US Congress members urged to embrace encrypted apps
Unlike cellular networks which use weak and outdated encryption, some of the newer apps use strong and modern encryption to protect their customers’ communications, the American Civil Liberties Union has written in a letter Tuesday to officials in the U.S. Senate and House of Representatives.
The move is not going to cost a lot. Many members of Congress already have smartphones and the apps like Signal and WhatsApp are free and can be easily downloaded from app stores. Besides, Apple’s FaceTime and iMessage apps are already built into Apple’s iOS mobile operating system and thus are available to every member or staffer with an iPhone, according to ACLU’s letter to Frank J. Larkin, Senate Sergeant at Arms and Paul D. Irving, House Sergeant at Arms.
“Ensuring the security of Congressional communications against all interception—whether by foreign governments, criminals, or even other branches of the U.S. government or rogue Congressional staffers—would promote both basic liberty interests and national security,” the civil rights group said.
A widely-used cellular encryption algorithm, known as A5/1, is widely used today in U.S. cellular networks, but it was designed in the 1980s, and was broken by cryptographers in the 1990s, according to ACLU.
But in the same way that Bank of America and Google can deliver their Web sites securely to customers over insecure public Wi-Fi networks, smartphone apps protect the audio and text communications of their users through the use of strong encryption even if the underlying cellular network is vulnerable to interception, according to the letter.
Congress’ ability to oversee the President and the administration “is only as robust as its independence from interference by other elements of the government, and its insulation from influence by bad actors outside government,” the ACLU said.
The letter comes against the backdrop of compromises of government websites by hackers, including the breach of the computers of the U.S. Office of Personnel Management, which exposed sensitive details of millions of federal employees. In March, the White House issued a directive that all publicly accessible websites and services of U.S. agencies will have to use HTTPS encryption within two years.