The Encryption Dilemma Undermining National Defense
The National Security Risks of Encrypted Messaging — Policy Gaps and Remedies
Dual-Use Technology: Encrypted messaging applications like Signal, Telegram, and WhatsApp offer robust privacy protections for users, but their same features can be exploited for illicit purposes. These apps serve as vital lifelines for secure communication—used by dissidents, journalists, and everyday citizens to shield conversations from prying eyes—while also enabling spies, criminals, and leakers to operate in the shadows. This dual-use nature creates a policy dilemma between fostering privacy and preventing abuse.
Insider Leaks and Secure Channels: The 2023 Jack Teixeira case illustrates how closed messaging groups and supposedly secure channels can be misused for national security breaches. Teixeira, a 21-year-old Air National Guardsman, leaked hundreds of classified Pentagon documents in a private online chat group (hosted on Discord) to impress internet friends. The breach—one of the most consequential in recent years—exposed sensitive military intelligence, embarrassed the Pentagon, and forced urgent reforms in how secrets are safeguarded.
“Signalgate” Controversy: A high-profile scandal dubbed “Signalgate” erupted in March 2025 when top U.S. national security officials accidentally added a journalist to a Signal group chat discussing secret military plans. This blunder revealed U.S. plans for airstrikes in Yemen and sparked public outrage over the lapse in security and oversight. The incident raised alarms about senior officials using encrypted apps for official business, potentially to sidestep record-keeping, and underscored that even the most secure apps are only as safe as their users’ practices.
Encrypted Apps in Espionage: Secure messaging platforms have become integral to modern espionage and counterintelligence. Spies and foreign agents use encrypted apps to covertly communicate and coordinate operations, thwarting traditional surveillance and wiretaps. Terrorists and extremist networks have similarly leveraged apps like Telegram to recruit, propagandize, and plot attacks out of view. Intelligence agencies warn that this “going dark” phenomenon hampers their ability to detect and disrupt threats hidden behind encryption, even as they adapt with new investigative tools.
Salt Typhoon and Official Responses: In late 2024, U.S. officials sounded the alarm over a sweeping Chinese cyber-espionage campaign code-named “Salt Typhoon,” which infiltrated telecom networks to steal data and even intercept unencrypted communications. In response, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) issued unprecedented advisories urging Americans—especially government and political figures—to “stop texting” and move sensitive chats to end-to-end encrypted apps. This official encouragement of encrypted messaging for security highlights the complex trade-off at play: encryption is deemed essential to counter foreign spying, even as it frustrates law enforcement in other contexts.
Privacy vs. National Security—A Policy Tightrope: The surge in encrypted communications has reignited the debate over how to balance individual privacy with collective security. Law enforcement advocates argue that unfettered encryption shields criminals and impedes investigations, calling for “exceptional access” or technical backdoors to encrypted data. However, cybersecurity experts and civil liberties groups caution that any built-in access for authorities creates vulnerabilities that weaken security for everyone. Indeed, many experts now view strong encryption as not only a privacy tool but a national security imperative in its own right—protecting citizens, businesses, and government officials from cyber espionage and sabotage.
Mitigating Risks While Preserving Rights: To address the illicit use of encrypted messaging without undermining civil liberties, policymakers and intelligence professionals are pursuing alternative strategies. These include targeted surveillance and infiltration of online groups (with court warrants and oversight), advanced cyber tools to hack or lawfully access suspect devices, and analysis of metadata (who contacts whom, when) to map criminal networks even if message content remains hidden. There is also emphasis on insider threat programs and training—for example, the Pentagon tightened controls and monitoring after the Teixeira leak—and on public-private collaboration, such as apps improving security features (Signal patched the vulnerability exposed in “Signalgate” by adding safeguards against phishing links). The goal is to contain the risks of encrypted communications through smart, proportionate measures that uphold user privacy and democratic values.
Introduction
In an era of pervasive digital surveillance and cyber threats, the rise of end-to-end encrypted messaging has provided major benefits for privacy and freedom of expression. Messages secured with robust encryption can only be read by the sender and intended recipient, not by telecommunication carriers, tech companies, or government agencies.