Encrypted messaging for military operations poses critical risks, UB experts say

Despite Signal’s reputation as one of the most secure, privacy-focused messaging platforms available to the public, using it for sensitive military planning — especially outside classified channels — poses grave security risks, according to two UB School of Management experts.

While Signal celebrates encrypted messaging from end to end (device to device), this is only part of the security equation, says Kevin Cleary, clinical assistant professor in the Department of Management Science and Systems. He says the data is still reliant on the security practices of that endpoint and the person using that endpoint.

“Because there is no secondary vetting, we have scenarios where unauthorized individuals are added to communications and, while the data as it is being transmitted remains encrypted, the human on the other end may not be the intended recipient,” Cleary says.

“Knowing this practice is in use, nation-state adversaries, who can quite easily gain a foothold on whatever device they want, are now likely looking at gaining malware footholds to the personal devices of all high-ranking officials,” he adds.

According to Kyle Hunt, assistant professor of management science and systems, military planning is a complex process often requiring input and action from multiple government leaders. The information within these plans is typically top secret, as unauthorized access could cause significant harm to national security and the viability of the plans themselves.

“While the optimal environment to develop such plans would be in-person deliberation among the involved stakeholders, situations exist in which this is not feasible, and planning must be done via communication systems,” Hunt says.

“In such cases, there are protocols in place to enable secure commination pathways. The recent case with Signal shows that straying from these protocols can be detrimental to the protection of critical defense information.”