Disappearing Message Apps: D.C. Mayor Acknowledges Using WhatsApp and Maryland Governor Seems to Be Doing State Business on Wickr
Fritz Mulhauser | January 2, 2022 | Last modified: January 19, 2022
UPDATE: The Washington Post’s editors were unsparing in a January 16 editorial on Maryland Governor Hogan’s evasion of public records laws in his use of the Wickr disappearing message app, discussed below — calling it a “sneaky” way to spew “acid-tongued” emails, “beyond the reach of the media’s, and the public’s, prying eyes” and bolstered by shaky legal fictions “likely to disintegrate on contact with a court of law.” Hogan, said the Post, “has come to see the public records law as an annoyance” and his use of Wickr “negates the broad right of access to records pertaining to the people’s business—exactly the right enshrined in law.” The Coalition has urged D.C. officials to set policy to avoid such misuse, and a new report from the D.C. Board of Ethics and Government Accountability urges the same. (See separate blog post on the report.) The Hogan exhibit shows why action is important.
D.C. Mayor Muriel Bowser has been using the WhatsApp software on the job, according to recent court filings in a lawsuit by The Washington Post seeking D.C. government records related to the January 6 Capitol riot.
WhatsApp encrypts text, voice and video content exchanged over the Internet between a user’s cell phone and another. Acquired in 2014 for $19 billion by Facebook, WhatsApp is used by billions of people worldwide to send messages that can’t be accessed or read by others—not even Facebook has a backup copy or the encryption key.
It is unknown whether the mayor’s account is
- personal or government, and
- whether the mayor uses the automatic erase feature to delete messages.
As Rolling Stone summarized the usefulness of such apps, “For journalists, activists, and government critics who worry about government mass surveillance and political retribution, secure messaging tools can mean the difference between doing their work safely or facing imminent danger.”
But government officials exchanging work messages on such apps create barriers to later access for audit, response to Freedom of Information Act requests, establishing historical facts, or other official needs. That’s because only the account owner can access messages and only via their registered cell phone.
After Martin Austermuhle reported in 2019 on inaccessible D.C. government staff messages on WhatsApp, the D.C. Open Government Coalition asked Mayor Bowser that November to ban its use for D.C. government business until access to messages could be assured such as by mandatory backup. (See the letter and discussion in this earlier blog post.)
The Coalition has heard nothing further since learning the request was referred to an Open Government Advisory Group for further consideration.
The new development is that lawyers for the D.C. mayor have acknowledged two new facts in a recent court filing:
- the mayor was using WhatsApp in January 2021 at the time of the Capitol riot, and
- she agreed to search her messages to respond to a FOIA request byThe Washington Post for any sent January 5-8. The paper sought those among six sets of records in search of “much-needed answers about whether all levels of leadership responded adequately to the attack.” The paper sued this June when D.C. agencies never answered or claimed allegedly inapplicable exemptions.
The District filing includes a sworn account from a mayoral staffer, Assistant General Counsel Cristina Sacco. She says the mayor told her general counsel “a search of her WhatsApp account yielded no responsive records.” The Sacco statement doesn’t describe anything further about the device involved, who did the search or how. The mayor did release about 100 redacted emails she sent January 5-8 on a government account searchable on a central server by D.C. technology staff.
The Post and the District lawyers are continuing to tussle over whether the mayor’s search, as reported third-hand, satisfies the requirements of the D.C. Freedom of Information Act. The next court date is a hearing before Associate Judge Yvonne M. Williams, January 21 at 11:00 in (virtual) Courtroom 212 of D.C. Superior Court.
Now that official use of WhatsApp is established, attention can turn we hope to spelling out safeguards assuring access – safeguards needed as shown by big problems in next-door Maryland.
Maryland Governor’s Private Messaging System Makes Headlines
In a new Washington Post piece by Steve Thompson in print on New Year’s day, Maryland Governor Larry Hogan says his use of encrypted messaging app Wickr (paid for with political funds, according to staff) is “not public business.” He’s comfortable stonewalling, arguing through staff that his Wickr message texts since he started using the app in 2018 are not subject to state record retention or public records access laws.
Wickr, acquired by Amazon in June, has been popular with “journalists, criminals, and the general public” according to Joseph Cox in Motherboard, as it offers even more security with not only encryption but also automatic deletion of messages in 30 days (or sooner if the user chooses, in Hogan’s case within 24 hours).
But Thompson quotes leaked texts that are clearly public business—addressing staff and dealing with topics such as the pandemic. Like D.C., Maryland law is clear that records of public business are public and must be accessible to records requests that may be denied only under narrow exceptions. (The Coalition surveyed state law on the subject years ago.)
This contradiction–of public transparency obligations and fast-evolving technology allowing undetected evasion–is clear in the 2,000-word front page story. Reporter Thompson describes the governor’s multiple chat rooms (shown him by staff in screen shots) along with messages they declined to provide but he found elsewhere. Based on his review of months of messages obtained through other channels, Thompson concludes Wickr is a tool that has “outpaced decades-old laws meant to drag public business into the open.”
Thompson has been on the governor’s trail for more than a year since he used Maryland state records law to get a trove of emails about COVID-19 testing that became a 3,600 word dramatic story last November. It detailed the governor’s central role in the state’s $9 million purchase of flawed COVID-19 tests from South Korea in March 2020—an episode whose details were kept from state officials and the legislature. Some of the newly obtained Wickr messages date from that period and show the governor cursing at staff about messaging about the troubled testing effort.
To the by-now-familiar story of records access problems, a former 38-year Maryland state archivist told Thompson, “To in any way try to eliminate communications that are part of the way in which government functions, or dysfunctions, is extraordinarily bad policy.” Maryland legislators may want to freshen their state records laws to assure all the governor’s records are preserved and accessible.
Hogan later denied again that any messages he has sent on Wickr were official business and labeled “misleading” the Washington Post reporting discussed in the blog post below. The governor characterized the Wickr messages as “casual conversations or chats with people inside and outside the government about things that are happening in the paper” – in contrast to official materials where “we preserve them all the time” and “will continue to be as transparent as we possibly can.”
Hogan spoke January 2 with “State of the Union” co-anchor Dana Bash on CNN. As reported in The Hill, when asked by Bash if he “could guarantee that nothing official should have been archived in messages using the end-to-end encryption app Wickr,” Hogan affirmed “yes.”
The question whether messages are covered by public access law, including those sent on personal devices and via non-government channels, is frequently addressed by courts. It is not up to any government official to decide, as the D.C. Open Government Coalition’s research and advocacy in the District have emphasized for years. The D.C. mayor seems to some degree to have accepted that reality, though perhaps not government-wide; to clarify it in Maryland, perhaps a requester will ask that state’s courts to weigh in.
Other WhatsApp Users In Trouble As Well For Frustrating Required Transparency in Securities Trading
Final note: The U.S. Securities and Exchange Commission, protector of investors and policeman of stock markets to assure they’re worthy of the public’s trust, pushed improper WhatsApp uses into the spotlight yet again when it fined J.P. Morgan Securities $125 million two weeks ago (17). The corporate admissions and record penalty settled charges of years of use of secret messaging by traders and their supervisors that frustrated various SEC investigations.
SEC Commission chair Gary Gensler said in a statement:
Since the 1930s, recordkeeping and books-and-records obligations have been an essential part of market integrity and a foundational component of the SEC’s ability to be an effective cop on the beat. As technology changes, it’s even more important that [securities dealers] ensure that their communications are appropriately recorded and are not conducted outside of official channels in order to avoid market oversight. . . . Books-and-records obligations help the SEC conduct its important examinations and enforcement work. They build trust in our system. Ultimately, everybody should play by the same rules, and today’s charges signal that we will continue to hold market participants accountable for violating our time-tested recordkeeping requirements.SEC Press Release 2021-262, December 17, 2021.
The D.C. Open Government Coalition will continue advocating for both 21st century communications technology that can drive efficient government and open records. If you have information to share about records of government business going missing through the use of WhatsApp or similar messaging tools by D.C. government employees, contact us at email@example.com.
 Whether law enforcement can access encrypted communications is an obvious concern of nongovernment users. The D.C. transparency group Property of the People obtained via FOIA a January 2021 FBI summary of access companies can provide to law enforcement to view content on nine messaging apps varying in their encryption and storage schemes. Strong encryption and storage of messages only on user devices mean Facebook is able to provide only metadata about WhatsApp messages, such as who contacted who, but not message content. In contrast, Apple can offer greater law enforcement access to encrypted iMessages because it stores encryption keys in the cloud. See discussion of the FBI information in Andy Kroll’s November 29 article in Rolling Stone.