Signal CTO: Encryption helps stop mass surveillance, but secure messaging is still misunderstood

Signal Chief Technology Officer Ehren Kret says secure messaging is best understood as a powerful tool against mass surveillance, not a guarantee that every private conversation is protected from targeted spying.

Kret joined Frank Cilluffo on the Cyber Focus podcast for a discussion about what users, policymakers and organizations often misunderstand about encrypted communications. His main point was that encryption matters, but it is only one part of what makes a messaging system private.

“I think the most common thing that people lean to when you’re talking about secure communications is things like disappearing messages,” Kret said. “But a lot of people think that’s sort of the end.”

Kret said users should also ask whether a service provider can read the message, whether the platform can see who is talking to whom and whether other information, such as group membership, profile names or address books, can reveal more than users realize. Even without message content, Kret said a platform that can see the social graph of who is communicating can allow others to infer what people may be discussing.

“Being able to build a social graph can reveal information, even though you don’t necessarily have the message content,” Kret said. “It is highly leaky.”

Kret said Signal has tried to limit what it can know about its own users. Kret said that for more than 99% of messages delivered through Signal, the service does not have the sender side of the equation. He compared it to dropping an envelope into a public mailbox with only the delivery address and no return address.

That design reflects Signal’s larger goal of limiting the ability to collect communications at scale. Kret described their end-to-end encryption as a way to protect against actors trying to harvest messages as they pass through the middle, whether that means governments, intelligence services, service providers, network intermediaries or others positioned to monitor large volumes of communication.

“If you’re like a high enough value target, the phone itself becomes [their way in],” Kret said.

That shifts the privacy fight to the phone itself. A message can be protected in transit and still become vulnerable once it reaches a device, where it may appear in notifications, interact with the operating system or be exposed if the phone is compromised.

That concern is becoming more complicated as artificial intelligence is built below the application layer into operating systems and platforms. Kret said Signal can control what happens inside its own app, but privacy becomes harder to protect if a phone’s operating system starts scanning or processing notification content in ways the user does not fully control.

The challenge is not only technical. Kret said many users are not in a position to judge which communications tools are truly private, leaving them to rely on reputation, word of mouth or assumptions that may not be accurate.

Some products, he said, are widely perceived as secure even though they are not end-to-end encrypted and store messages on servers.

For Kret, that remains one of the biggest challenges facing secure messaging: helping people know which tools actually protect private communication — and which only appear to.

For more on this and other important cyber topics, check out the full catalog of Cyber Focus podcasts