Following a devastating and deadly wildfire in Maui, investigators found that emergency management personnel had exchanged numerous text messages. These records proved valuable in reconstructing the government’s reaction to the 2023 disaster.
A particular exchange suggested the possible use of a second, more private messaging platform by officials.
Herman Andaya, then the head of the Maui Emergency Management Agency, alluded to Signal’s intended purpose in a text to a colleague.
Signal is just one of many messaging apps offering end-to-end encryption and features like automatic message deletion.
While these apps promote greater security and privacy, they can hinder transparency as defined by open records laws. These laws aim to ensure public awareness of government actions. Messages sent via these apps often aren’t accessible through public information requests without specialized archiving tools.
An Associated Press investigation across all 50 states discovered over 1,100 government employees and elected officials with accounts on encrypted platforms linked to their phone numbers.
It remains uncertain whether Maui officials actually used Signal, or merely considered it, as a county representative didn’t provide answers. However, this situation underscores a growing dilemma: How can government agencies leverage technology for enhanced security while adhering to public information laws?
How widespread is the use of encrypted apps in government?
The AP’s research identified state, local, and federal officials with accounts in nearly every state. These included legislators and their staff, as well as personnel working for governors, state attorneys general, education departments, and school board members.
The AP is withholding the names of these officials, as simply having an account doesn’t violate rules in most states, nor does it prove the apps are being used for official business. Although many accounts were registered with government-issued phones, some used personal numbers. The AP acknowledges its list is likely incomplete due to users’ ability to make accounts private.
Over the past decade, instances of improper app usage have been reported in various locations, almost always stemming from leaked messages.
What is the core issue?
While public officials and citizens are constantly warned about hacking and data breaches, the very technologies designed to improve privacy can simultaneously diminish government transparency.
Apps such as Signal, WhatsApp, Confide, and Telegram employ encryption to protect messages, ensuring they are only readable by the intended recipient. Typically, these messages are not stored on government servers. Some apps have automatic deletion features, while others prevent screenshots or message sharing.
Matt Kelly, editor of Radical Compliance, a newsletter focused on corporate compliance and governance, explains, “The main issue is that people have the right to use encrypted apps for personal communication on their personal devices, which isn’t illegal. However, how can an organization differentiate between personal and professional use by an employee?”
Are there legitimate government uses for encrypted messaging?
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) advises “highly valued targets”—senior officials handling sensitive data—to use encrypted apps for confidential communications. These communications are generally exempt from public record laws.
CISA leaders also suggest that encrypted communication can be a beneficial security measure for the public. However, they do not advocate for government officials using these apps to bypass public information laws.
Journalists, including many at the AP, frequently use encrypted messaging when communicating with sources or whistleblowers.
What actions are states taking?
Lanika Mamac, general manager at Smarsh, a company that helps governments and businesses archive digital communications, notes that while some cities and states are working to maintain transparency, public record laws aren’t keeping pace with technology.
“People are increasingly concerned about cybersecurity threats and are focused on security,” Mamac said. “I believe they’re genuinely trying to find the balance between security and transparency.”
Mamac indicates that Smarsh has seen an increase in inquiries, mainly from local governments. However, many other entities have done little to regulate these apps or clarify their appropriate use.
In 2020, the new division director of the New Mexico Child, Youth and Families Department instructed employees to use Signal for internal communications and to set messages to delete after 24 hours. A 2021 investigation into potential violations of New Mexico’s document retention policies resulted in a court settlement with two whistleblowers and the division director’s resignation.
Despite this, New Mexico still lacks regulations regarding the use of encrypted apps. The AP’s research revealed that at least three department or agency directors had Signal accounts as of December 2024.
In Michigan, State Police leaders were found to be using Signal on state-issued devices in 2021. In response, Michigan lawmakers prohibited the use of encrypted messaging apps on state employees’ work devices if they impede public record requests.
However, Michigan’s law doesn’t include penalties for violations, and monitoring the government-owned devices used by 48,000 executive branch employees presents a significant challenge.
What is the solution?
David Cuillier, director of the Brechner Freedom of Information Project at the University of Florida, argues that stronger public record laws are the best solution. He notes that most state laws already stipulate that the content of communication, not the method, determines whether it’s a public record. However, many of these laws lack enforcement mechanisms.
“They should only use apps if they can report and archive the communications like any other public record,” he stated.
Cuillier believes government transparency has generally declined over the past few decades. To reverse this trend, he suggests governments establish independent enforcement agencies, impose penalties for violations, and foster a transparent culture that embraces technology.
“We used to be a beacon of light regarding transparency. Now, we’ve lost our way,” Cuillier concluded.
—Boone reported from Boise, Idaho. Lauer reported from Philadelphia. Associated Press reporters at statehouses nationwide contributed to this report.
