In the four tumultuous weeks since President Donald Trump's inauguration, the White House has provided a steady stream of leaks. Some are mostly innocuous, like how Trump spends his solitary hours. Others, including reports of national security adviser Michael Flynn's unauthorized talks with Russia, have proven devastating. In response, Trump has launched an investigation, and expressed his displeasure in a tweet: "Why are there so many illegal leaks coming out of Washington?"
The answer may have to do with uncertainty and unrest inside the administration, as well as the president's ongoing attacks against the intelligence community. But it doesn't hurt that every White House and Congressional staffer has tools to facilitate secure communication in their pocket or bag. Specifically, multiple reports indicate that Republican operatives and White House staffers are using the end-to-end encrypted messaging app Confide, which touts disappearing messages and anti-screenshot features, to chat privately without a trace.
The ability to communicate without fear of reprisal may have helped illuminate the Trump administration's darkest corners. But that same time, anonymity rings alarms for transparency advocates. The same technology that exposes secrets also enables them, a tension that's not easy to resolve.
Confide launched in 2013 as a secure app for executives looking to trade gossip and talk shop without creating a digital trail. The service uses a proprietary encryption protocol, what the company describes as "military-grade end-to-end encryption." Its marquee feature, self-destructing messages, appears on similar services like Snapchat, but Confide's appeal lies in its promise of more robust protections.
It's worth noting, though, that unlike other secure messaging apps, like standard-bearer Signal, Confide's encryption is closed source and proprietary, meaning no one outside the company knows what's going on under the hood of the app. Company president Jon Brod says that Confide bases its encryption protocol on the widely used PGP standard, and that the app's network connection security relies on "recommended best practices" like Transport Socket Layer (TLS). Brod did not respond to questions, though, about whether Confide has ever opened its code base to be independently audited by a third party.
"One key is always, do you make code publicly available that’s been audited where features have been inspected by the security community so that it can arrive at some consensus," says Electronic Frontier Foundation legal fellow Aaron Mackey. "My understanding with Confide, at least right now, is that it’s not clear whether that’s occurred."
Confide's also not the only option in play; EPA workers have reportedly turned to Signal to discuss how to cope with an antagonistic Trump administration, to the agitation of Republican representatives.
No matter what the method, though, encrypted chat appears to have become a staple among political operatives---which happens to raise a whole host of legal questions.
Using an app like Confide for personal communications, like keeping in touch with family members or coordinating gym trips with coworkers, is within bounds. It also, according to a recent Washington Post report, has enabled vital leaks to the media.
At this point it's still possible that politicos are legitimately using Confide for personal purposes. "I know people who use [Confide], but I don't know anyone who’s using it who shouldn’t be using it," says Scott Tranter, a founder of the political data consultancy Optimus. "The people who I know use it because it’s secure messaging."
It's sometimes not easy, though, to separate personal conversations from those that are work-related. Where those lines blur, legal concerns arise.
"If these apps are being used by White House staff, it raises very disturbing questions about compliance with the Presidential Records Act specifically, and more broadly the Federal Records Act," says David Vladeck, a communications and technology law researcher at Georgetown Law School. "The whole point of these statutes is to assure that our nation’s history is neither lost nor manufactured, and the kinds of apps that obliterate the messages are completely incompatible with that and at odds with the law."
Confide puts the onus on its users to walk a legal line. "We expect people to use Confide in a way that complies with any regulation that may be relevant to their particular situation," says Brod.
Encryption itself isn't the issue. End-to-end encrypted communication can coexist with the goals of public disclosure laws, so long as someone retains the decryption key. Using strong security for sensitive government communications makes sense and is appropriate if the parties sending and receiving the communications can still archive them.
But disappearing messages are definitionally communications that are difficult, if not impossible, to record. Plus, it's hard to assess how people are using a communication service like Confide if there's no record of anything they ever sent. "Since Confide is explicitly designed to eliminate a paper trail, its use creates at least the appearance of misconduct, if not the reality," says Allison Stanger, a cybersecurity fellow at the New America Foundation. "Those who wanted to lock up Hillary Clinton for the use of a private email server should be very concerned about this practice."
It's a tough act to balance. Encryption-enabled leaks help hold administrations accountable, a clear public good. The challenge is preserving that level of secrecy without creating black holes where public records should be.
