Are law enforcement officers unknowingly breaking the law by using consumer messaging apps?
Contrary to promises of secure messaging and data storage, public messaging apps are not designed to exchange intelligence shared among officers
By Jeff Halstead
More than 80% of first responders said that interoperability – the ability to communicate with other agencies across differing technologies – is of “critical” or “somewhat” concern, according to a November 2021 survey by Verizon.
Despite the pervasive presence and accessibility public messaging apps to enable interoperability, the use of these consumer programs among police and first responders poses significant workplace and legal risks. And unfortunately, an overwhelming number of public safety employees use consumer apps, along with SMS texting, for work-related communications – breaking the law while doing so without realizing it.
Contrary to promises of secure messaging and data storage, public messaging apps – WhatsApp, GroupMe, Signal and SMS texting alike – are not designed to exchange intelligence shared among officers, and do not offer fully encrypted communication. Sharing critical details on crime, or even, emergencies that first responders address, creates the risk of information leaks, eventually exposing first responders and officers to unforeseen challenges or legal reprimand.
Below we look more closely at the importance of eliminating consumer apps in law enforcement.
Risks posed by public communication apps
Conventional messaging software has made strides in enhancing communication security to offer stringently encrypted messaging. However, these apps are tailored for general users and don’t offer the extent of security or information tracking required for exchanges between first responders and government agencies.
Messages sent using SMS or consumer application services are public once remitted and are not tracked when forwarded to further recipients. The lack of external tracking of shared messages opens the possibility of and has previously led to, classified information falling into the hands of media before responders could take action. The unrestricted flow of sensitive information, in turn, exposes victims, associated individuals and responders to risks. This pitfall regarding the tracking of message transfers leaves first responders liable for harm and grievances caused due to mismanagement of critical information.
Claims of end-to-end encryption have recently taken center stage in conversations on messaging apps. However, programs developed for consumers do not aim to offer security warranted by intelligence shared among first responders. This inadequate protection allows those with malicious intent to breach past safeguards and steal classified data.
Many public messaging applications further let users permanently delete shared messages as a push to offer appealing features. While the cornerstone of effective law enforcement is the ability to share intelligence swiftly, agencies must keep archived copies of all conversations related to work. Hence, deleting messages related to work means the officers are infringing public records retention laws.
The use of public communication applications exposes responders to legal liability
Conversations among police officers on work-related matters are categorized as evidence and required to be entered into public records. Deleting shared messages is outlined as the destruction of evidence or even interference with judicial proceedings and is a crime. Conventional apps allow the ability to delete shared messages, they violate federal and state-level public records laws and are not compliant with Criminal Justice Information Services (CJIS).
For example, the Texas Senate Bill 944 mandates that any public information on a privately owned device, including SMS, shall be forwarded or transferred to the governmental body or a governmental body server to be preserved, which would not be feasible if the information was compromised through a consumer messaging app. In Indiana, text messages are also considered public records and carry with them a three-year retention cycle. Additionally, Florida Public Records Law defines “public records” as all documents, papers, letters, maps, books, tapes, photographs, films, sound recordings and all other forms of communication. As these laws are broad and all-encompassing, it’s imperative that officers use secure and encrypted apps that offer guaranteed retention of all communications.
Officers also run into issues with the ability to delete conversations and the lack of self-auditing features that these platforms provide. These results can prevent agencies from complying with Freedom of Information Act (FOIA) requests. Hence, under scrutiny, agencies that rely on consumer messaging apps at work open themselves to the chance of legal proceedings against them. Namely, if intelligence is misplaced or lost during a crisis, the use of non-compliant apps can hold grave consequences.
These platforms can pose repercussions beyond the jurisdiction of federal and state-level public records laws. If an app’s security measures do not securely restrict messages, grievances caused due to sensitive intelligence reaching the hands of individuals outside of the agency are also grounds for legal proceedings.
Why secure and compliant messaging apps are imperative for first responders
The best rule for agencies to follow is to limit all work communications to dedicated, compliant and secure platforms, and avoid utilizing any consumer messaging platform. Without the usage of compliant apps, agencies are without the technology needed to lawfully and safely perform their tasks. Luckily, more technologies that fit this mold are in the market for agencies to explore and find the right fit for their department.
While the punishments for misplacing intelligence through consumer apps differ in each state, officers commit a crime each time they knowingly use these apps/platforms and conceal, destroy, or delete evidentiary conversations, which can lead to termination from duty. In addition, the use of compromised apps leads to security risks for officers as approaching a scene without proper equipment and intelligence would.
The nature of first responders’ work calls for swift, real-time exchange of information, which is easily available with consumer messaging apps. While they provide immediate connection and a user-friendly platform, they pose significant risks to officers and their employers.
The onus lies on law enforcement departments to invest in their teams, providing consolidated training around messaging apps along with messaging solutions that align with the training. Ensuring compliance of their workplace messaging shields agencies from legal proceedings and protects sensitive information within their organizations so officers can perform their work unhindered.
About the author
Jeff Halstead dedicated nearly 30 years of service to law enforcement and corresponding local communities. For more than two decades, Halstead worked for the Phoenix Police Department, departing as Homeland Security Commander (Fusion Center) to join the Fort Worth Police Department. As chief of police in Fort Worth, he faced many national and global crisis incidents before retiring in 2015. He went on to found and create Evertel, a secure and compliant mobile communication platform for first responders and government entities, to solve the communication disparities he witnessed firsthand as a first responder and law enforcement agency leader.