As elites switch to texting, watchdogs fear loss of transparency

Kevin Roose
People walking in the lobby of the Congress Center ahead of the World Economic Forum in Davos, Switzerland last January.
Jason Alden | Bloomberg | Getty Images

In a bygone analog era, lawmakers and corporate chiefs traveled great distances to swap secrets, to the smoke-filled back rooms of the World Economic Forum in Davos, Switzerland, or the watering holes at the annual Allen & Company conference in Sun Valley, Idaho.

But these days, entering the corridors of power is as easy as opening an app.

Secure messaging apps like WhatsApp, Signal and Confide are making inroads among lawmakers, corporate executives and other prominent communicators. Spooked by surveillance and wary of being exposed by hackers, they are switching from phone calls and emails to apps that allow them to send encrypted and self-destructing texts. These apps have obvious benefits, but their use is causing problems in heavily regulated industries, where careful record-keeping is standard procedure.

More from New York Times:
SoundCloud, which rose to stardom on indie talent, lays off 173
When co-worker behavior seems discriminatory
Buffett bets on energy with deal for Texas utility

"By and large, email is still used for formal conversations," said Juleanna Glover, a corporate consultant based in Washington. "But for quick shots, texting is the medium of choice."

Texting apps are already creating headaches on Wall Street, where financial regulations require firms to preserve emails, instant messages and other business-related correspondence.

In March, Christopher Niehaus, an investment banker with the Jefferies Group in London, resigned from his job and was fined nearly $50,000 by British regulators after disclosing confidential client information to a friend over WhatsApp. Deutsche Bank barred its employees from texting and using WhatsApp on their work phones in an effort to curtail underground communication. And last year, prosecutors charged Navnoor Kang, a portfolio manager at the New York State Common Retirement Fund, with securities fraud, accusing him of taking bribes as part of a pay-to-play scheme. According to the indictment, Mr. Kang and his co-conspirators plotted their deeds over, you guessed it, WhatsApp.

The appeal of these apps is no big mystery. Cyberattacks on prominent people — like the 2014 hack of Sony Pictures executives and the WikiLeaks release of emails from John D. Podesta, Hillary Clinton's former campaign chairman — have put the Davos class on high alert. And President Trump's election in November led to a boom in business for encrypted texting appsamong those who feared he would intensify surveillance tactics. Whether they are trying to evade the law, arrange fragile deals or just talk candidly without fear of being snooped on, business executives and other leaders have many reasons for wanting a private back channel.

"After the 2016 election, there's an assumption that at some point, everyone's emails will be made public," said Alex Conant, a partner at the public affairs firm Firehouse Strategies and a former spokesman for Senator Marco Rubio of Florida. Most people are now aware, Mr. Conant said, that "if you want to have truly private conversations, it needs to be over one of those encrypted apps."

For now, America's elites seem to be using secure apps mostly for one-on-one conversations, but the days of governance by group text might not be far-off. Last year, a group affiliated with Britain's Conservative Party was discovered to be using a secret WhatsApp conversation to coordinate a pro-"Brexit" messaging campaign, while a separate WhatsApp group was being used by politicians backing the Remain effort. Steve Baker, the Conservative member of Parliament who led the pro-"Brexit" group, told The Telegraph that WhatsApp was "extremely effective" as a tool for political coordination.

Encrypted chat and email programs have existed for years, but many were clunky and hard to use. That changed when WhatsApp, a messaging program owned by Facebook with more than a billion users, turned on encryption by default for all of its users last year, making it simple for even the tech-averse to talk securely.

Disappearing messages, once the province of teenagers on Snapchat, have also become standard issue for the paranoid, and even mainstream apps like Facebook Messenger now allow users to send secret, self-destructing messages.

Despite their convenience, third-party messaging apps can pose new risks if their security measures are flawed or incomplete. Confide, for instance, was criticized when security researchers found multiple vulnerabilities that could have left users' communications exposed to hackers. (The company said that the issues had been resolved and that Confide offered "industry-standard cryptography.")

Self-deleting messages can also foul up long-established record-retention practices and, for some federal employees, they may constitute a violation of the law. White House staff members, for example, are required by the Presidential Records Act of 1978 to store copies of their work-related correspondence, while employees of other federal agencies, including the State Department, are required to save their communications under the Federal Records Act. When those records are created outside of official channels — or when, in the case of a disappearing message, they're never created at all — a piece of history is lost.

Few issues produce bipartisan consensus in Washington these days, but the secure messaging trend has drawn criticism from all sides. Citizens for Responsibility and Ethics in Washington, a watchdog group, recently filed a lawsuit against the Trump administration, alleging that Mr. Trump and his associates were "ignoring or outright flouting" public records laws by using texting apps like Confide. Judicial Watch, a conservative group, sued the Environmental Protection Agency over its staff members' reported use of Signal, calling the app's popularity among government workers "disturbing" and saying that it "may make it difficult for their work to be overseen."

"It's a serious issue that part of the legal record is being destroyed," said John Wonderlich, the executive director of the Sunlight Foundation, a group that advocates open government. "Lots of record-keeping requirements don't work very well at all for the modern world."

Secure chats are especially tough to regulate, because they leave few traces by design. But scrutiny of the practice is growing. In March, David S. Ferriero, the nation's archivist, sent a memo to officials at federal agencies reminding them that they were "responsible for properly managing electronic messages that are federal records" across a wide range of communications systems.

Representative Mike Quigley, Democrat of Illinois, recently introduced the Communications Over Various Feeds Electronically for Engagement (or Covfefe) Act, which would extend the reach of the Presidential Records Act to include social media posts and other digital records. Despite the groaner of a name, a cheeky reference to Mr. Trump's now-infamous misspelled Twitter post, Mr. Quigley's bill addresses a very real issue: As of now, tweets and other social media posts are not explicitly named as protected records.

Daniel Jacobson, a White House lawyer during the Obama administration, told me that the use of apps like Signal and Confide among Trump administration officials might technically amount to criminal activity, under laws that prohibit the destruction of government property. And while White House staff members are unlikely to go to jail for texting, he said that preserving public records was an essential democratic norm, no matter which apps officials use.

"The public has a right to know what people in the White House worked on," Mr. Jacobson said. "Especially at a time where basic facts are often disputed, it is important to know that the truth will one day be made public."

Whether illicit or innocent, the use of secure texting apps is probably here to stay. The alternative is just too fragile, in a world where a data breach can mean disaster. Which means it's up to regulators and technologists to find a solution that provides both security and accountability.

If modern communication methods can be aligned with record-keeping laws, it will ensure that when our leaders conduct official business, the public still gets the message.