Cyberattacks targeting the U.S. government are growing in frequency, sophistication, and severity. In 2020, for example, a massive attack successfully breached nine agencies and hundreds of private companies that work with governments around the world.
So, it makes sense that government personnel would take steps to protect their communications. Enter encrypted messaging apps.
Such apps, like Signal and WhatsApp, enable users to communicate with as much as ease as normal messaging and chat platforms, but they encrypt the information from end-to-end, making the content of these communications inaccessible to people outside the conversation. In some cases, these communications “expire” and disappear forever after a set period of time. As a result, these encrypted apps offer a great way for users to maintain privacy and protect sensitive communications from bad actors.
They are also, however, a nightmare for federal records management teams.
“Encryption and messaging apps like Signal make life difficult for the archivists who are responsible for implementing [records management] requirements,” Steven Aftergood, a government secrecy expert at the Federation of American Scientists, told technology news site ZDnet.
That’s because any official business conducted on these apps is almost certainly subject to records preservation laws. “If you are using a messaging platform—IM, collaborative chat, email, text messaging, Facebook Messenger, ephemeral messaging or encrypted applications—they are all subject to archiving requirements,” Alex Howard, deputy director of the Sunlight Foundation, told Nextgov. “If you conduct public business using any computing device, a record of messaging you exchange is something that should be archived, period.”
However, collecting and preserving records created on these apps is very difficult. It’s not easy to get messages out of the apps in the first place. Then, there’s no way to store these records in an open way if they remain encrypted.
“That’s a real issue, if you’re creating permanent records and they’re encrypted,” Laurence Brewer, NARA’s Chief Records Officer, said at a 2021 conference hosted by the Digital Government Institute, according to reporting from the Federal News Network. “They can’t be transferred to the NARA archives for preservation with that encryption of text messaging.”
NARA is working with the Chief Data Officers Council to determine best practices for collecting and preserving records created with these apps.
There are workarounds, including taking screenshots and using built-in archiving functions. However, these may not be fully adequate to meet records preservation requirements.
In the meantime, federal agencies should be aware that use of these encrypted messaging platforms may be running afoul of the Federal Records Act and similar governmental records preservation laws, unless users take care to archive and preserve communications relating to official government business. This means user education and training will be key. Federal workers using encrypted apps need to understand (1) when it is permissible to use these apps and (2) how to archive any communications related to official government business. If it’s not possible to archive those communications, or the worker is unwilling to do so, they need to understand their use of the encrypted messaging app may be breaking the law.
About PSL
PSL is a global outsource provider whose mission is to provide solutions that facilitate the movement of business-critical information between and among government agencies, business enterprises, and their partners. For more information, please visit or email info@penielsolutions.com.