By FAFO Editorial Staff
Law enforcement agencies across the country are increasingly using encrypted messaging apps like Signal. On the surface, that sounds like a move toward better security. In reality, it raises a serious question: are they violating CJIS rules?
The answer depends on one thing—what they’re sending.
The Criminal Justice Information Services Division (CJIS) sets strict requirements for handling Criminal Justice Information (CJI), including criminal histories, LEIN/NCIC data, and active investigative details. These rules aren’t optional. They exist to ensure sensitive information is controlled, traceable, and secure.
That’s where Signal becomes a problem…
Signal is encrypted, but CJIS compliance is about far more than encryption. Agencies are required to maintain audit logs, control access, retain records, and use approved systems. Signal does none of that in a way law enforcement can control. Messages can disappear, conversations aren’t centrally logged, and the app itself is not CJIS-certified or managed by most departments.
If officers are sharing CJI over Signal, they’re likely doing it on an unauthorized platform, without audit trails, and outside required retention policies. That creates a direct conflict with CJIS standards—and potentially with state public records laws as well.
Even more concerning, Signal is often used on personal devices, beyond department oversight. That opens the door to unauthorized access, data leaks, and a complete lack of accountability.
|
Dabble VoIP
Business phone for less |
Get Started - mention FAFO for 10% off |
Pictured Below: Battle Creek Police Deparment Signal Chat
To be clear, using Signal for basic, non-sensitive communication—like scheduling—isn’t necessarily a violation. But the moment it’s used to discuss investigations or share protected data, the risk becomes real.
And the consequences aren’t minor. CJIS violations can trigger failed audits, loss of access to critical systems like LEIN, internal discipline, and even challenges in court if evidence handling is called into question.
But the bigger issue isn’t technical—it’s cultural. When official business moves to disappearing, untraceable platforms, it raises legitimate concerns about transparency and accountability. Whether intentional or not, it creates the appearance that public records laws and oversight mechanisms are being sidestepped. Encryption isn’t the problem. Lack of control is.
And under CJIS, control is everything.
I CANNOT agree with you MORE when it comes to police corruption & how it IS casually discussed and talked about at barber shops & grocery stores ~ even at the average dinner table. I guarantee 8 out of 10 people WOULD agree there is SOME level of corruption in every department right up until it affects them directly in some way! How do they think the term Blue Wall of Silence came about? You cannot debate with ignorance, you will just end up going in circles! I DO 100% agree that once it’s “outfits ALL about deflection and shooting the messenger! If they can get people to focus on the messenger, as to who, what, where, when & how they obtained the information it takes the spotlight OFF the real problem & focuses solely on the messenger – sad! I agree with you wholeheartedly & commend you for shedding light on what most people want to keep UNDER the RUG where it was swept! To the haters,, the people who love to try and discredit the messenger… take your blinders off & look corruption in the eye, it’s the ONLY way things will ever change! I look forward to what comes next and reading what else you uncover.
Thank you for addressing an issue that concerns us all!