Installing Signal in the noise: how Uncle Sam investing in open source secure messaging created civic infrastructure

Alexander B. Howard

Alexander B. Howard

5 min read
Installing Signal in the noise: how Uncle Sam investing in open source secure messaging created civic infrastructure
Image from signal.org

Good morning from cloudy Washington, where neither the House or Senate are in session, but various committees are holding hearings today. You can always get smarter about what’s happening and when at Congress.gov.

Alex here, with a new civic text. 

Today is National Voter Registration Day, which means YOU need to take a moment to register to vote or check your registration, get #VoteReady, and then, encourage everyone you know and everyone connected to you online and offline to do the same at the new vote.gov or vote.org.

Go break some records. 🇺🇸 🗳️ 💪

All done? Excellent. Onwards!

Many thanks to everyone who has subscribed since our soft launch this spring, and a hearty welcome to all of the new members who have subscribed after reading my essay on the end of impunity for tech titans in the New York Times.

To be frank with you, I wish I’d started building a community with you all on email over a decade ago instead of overinvesting in social media, but I’m thrilled you’re listening, connecting, and making me smarter now. 

I still believe in reaching folks where you are, online and off, so I’m not withdrawing from social media — I just want to host more conversations here and own the relationships, instead of allowing tech companies to filter you or me, and reduce the risk of being deplatformed.

These risks are not theoretical, unfortunately: Earlier this year, I lost the ability to post on Threads, and my primary Twitter account (@digiphile) was hacked recently. It took many days to get it back, after I networked my way to internal help when automated support at X kept closing my ticket and ignoring my appeals. 

Security risks aside, I’ve watched it become harder and harder for my work to “get seen” on social media unless I pay to promote it. 

You can help. Please share these newsletters and recommend them, if you find Civic Texts useful or insightful. If you can, please consider upgrading to a paid membership.

I will need much more support to make this work anywhere close sustainable this year: every person helps, and the “pledge drive” is never ending. 

In return, I promise never to abuse your inbox, waste your time, or sell your contact information. 

If the cost of upgrading to a paid membership (currently $5/month or $50/year) would create a financial hardship, no worries. My public posts are free and open to all, and will remain so. (The @CivicTexts I send over text do require paid subscription, but those are a separate channel.)

Membership means you can comment, if you like, participate in chats, participate in future events, and — at the founding level — talk with me once a year for an hour about anything you like. 

You can reach me at 410-849-9808 or Alex@governing.digital with questions, comments, tips, or requests to shift to a more secure channel, over on Signal.

And that (finally!) brings me to the topic for this newsletter. (Thank you for your patience for a message from the founder and editor.) 

In his analysis of Pavel Durov’s arrest  for 404Media, Jason Koebler explored why Durov and Telegram are the object of so much upset across the global far-right, albeit saddled with an unhelpful headline and internal frame.

(As a reminder, “culture war” is a euphemism that masks conflicts in a multiracial, pluralistic democracy over extending equal rights, equal justice, and civil liberties to every person — regardless of our race, religion, gender, or sexual orientation.

Much as I think using “real world“ should be deprecated in favor of “offline,” I suggest writers consider centering how people are using or abusing power to extend or deny civil rights and human rights to marginalized groups instead of the “culture” frame.)

Koebler ably traces the story of how an “alternative fact” about the relative security of Telegram and Signal was co-created in online fever swamps over the past year. (I won’t rewrite it: go read, & come back.) 

What has remained interesting to me is how conspiratorial thinking, poor information diets, and motivated laetisan bias have led some folks not to trust a secure app that was expressly designed with trust in mind, right down to open sourcing the code beneath it — despite folks like Elon Musk being devotees of the gospel of technological transparency at the platform formerly known as Twitter and beyond.

The folks over at Open Technology Fund understood why activists, journalists, dissidents, and human rights advocates around the world and around the United States might not trust a secure messaging app that was in any way funded by the U.S. government

The way Signal optimized for trust a decade ago was smart and straightforward: open source code, which everyone could look at online. 

This kind of of app and underlying code is digital civic infrastructure — “digital public infrastructure,” to use the frame now more in vogue internationally.

Sadly, the US government has often not been the good steward of open source software I’d hoped in recent years, despite its crucial role in building and maintaining digital civic infrastructure. 

In 2020, we even saw a push to defund the Open Technology Fund at the U.S. Agency for Global Media in favor of traditional procurement of proprietary software from commercial vendors which thankfully failed, in no small part thanks to whistleblower's and pushback from the press and advocates.

While we’ve seen more attention to the security of code that nations and corporations depend on by CISA since, Code.gov is effectively mothballed and the federal open source policy feels more like a zombie document than a living one — in parallel to the 2009 Open Government Directive

In that context, Open Technology Fund’s announcement of Free and Open Source Software (FOSS) Sustainability Fund” last spring that would “support the long-term maintenance of FOSS projects and the communities that sustain them” was good news. 

I expect a more secure, safe, & resilient Internet & app ecosystems will result as they fund more projects in 2024 and beyond. 

I hope that a new administration in the USA will feature renewed investment, attention, and robust policymaking, including the appointment of the sixth U.S. chief technology officer that President Biden never made.

I retain moderated optimism that we’ll see more investment in civic technologies across the United States in 2025 that will show learning from the past decade of building civic apps that few people used, standing up websites and open sourcing code that no one maintained, or disclosing open government data in demand and ensuring it was used, re-used, applied, and institutionalized. 

Keep an eye out for expensive debacles with government technologies and industry incumbents defending shoddy software while maligning civic technologies communities build with one another.

Shiny app syndrome” is still with us, as is plenty of FUD about the security of open source software.

In the meantime, go kick the tires on Signal on GitHub if you‘re curious, and download it, if you haven’t. It’s free, has no ads or tracking, and is run by a trustworthy BBB nonprofit.

Check out the Freedom of the Press Foundation’s guide to Locking down Signal, if you have.

Make some time for this Wired interview with Signal president Meredith Whitaker, and listen to this conversation on encrypted messaging

That’s it for this edition. See you online!  










Read more