The CIA didn't break Signal App

The CIA didn’t break Signal or WhatsApp… despite what you’ve heard.

The agency might be able to break into your phone, but files released today show no ability to intercept encrypted chats before they arrive there.

There’s been one particularly misleading claim repeated throughout coverage of CIA documents released by WikiLeaks today: that the agency’s in-house hackers “bypassed” the encryption used by popular secure-chat software like Signal and WhatsApp.

It doesn’t. Instead, it has the ability, in some cases, to take control of entire phones; accessing encrypted chats is simply one of many security implications of this.

It’s also true that the CIA can bypass PGP email encryption on your computer. And the CIA can bypass your VPN. And the CIA can see everything you’re doing in Tor Browser. All of these things can be inferred by the documents, but that doesn’t mean using PGP, VPNs, or Tor Browser isn’t safe.

Basically, if the CIA can hack a device and gain full control of it — whether it’s a smartphone, a laptop, or a TV with a microphone — it can spy on everything that happens on that device.

It of course remains possible (as it always has and always will) that the CIA has cracked the encryption of Signal, WhatsApp, or any other piece of software. But WikiLeaks hasn’t provided any evidence of that here today.

– Sam Biddle & Micah Lee in The Intercept