U.S. government agencies are under pressure to switch to end-to-end encrypted messaging apps like WhatsApp, Signal, and FaceTime. This comes after reports revealed that China hacked U.S. telephone networks, putting national security at risk. Senators Ron Wyden and Eric Schmitt sent a letter to the Department of Defense, cautioning that relying on unencrypted landlines and platforms like Microsoft Teams is a serious security vulnerability. The FBI and the Cyber Security and Infrastructure Agency (CISA) confirmed that hackers linked to China accessed private communications of a small number of officials in a breach known as Salt Typhoon.
In their December 4 letter, the senators criticized the DOD for not using its purchasing power to enforce cyber defenses from wireless providers. They emphasized that the lack of end-to-end encryption for unclassified communications leaves the department open to foreign threats.
The situation isn’t entirely bleak, though. The U.S. Navy is conducting a trial with Matrix, an open-source, decentralized messaging platform, to ensure secure communication across 23 ships and three shore facilities. While the senators applauded this pilot program, they pointed out that it’s still not the norm across the DOD or the federal government.
The Salt Typhoon operation has already targeted key figures, including potential President Donald Trump and Senate Majority Leader Chuck Schumer. The senators stressed this should act as a wake-up call for government communication security, highlighting the need for stronger measures. The FBI and CISA recommend encrypted messaging platforms like Signal and WhatsApp to help guard against hackers.
CISA’s Jeff Greene reiterated this message on NBC, stating, “Encryption is your friend.” Even if hackers manage to intercept communications, encryption makes it unintelligible.
Cybersecurity expert Bruce Schneier pointed out that hackers seem to have exploited backdoors that U.S. laws require for wiretapping. He criticizes the idea that these backdoors can only be used by law enforcement, noting they can just as easily be targeted by malicious actors.
Matthew Hodgson from Matrix.org remarked that the Salt Typhoon incident underscores existing concerns about backdoor access, especially in the context of the UK’s Online Safety Act. He found it ironic that intelligence agencies are now promoting the use of secure messaging systems while simultaneously having supported backdoors in the past.