Congress urged to communicate using encrypted apps

The encryption used by communications apps such as WhatsApp is stronger than those of phone networks, says ACLU

Mobile security
Credit: IDGNS

Congress members and staff are being urged by a civil rights group to use encrypted smartphone apps such as WhatsApp and Signal rather than traditional cellular networks.

Unlike cellular networks that use weak and outdated encryption, some of the newer apps use stronger encryption to protect their customers' communications, the American Civil Liberties Union wrote in a letter Tuesday to officials in the U.S. Senate and House of Representatives.

The move wouldn't be expensive. Many members of Congress already have smartphones, and apps like Signal and WhatsApp are free and can be easily downloaded from app stores. Apple’s FaceTime and iMessage apps are already built into the iOS mobile operating system and thus are available to every member or staffer with an iPhone, according to the ACLU's letter to Frank J. Larkin, Senate Sergeant at Arms and Paul D. Irving, House Sergeant at Arms.

"Ensuring the security of Congressional communications against all interception—whether by foreign governments, criminals, or even other branches of the U.S. government or rogue Congressional staffers — would promote both basic liberty interests and national security," the civil rights group said.

A widely used cellular encryption algorithm, known as A5/1, is widely used in U.S. cellular networks, but it was designed in the 1980s and was broken by cryptographers in the 1990s, according to the ACLU.

But in the same way that Bank of America and Google can deliver their websites securely to customers over insecure public Wi-Fi networks, smartphone apps protect the audio and text communications of their users through the use of strong encryption even if the underlying cellular network is vulnerable to interception, according to the letter.

Congress' ability to oversee the president and the administration "is only as robust as its independence from interference by other elements of the government, and its insulation from influence by bad actors outside government," the ACLU said.

The letter comes against the backdrop of compromises of government websites by hackers, including the breach of the computers of the U.S. Office of Personnel Management, which exposed sensitive details of millions of federal employees. In March, the White House issued a directive that all publicly accessible websites and services of U.S. agencies will have to use HTTPS encryption within two years.

Computerworld's IT Salary Survey 2017 results
Shop Tech Products at Amazon