The EU is taking steps towards more secure communications, but not all of them are necessarily in the same direction.
While the EU Commission now recommends staff to use the Signal messaging app, the European External Action Service (EEAS) has recently deployed its own solution for EU diplomats around the globe.
„The EEAS has not instructed its staff to use Signal. The EEAS is in the process of rolling out a robust instant messaging solution and the instruction is to use this tool to exchange sensitive and classified information up to ‚EU-Restricted‘ within the institution and among employees“, spokeswoman Virginie Battu-Henriksson told netzpolitik.org in an e-mail, referring to a certain classification level.
The EEAS is the EU’s foreign service. It has delegations in countries around the world, including in crisis zones such as Afghanistan.
EU officials frequently use WhatsApp for informal coordination. However, data protection issues and reports about spying raise uncomfortable questions about the Facebook-owned service, driving the move to safer alternatives.
New app live since September 2019
Meanwhile, the EEAS declined to disclose details on its new messaging solution. „We would not comment on internal security features“, said Battu-Henriksson. She noted that deployment was „ongoing since September 2019″.
It remains unclear how messages are encrypted on the new messaging app, what software and protocols it uses and how its security is audited.
Data protection is an additional question mark. The data protection officer in charge did not reply to our query whether the EEAS had done a data protection impact assessment. Such an assessment is required by the rules governing EU institutions for certain types of data processing.
The EU parliament recently ran into data protection trouble after contracting the services of NationBuilder, a controversial US firm used in the Brexit referendum and the 2016 Trump campaign.