USAID updated policy to allow use of Signal, Telegram in some circumstances
The U.S. Agency for International Development quietly updated its policy last year to allow its employees to use third-party messaging platforms — including Signal and Telegram — for government communication in certain circumstances, a document obtained by FedScoop shows.
The agency would not provide specific reasoning behind the decision to permit the use of those messaging platforms — which have previously raised some concerns throughout Washington when used for official government business — and only said that it regularly updates technology policies to comply with the law and with changes in requirements and legislation. Unlike many federal agencies, USAID has missions across the world — and its employees often confront dangerous and difficult local dynamics abroad where the use of these platforms can be helpful.
A publicly available version of the agency’s operational policy, called the Automated Directives System (ADS), shows that the document was updated over a year ago to address third-party messaging applications. Highlighted in yellow, seemingly new language explains that employees are allowed to use personal and so-called “approved non-official” electronic messaging systems if they’re communicating with partners who won’t use other platforms. Employees are also allowed to use these platforms if engagement is “greatly enhanced” by using them, such as communicating during emergencies or coordinating logistics.
Employees are supposed to forward official communications within 20 days, per requirements related to the Freedom of Information Act. However, they’re not required to forward this information if it concerns “routine logistical activities that do not provide evidence of substantive Agency business and/or whose value to the Agency is minimal and of a particularly short-term nature,” according to the ADS.
The document also states that employees can use these platforms in certain emergencies, including when facing threats to personal safety or natural disasters, but warns that “any use of an exceptional circumstance must be temporal in nature and discontinued once the exceptional circumstance no longer exists.” Employees are not allowed to use non-government platforms to communicate information considered to be Not Releasable to Foreign Nationals (NOFORN).
Changes to the document were made apparent to FedScoop after obtaining a general notice discussing “approved non-official systems” through a public records request.
Allowing the use of Signal in certain circumstances raises some questions about FOIA compliance, given that the platform has a feature that permanently deletes messages within given timeout periods. The USAID spokesperson did not answer specific questions about how the agency ensures records are preserved or if there were specific rules for whether senior leaders in the agency could use the messaging app.
Alexander Howard, an expert in digital government who writes the independent publication Civic Texts, said agencies can archive Signal messages if federal workers “uphold their ethical obligations to memorialize public business if it is conducted in that channel.” Still, he said he was unclear about how agencies ensure compliance with these policies.
The communications staff of the National Archives and Records Administration, which pointed to an FAQ on the topic, said in a statement to FedScoop that the agency “provides records management guidance to agencies on how to manage electronic messages. NARA requirements apply regardless of what tool is used to send or receive the electronic message.”
“The Federal Records Act requires that employees must forward ‘a complete copy of the record to an official electronic messaging account of the officer or employee not later than 20 days after the original creation or transmission of the record,’” NARA continued. “Typically, agencies advise employees to either take a screenshot of the message and forward it to their official accounts or to use an export feature in the app, if available. NARA has a website with more information available about managing email and emessages.”
Signal, meanwhile, says it doesn’t keep messages or much information about users themselves.
“Because everything in Signal is end-to-end encrypted by default, the broad set of personal information that is typically easy to retrieve in other apps simply doesn’t exist on Signal’s servers,” an August blog on the company website explains. “Once again, Signal doesn’t have access to your messages; your calls; your chat list; your files and attachments; your stories; your groups; your contacts; your stickers; your profile name or avatar; your reactions; or even the animated GIFs you search for — and it’s impossible to turn over any data that we never had access to in the first place.”
A previous USAID document from September 2022 that described rules for third-party applications and text messages noted that the agency didn’t encourage the use of text messaging for agency business and noted that it was employees’ responsibility to record their messages within a USAID recordkeeping system. The document also “prohibited” the use of personal email accounts, WhatsApp, Facebook Messenger, Viber, and SnapChat for agency business.
A second page of that document listed WhatsApp, personal email, text messages, and Signal as unauthorized platforms. However, the document noted that “in limited exceptional circumstances, the temporary use of non-official EM systems may be necessary,” though employees were obligated to forward the communications.
