By Jeff Halstead
More than 80% of first responders said interoperability – the ability to communicate with other agencies across different technologies – is a “critical” or “somewhat” concern, according to a November 2021 report. survey by Verizon.
Despite the ubiquitous presence and accessibility of public messaging apps to enable interoperability, the use of these consumer programs by police and first responders poses significant workplace and legal risks. And sadly, an overwhelming number of public safety employees use consumer apps, as well as texting, for work-related communications — breaking the law while doing it without realizing it.
Contrary to promises of secure messaging and data storage, public messaging apps – WhatsApp, GroupMe, Signal and SMS – are not designed to exchange shared information between agents and do not offer fully encrypted communication. Sharing critical details about the crime, or even the emergencies that first responders are responding to, creates the risk of information leaks, potentially exposing first responders and officers to unforeseen challenges or legal reprimand.
Below, we take a closer look at the importance of eliminating consumer apps in law enforcement.
Risks posed by public communication applications
Conventional email software has made strides in improving communications security to offer strictly encrypted messaging. However, these apps are tailor-made for general users and do not provide the extent of information security or tracking required for exchanges between first responders and government agencies.
Messages sent using SMS or consumer application services are public once delivered and are not tracked when forwarded to other recipients. The lack of external tracking of shared messages opens up the possibility and has already led to classified information falling into the hands of the media before responders can act. The unlimited flow of sensitive information in turn puts victims, associated persons and responders at risk. This pitfall of tracking message transfers leaves first responders liable for damages and grievances caused due to mishandling of critical information.
End-to-end encryption claims have recently taken center stage in messaging app conversations. However, the programs developed for consumers are not intended to provide security guaranteed by information shared between first responders. This inadequate protection allows those with malicious intent to breach old protections and steal classified data.
Many public messaging apps additionally allow users to permanently delete shared messages to provide attractive features. While the cornerstone of effective law enforcement is the ability to share information quickly, agencies should keep archived copies of all work-related conversations. Therefore, deleting work-related posts means officers are breaking public records retention laws.
Use of public communication apps exposes responders to legal liability
Conversations between police officers on work-related matters are classified as evidence and must be recorded in public records. Deleting shared posts qualifies as destroying evidence or even interfering with legal proceedings and is a crime. Conventional apps allow for deletion of shared messages, they violate federal and state public records laws, and are not compliant with Criminal Justice Information Services (CJIS).
For example, Texas Senate Bill 944 requires that any public information on a private device, including text messages, be transmitted or transferred to the government agency or to a government agency server for preservation, which would not be possible if the information were compromised through a mainstream messaging app. In Indiana, text messages are also considered public records and have a three-year retention cycle. Additionally, Florida Public Records Law defines “public records” as all documents, papers, letters, maps, books, tapes, photographs, films, sound recordings, and all other forms of communication. As these laws are broad and comprehensive, it is imperative that agents use secure and encrypted applications that provide guaranteed retention of all communications.
Agents also encounter issues with the ability to delete conversations and the lack of self-auditing features provided by these platforms. These findings may prevent agencies from complying with Freedom of Information Act (FOIA) requests. Therefore, under scrutiny, agencies that rely on consumer messaging apps at work expose themselves to the possibility of legal action against them. Namely, if information is misplaced or lost during a crisis, the use of non-compliant applications can have serious consequences.
These platforms can have implications beyond the jurisdiction of federal and state public records laws. If an app’s security measures do not restrict messaging in a secure manner, grievances over sensitive information that has come into the hands of individuals outside the agency are also grounds for legal action.
Why secure and compliant messaging apps are imperative for first responders
The best rule for agencies to follow is to limit all business communications to dedicated, compliant, and secure platforms, and to avoid using a mainstream messaging platform. Without the use of compliant apps, agencies lack the technology to perform their tasks legally and securely. Fortunately, more technologies that fit this mold are on the market for agencies to explore and find the right solution for their department.
Although penalties for misplacing information via consumer apps differ in each state, officers are committing a crime any time they knowingly use these apps/platforms and conceal, destroy or delete evidentiary conversations, which can lead to the termination of their functions. Additionally, the use of compromised applications poses security risks to officers, as would approaching a scene without proper equipment and intelligence.
The nature of first responder work requires rapid, real-time exchange of information, which is readily available with mainstream messaging apps. Although they offer an immediate connection and a user-friendly platform, they pose significant risks for agents and their employers.
It is incumbent on law enforcement departments to invest in their teams, providing consolidated messaging application training as well as messaging solutions that align with the training. Ensuring their workplace email compliance protects agencies from lawsuits and protects sensitive information within their organizations so agents can perform their jobs unhindered.
About the Author
Jeff Halstead has dedicated nearly 30 years of service to law enforcement and corresponding local communities. For more than two decades, Halstead worked for the Phoenix Police Department, leaving as a commander of Homeland Security (Fusion Center) to join the Fort Worth Police Department. As Fort Worth Police Chief, he dealt with numerous domestic and global crisis incidents before retiring in 2015. He went on to found and create Evertela secure and compliant mobile communications platform for first responders and government entities to address the communication disparities he witnessed firsthand as a first responder and law enforcement officer.