U.S. national-security leaders included me in a group chat about upcoming military strikes in Yemen. I didn’t think it could be real. Then the bombs started falling.
Nice piece, but the author clearly doesn’t understand encryption.
If you dont care about anonymity or availability, Signal is a fine place to discuss confidential topics like diplomacy or war. Encryption works, and open source tools are the most secure ones
Edit: they should probably run a private server, though. Just to make sure the userspace is limited somewhat and doesn’t include literally anyone in the world.
Signal is not a suitable venue for hosting national security discussions. It’s all laid out in the article that it goes beyond encryption.
Information about an active operation would presumably fit the law’s definition of “national defense” information. The Signal app is not approved by the government for sharing classified information. The government has its own systems for that purpose. If officials want to discuss military activity, they should go into a specially designed space known as a sensitive compartmented information facility, or SCIF—most Cabinet-level national-security officials have one installed in their home—or communicate only on approved government equipment, the lawyers said. Normally, cellphones are not permitted inside a SCIF, which suggests that as these officials were sharing information about an active military operation, they could have been moving around in public. Had they lost their phones, or had they been stolen, the potential risk to national security would have been severe.
The tldr is that the endpoint is insecure. These discussions should not be done on a mobile device, it should not be possible to participate in or view the contents of the discussion out in the open, and it should not even be possible to accidentally invite 3rd parties that were not cleared.
This article goes further in displaying that participants are not adhering to data retention standards, either, to no surprise.
It’s a fascinating article, and really is a revealing example of how profoundly inept this regime truly is.
Well obviously nobody should be using personal devices for this. Thats not an issue with Signal.
Its the same issue as Trump using his personal cell phone’s torch to illuminate a top secret document at a dark-lit party in Florida while he was showing off his Intel to a foreign diplomat (lots of things wrong with this, but note that pointing the torch at the document necessarily means pointing the camera at the document )
Nice piece, but the author clearly doesn’t understand encryption.
If you dont care about anonymity or availability, Signal is a fine place to discuss confidential topics like diplomacy or war. Encryption works, and open source tools are the most secure ones
Edit: they should probably run a private server, though. Just to make sure the userspace is limited somewhat and doesn’t include literally anyone in the world.
Signal is not a suitable venue for hosting national security discussions. It’s all laid out in the article that it goes beyond encryption.
The tldr is that the endpoint is insecure. These discussions should not be done on a mobile device, it should not be possible to participate in or view the contents of the discussion out in the open, and it should not even be possible to accidentally invite 3rd parties that were not cleared.
This article goes further in displaying that participants are not adhering to data retention standards, either, to no surprise.
It’s a fascinating article, and really is a revealing example of how profoundly inept this regime truly is.
Well obviously nobody should be using personal devices for this. Thats not an issue with Signal.
Its the same issue as Trump using his personal cell phone’s torch to illuminate a top secret document at a dark-lit party in Florida while he was showing off his Intel to a foreign diplomat (lots of things wrong with this, but note that pointing the torch at the document necessarily means pointing the camera at the document )