The encrypted messaging app Signal is back in the news — and this time, people are asking: Will using it get me arrested?
The short answer is probably not. If your speech would be protected if you were talking to a friend at a park or over the phone, your speech will still be protected when you have that conversation on Signal. And if not, you’re not any more likely to get arrested by using Signal than you were before you started using it. In other words, if you’re doing something unlawful, adding Signal to the mix probably doesn’t appreciably increase the already existing risk of getting arrested for breaking the law.
Let’s look at why that’s so.
Why are people suddenly worried about Signal?
In January, independent conservative journalist Cam Higby posted on X that he had “infiltrated organizational Signal groups all around Minneapolis with the sole intention of tracking down federal agents and impeding/assaulting/and obstructing them.” In his thread, Higby shared screenshots showing how some anti-ICE groups were organized along with the screen names of some participants, which led others to speculate on connections between organizers and Minnesota political figures.
Two days later, on the Jan. 26 episode of the Benny Johnson podcast, Johnson asked FBI Director Kash Patel about Higby’s reporting. Patel replied that the FBI had opened an investigation into Signal group chats, saying (emphasis added):
As soon as Higby put that post out, I opened an investigation on it. Just like any other case . . . We immediately opened up that investigation because that sort of Signal chat being coordinated with individuals, not just locally in Minnesota, but maybe even around the country . . . if that leads to a break in the federal statute or a violation of some law, then we are going to arrest people.
The significance a listener attributes to this quote is going to depend entirely on what they think of the actions of anti-ICE protestors in Minnesota. If the listener thinks the protestors are intending to harm the agents or interfere with federal law enforcement, then the FBI investigating an alleged coordinated effort to commit crimes is probably unremarkable. That’s what the FBI is supposed to do, at that level of abstraction.
On the other hand, if the listener thinks the protestors are engaged in protected First Amendment activity, then the FBI opening an investigation into Signal chats with the promise of arresting people if a crime is committed sounds a lot like viewpoint discrimination. Higby’s thread did not itself show evidence of illegal activity — just people sharing information about law enforcement activity, which is generally protected speech. (FIRE is suing the government on behalf of individuals who created a Facebook group and an app, respectively, that share video of ICE agents doing their jobs.) Many have used that information to protest or film ICE agents, which the First Amendment also protects. Nothing sounds more authoritarian, and less American, than the government investigating people for not liking the government.
But this piece is focused on a secondary effect of Patel’s comments: the fear that downloading Signal is going to put you in the FBI’s crosshairs.
How secure is Signal compared to other messaging apps?
What is it about Signal that has everyone’s attention? To understand why it’s popular among protesters and the Pentagon alike, let’s look at how messaging apps normally work — and how law enforcement might normally use data from those apps to investigate crimes. To do that, we need to think about two things: messages (that is, the actual content of what you’re sending) and the metadata (which is some combination of things like the time sent, the time read, location, device, phone number, network carrier, and so on).
In unsecured text messaging, like SMS or Facebook messages, your messages are sent to a service provider, where they’re stored along with the metadata. Cell phone providers store SMS data, although they generally don’t store it for very long. But in 2022, a detective subpoenaed Facebook messages to investigate crimes related to a suspected unlawful abortion by a 17-year-old. Those texts revealed the teen’s mother had been coaching her daughter on how to take abortion pills, leading to the mother being charged as well.
The Big Tech verdicts you’re cheering for are actually terrible for free speech
The verdicts against social media companies in California and New Mexico over the past two days reveal a disturbing trend: Americans are increasingly willing to view speech as a “product,” subject to regulation in the same way physical substances like alcohol or tobacco are. Many are cheering the decisions, likening them to landmark lawsuits…
Next are messaging apps where the messages are end-to-end encrypted — meaning they can only be read by the devices on either end of the conversation — but the metadata is saved. One example of this is WhatsApp. This means the service provider doesn’t know what you’re saying, but it knows who you said it to, and when, and how often, and sometimes, where you were when you said it, and what phone you were using. For law enforcement, that’s often more than enough. In 2021, former Treasury official Natalie Edwards was sentenced to six months in prison for leaking documents to the press. When investigating Edwards, the FBI got a court order to access the metadata from her WhatsApp conversations. They couldn’t see what she was talking about, but they could see she was having frequent conversations with a reporter, and how those times lined up with stories containing leaked data.
(Side note: Apple’s iMessage is a special case because the messages are end-to-end encrypted, but the default behavior of iCloud is to store the encryption keys in the cloud for data recovery. That’s a setting you can change, if you want. But the default behavior is very much the digital equivalent of locking up your house and sliding the key under the mat.)
And then there’s Signal, which end-to-end encrypts its messages and the only metadata it collects is account-creation time and last-connection time. When the FBI came knocking in 2021, that’s all Signal had to turn over. That’s probably why anti-ICE protesters are using it, why the government has used it, and why tens of millions of other people have, too. It’s also open-source, so it can be (and has been) reviewed for any backdoors, which are undocumented methods of bypassing access control measures (something the government has called on companies to add).
Encryption aside, nothing about the use of Signal to organize groups that monitor federal activity appears to be unlawful. We have a right to organize for political action. We also have the right to monitor law enforcement with phones. And the Fourth Amendment protects us from warrantless collection of our location information or warrantless searches of our cell phones.
Does that mean Signal is perfect? Not exactly, because it exists in the same imperfect world the rest of us do. For example, if you’re using your cell phone to open Signal, there will still be cell tower data about the time you were using your phone, and your cell provider might have metadata that your device communicated with Signal’s servers. Using a VPN could help with the latter, but then it’s a question of how much you trust your VPN. In theory, if you and the person you’re communicating with already have your metadata being captured by these companies, maybe just opening the app around the same time, repeatedly, could be evidence. And, of course, humans are always vulnerable to opsec failures.
But it’s fair to say that trying to reconstruct a crowd of human connections from fragments of metadata scattered across multiple companies is nontrivial. Even if the FBI could get large swaths of metadata — and maybe it can, if it buys it on the open market — it would probably need an immense neural network to try to piece together these fragments into coherent relationships. And where would the FBI get an artificial intelligence to use in that kind of mass surveillance, anyway?
FIRE is working on these issues. In an amicus brief filed last week in support of Anthropic’s lawsuit against the government, we argued:
For example, an agency could use an LLM to infer an individual’s association with a particular mosque based upon frequent visits to the mosque’s website, engagement with the mosque’s social media posts, and their cell phone’s physical proximity to the mosque during religious services. [...] It is easy to conceive how an agency, a government employee with improper intent, or a malicious third party that finds a vulnerability, could exploit these capabilities to monitor public discourse, preemptively squelch dissent, or cause myriad other harms.
A few days earlier, we joined an amicus brief in Chatrie v. U.S., arguing that geofence warrants (that is, warrants that compel service providers to hand over location data for every device near a location during a specific time window) violate First Amendment rights. Protestors, religious congregants, journalists meeting confidential sources, and innocent people who might happen to be nearby all have their rights chilled when the government engages in these digital dragnets.
Does the First Amendment protect the use of encryption like Signal?
Ultimately, Signal is encrypting your messages, and there’s good reason to suspect both the First Amendment’s protection of speech and the general right to privacy protect your messages from government intrusion. There are a few sources of law we can look to for those principles.
There should be books written about Bernstein v. U.S., and if there are, well, there should be more of them. After World War II, the U.S. government broadly regulated the export of cryptography (that is, a key that controlled the reversible transformation of a message) but did not regulate one-way hashing (a mathematical formula that would turn one string into another and could not be reversed). But are those things really different? Isn’t it all a form of speech?
The UK is testing digital curfews. Social media bans for teens might be next.
The future of expression online will in part rest on today’s debates over what age groups can legally use platforms deemed “social media” and what information we must provide to prove we’re adults and allowed to access them. This week, developments out of the UK and Australia continued the global age-verification campaign, as governments aro…
In the 1990s, then-mathematics doctoral student Daniel Bernstein submitted for government review a program called Snuffle. I’ve been told I lose people when I try to explain how it worked, so I’m going to abstract this into really simple terms: Snuffle showed how it was possible to make working encryption in a way that didn’t meet the government’s technical definition for export controls. (It didn’t even actually do it. The code was missing essential pieces. It just showed how to do it.)
The government balked, and Bernstein sued. In its opinion, the Ninth Circuit panel said that Snuffle was entitled to First Amendment protection:
In this increasingly electronic age, we are all required in our everyday lives to rely on modern technology to communicate with one another . . . Government efforts to control encryption thus may well implicate not only the First Amendment rights of cryptographers intent on pushing the boundaries of their science, but also the constitutional rights of each of us as potential recipients of encryption’s bounty.
The Ninth Circuit agreed to rehear the case before the full court, vacating the earlier panel decision. But before the case could be reheard, the government loosened the export rules and subsequently dropped the appeal. That procedural quirk rendered the panel’s decision void, but its wisdom still holds. In the 2000 case Junger v. Daley, the Sixth Circuit rejected the argument that computer source code isn’t really speech, noting that “though unintelligible to many, [it] is the preferred method of communication among computer programmers.”
Encryption aside, nothing about the use of Signal to organize groups that monitor federal activity appears to be unlawful. We have a right to organize for political action. We also have the right to monitor law enforcement with phones. And the Fourth Amendment protects us from warrantless collection of our location information or warrantless searches of our cell phones.
Can Signal keep you from getting caught if you commit a crime?
Signal isn’t a magic get-out-of-prosecution-free app for the same reason that no system is ever going to do that — because once you let humans in, the system becomes imperfect. We started down this road not because of a subpoena, but because someone just joined the groups planning the activity and then told everyone what was going on.
So that’s the hot takeaway: Don’t commit crimes, because you’ll get caught. That’s got nothing to do with Signal though. Signal’s fine.
 | A guest post by
|