Does the Vatican have group chats?
The Apostolic See and the protocols of confidential communication
Bro Jim C Salonoy - News Moderator 
Americans are talking about confidential communications this week, after cabinet secretaries, the vice president, and other senior Trump administration officials came under fire for including a journalist in a group chat that debated, planned, and provided updates on a March 15 bombing run against Houthi targets in Yemen.
As the nuance of government security protocol — and the proper use of apps — is discussed, some Catholics have asked about the Church’s security protocols.
How does the Holy See — which is both Church and sovereign international entity — communicate confidentially? How does that work in the rest of the Church? And is ecclesiastical information especially secure?
The Pillar explains.
The Church doesn’t have “classified” information, but it does have the pontifical secret. What exactly is that?
The “pontifical secret” is the kind of confidential classification, which tends to get people interested in what’s going on. Everyone wants to know a secret, and everyone’s interested in the pontiff, so the notion of a papal secret exudes a level of intrigue that “classified” doesn’t quite offer.
But the pontifical secret has a rather banal actual meaning. In practical and legal terms, the pontifical secret is a defined level of professional confidentiality in the Church’s administrative life, which binds curial officials who work on the composition of papal documents, some canonical processes, the appointment process of bishops, and numerous other projects in which the Vatican is involved.
Violation of the pontifical secret can bring with it the imposition of a canonical penalty, and at times has included the prospect of a declared latae sententiae excommunication for violators.
The contours of the pontifical secret are not always well-defined, and are sometimes shaped as much by perception, custom, or habit than by precise legal standards.
For example, in December 2019 Pope Francis stated directly that the pontifical secret “does not apply to accusations, trials and decisions” defined in the first section of Vos estis lux mundi, which addresses clerical sexual abuse, and obstruction or negligence in the handling of complaints related to the same crimes.
While the substance of trials is still governed by the “official secrecy” delineated in c. 471, the existence of accusations or investigation would seem not to be, and the sharing of information would seem legally unprohibited.
But despite the change, Church authorities have often remained resistant to confirming even the reception of a Vos estis complaint, still less the opening of an investigation, and never the progress of a canonical process, unless they are compelled to do so by public outcry.
Still, a general ambiguity about the nature of pontifical secrecy is rampant in the Church, with bishops and curial prefects often taking very different approaches to questions about when and how to read aids or vicars into matters connected to the pontifical secret.
That, coupled with a lack of meaningful enforcement regarding official secrecy, has led to several humorous definitions of the concept, especially given the power and ubiquity of gossip in ecclesiastical circles.
One such definition, mostly tongue-in-cheek, holds that the pontifical secret means “you can only tell one person at a time.”
Another holds that the pontifical secret means: “Everyone knows but the pontiff.”
Ok. But the Church does need to engage in confidential communication, even if sometimes undefined. How do bishops communicate with the Vatican confidentially?
This question is especially important when the Church operates in countries where it is persecuted, or where governments are corrupt or controlled by criminal organizations.
In the course of their work, diocesan bishops and other ecclesiastical officials have to communicate confidentially with the Vatican all the time — about the state of the Church, about episcopal candidates, about penal cases, or complex marriage nullity cases, or about the sale and management of ecclesiastical property.
In the wrong hands, that information could be abused to the harm of the Church or to individual Christians. For that reason, much of the Church’s confidential correspondence with the Vatican is routed through apostolic nuncios — the pope’s diplomatic representatives — in nations around the world.
Because apostolic nuncios are (almost always) accredited diplomats, their communications are protected by the 1961 Vienna Convention on Diplomatic Relations, which allows them to use couriers or mail services to send home mail in locked containers that are exempt from search or seizure by a national government.
There are reasons a diocese or religious order might not send communication through the apostolic nuncio’s diplomatic pouch — the process takes longer than ordinary mail, for example, and sending something through the nuncio loops him into the communication.
But for secure communications of any kind, the diplomatic pouch is a frequently used mechanism of Holy See communications.
By the way, what’s the secret archive?
Canon law requires that every diocese maintain a secret archive, which is kept “completely closed and locked,” and to which only the bishop is to have a key. The acts of certain kinds of canonical criminal cases are kept there.
The Vatican also maintains an archive that was called the “secret archives” until Pope Francis changed the name to “apostolic archives” in 2019. The archives initially maintained the private papers of popes, and then became a repository for the official acts of the Holy See. While some sections are now opened to researchers, contemporary ecclesiastical records maintained there are not open to researchers or journalists.
What about cyber-security? How does the Vatican ensure the security of its servers and other confidential information online?
The Vatican does not publish security audits or provide specific information regarding its cybersecurity protocols. But several incidents in recent years suggest that the Apostolic See has had difficulty with cybersecurity.
In November, the Vatican’s website crashed and was unavailable for several days in some parts of the world. Spokesman Matteo Bruni said the problem was “an abnormal number of interactions” — which seemed to suggest a DDoS attack, which some officials suspected was timed to coincide with the Nov. 20 Vatican visit of Ukraine’s First Lady Olena Zelenska.
It wasn’t the first hacking incident.
In 2015, the personal data of Vatican radio journalists and the Vatican’s website was hacked twice by hacking group Anonymous.
In 2018, both the Vatican and the Diocese of Hong Kong were affected by supposedly Chinese regime-backed hackers RedDelta ahead of talks to renew a provisional agreement on episcopal appointments.
In 2022, the Vatican’s website went down a day after the pope criticized Russia’s invasion of Ukraine.
Andrew Jenkinson, CEO of British cybersecurity firm CIP, told The Pillar last year that he has been trying to warn the Holy See of their cybersecurity vulnerabilities since at least 2020.
Jenkinson showed The Pillar an analysis of the critical servers of the Vatican which were flagged as insecure and said the DNS (Domain Name System) was exposed.
“When we tried to assist in 2020 and 2021, over 90% of their websites were showing as ‘Not Secure.’ There is no excuse for such basic security failures,” Jenkinson told The Pillar.
“These websites are not secure, which means they can be easily hacked. The Vatican unknowingly has back doors into their websites and totally ignored what I told them over four years ago,” Jenkinson added.
But in addition to seemingly lax security protections, the Vatican’s security practices also give rise to concern about cybersecurity.
In 2023, confidential records from the October synod on synodality were posted to an unsecured cloud server accessible to anyone. The records included rosters of synodal participants and their working group assignments — along with the reports filed by working groups at the conclusion of the synod’s first segment of discussion.
In 2021, The Pillar notified Vatican Secretary of State Cardinal Pietro Parolin that frequent use of hookup apps within secured areas could pose a security risk for the Holy See — especially an app under Chinese ownership for four years, during which the U.S. Committee on Foreign Investment in the United States deemed the app’s ownership a national security risk to American interests.
The Pillar also confirmed that independent security experts had previously warned the Vatican about the security risks posed by the use of hookup apps in secured areas.
While the Secretariat of State initially expressed concern about the matter, it declined to provide updates about whether new security measures had been put in place.
How about the USCCB? Do U.S. bishops have a mechanism for confidential communication?
The U.S. bishops’ conference communicates with its members via a “bishops only” website, to which updates from departments, and communications from the Vatican, are periodically posted.
Several years ago, the conference enhanced its security protocols for the site, requiring two-factor authentication for bishops to login. While the move was meant to ensure security, some USCCB officials have told The Pillar that bishops have struggled to use the two-factor authentication technology, with some calling for a return to the previous password-based login system.
The controversy in the U.S. regards confidential state communication on commercial messaging apps. Vatican officials wouldn’t do that, right?
They do, in fact.
If you speak to any middle-ranking curial official in virtually any Vatican department, you’ll soon encounter a general expectation that phone calls and emails in the city state are about as confidential as the back of a postcard.
Depending on the department, cracks about phone taps and electronic sweeps may be more or less jokes — though in some offices, like the Secretariat of State, the Dicastery for the Doctrine of the Faith, or even the Dicastery for Bishops, few are laughing about it.
You only have to look back through the last few years of Vatican City scandals and trials to see that wire tapping is, if not “normal” in the curia, certainly not unheard of.
Cardinals have recorded private calls with the pope, auditors have claimed their offices were bugged, and senior officials have gone on record, admitting to using “electronic surveillance” experts to look into their rivals.
As a result, encrypted messaging apps are every bit as popular among Vatican diplomats and civil servants as they apparently are with American national security personnel.
While a few more cutting-edge practitioners, like Cardinal Angelo Becciu, are known to favor the now-popular Signal app for discussing sensitive operations, the curial favorite has long been the Facebook-owned version, WhatsApp.
Indeed, when Vatican prosecutors come knocking to serve a warrant, they tend to check a suspect’s phone quickly, to get a look at back-and-forth messaging.
WhatsApp exchanges featured prominently in the recent London financial scandal trial, and before that they provided some of the most eye-catching evidence in the so-called Vatileaks trials.
