice for paranoid Republicans. It’s a bad choice.
“[Confide is] a disaster. It’s not secure. It’s not end-to-end encryption. It’s only ephemeral on the user interface,” Nathan Freitas, a fellow at Harvard Law School’s Berkman Klein Center, told Gizmodo. “There’s nothing to stop Confide from logging all the messages.”
Freitas is not wrong. Security researchers from IOActive found that Confide “failed to use authenticated encryption, allowing Confide to alter messages in-transit.” On top of that, it’s possible for Confide to “conduct man-in-the-middle attacks on encrypted messages by changing the public keys sent to parties of a conversation.” And since the app’s encryption protocol is proprietary to Confide, we simply don’t know how well it works. The company’s describing it as “military-grade” doesn’t exactly inspire confidence, and even though Confide says it fixed the vulnerabilities outlined in this week’s report, it’s unsettling that so many security problems existed in the first place.
Then there’s the record-keeping problem. Secure messaging apps like Confide and Signal (the app Freitas recommends, which utilizes the gold-standard Open Whisper Systems Encryption Protocol) enable users to destroy messages after they’ve been read. This raises some serious legal concerns beyond message interception. In 2014, Congress amended the Federal Records Act to include not only email but also “other electronic messaging systems that are used for purposes of communicating between individuals” and specifies that electronic messages regarding official business cannot be sent from non-government devices unless the contents of the messages are copied and preserved for the public record. White House employees must also obey the Presidential Records Act which clearly states that all records belong to the public.
“To the extent that people in the White House are using these apps to do one of two things: they encrypt and they delete,” said Anne Weismann, chief counsel at Citizens for Responsibility and Ethics, in an interview with Gizmodo. “Both of those create problems from a record keeping perspective. The destruction, in my view, would be the destruction of a presidential record.”
This is a big problem. The Presidential Records Act as well as the Federal Records Act were put into place to ensure that government officials at the highest level would be held accountable for communications sent during any given administration. If Trump’s White House wanted to keep its activities secret, secure messaging apps would enable this. Trump administration officials reportedly using private email servers for official business also poses the same danger. For agencies outside the White House, the lack of official records would also mean that Americans can’t FOIA the relevant information or even know what types of exchanges occurred at the highest levels of government.
Thanks to the very recent WikiLeaks dump detailing the CIA’s ability to intercept messages before they’re encrypted, we know that the United States government can slurp up text messages and emails at will. Even law enforcement agencies use spying tools called Stingrays to intercept cell phone communication. While intelligence agencies and the military surely have more powerful surveillance equipment in their arsenals, some of this technology is readily available for civilians or foreign agents to purchase and use.
It’s hard to say whether the White House is trying to cloak its communications in the face of foreign adversaries or from the prying eyes of would-be leakers. We do know that Congress is taking the Trump administration’s free-wheeling approach to record-keeping seriously. This week, Congressman Jason Chaffetz, chairman of the House Oversight Committee, and ranking committee Democrat Elijah Cummings, sent a letter to the White House counsel, expressing concerns that Trump’s habit of deleting tweets could be a violation of federal record-keeping laws. They also addressed the use of secure messaging apps.
“Recent news reports suggest federal employees may increasingly be turning to new forms of electronic communication, including encrypted messaging applications like Signal, Confide and WhatsApp that could result in the creation of presidential or federal records that would be unlikely or impossible to preserve,” the letter read.
But can Congress do anything to get Trump to stop deleting tweets or other administration officials to stop sending encrypted, self-destructing messages from non-government devices? Probably not.
“There is a criminal statute for federal records,” said Weismann, referring to this section of Title 18 of the US Code which says that intentional destruction of government records is punishable by up to three years in prison. “A court could step in” Weismann added. “We have pockets of White House officials using personal phones or RNC email accounts or using these apps so they don’t get caught. There isn’t a clear remedy for that.”
This is quite the unexpected pickle. Confide claims none of the recently reported security vulnerabilities have been breached. However, it’s unnerving that the people in charge of the US executive branch are using secure messaging apps as well as private email accounts to conduct official state business. It makes Hillary Clinton’s homebrew email scandal look almost quaint in comparison.
We live in an upside-down reality, though. What else would you expect?