A lot of tech people here are obviously unfamiliar with the history of this. They used to use Gmail for nominally unclassified communication. Several years ago they unceremoniously dropped Gmail for all purposes, without much explanation. It was mostly replaced with Signal.<p>I originally started using Signal almost entirely as a side effect of this transition. It was blessed as a preferred choice of the US intelligence community for unclassified comms many years ago. And a lot of classified comms if we are honest. If you worked in the US government, you needed Signal.<p>This isn’t a value judgement, just an acknowledgement of reality. Given this, it would be weird if they didn’t have Signal installed.
Signal can be used to arrange meetings, but secret materials like war plans need to be in SCIFs<p>Everybody that saw that usage of Signal and didn't shut it down should face the normal consequences, in addition to the consequences that a leader undergoes for such terrible decision making.
I'm not saying this in humor, I'm genuinely curious ... how do they handle Signal's absence of FIPS validation and FedRamp certification? Signal isn't even capable of being FIPS validated, the core cryptography is off NIST piste.
Nice feather in the cap.<p>But do they send the <i>really</i> sensitive stuff over it?<p>Or, rather, <i>do the competent people</i> send really sensitive stuff over it?
Serious question: how would it be different if JD etc al used a "proper" secure comms app? Perhaps it would be harder to add a random journalist, but they could still accidentally add the wrong government official (maybe).