The other members of the five eyes had better be careful about what they share with the U.S. while this is going on.<p>Public key encryption, like Signal uses, offers good security for most purposes. e.g. It's fantastic for credit card transactions. The problem with using it for transmitting state secrets is that you can't rely on it for long-term secrecy. Even if you avoid MITM or other attacks, a message sent via Signal today could be archived in ciphertext and attacked ten years from now with the hardware/algorithms of ten years in the future. Maybe Signal's encryption will remain strong in ten years. Maybe it will be trivial to crack. If the secrets contained in that message are still sensitive ten years from now, you have a problem.<p>Anything sent with Signal needs to be treated as <i>published</i> with an unknown delay. If you're sharing intelligence with the U.S., you probably shouldn't find that acceptable.
The sheer hypocrisy<p><a href="https://www.theguardian.com/us-news/2016/sep/02/hillary-clinton-emails-laptop-thumb-drive-archive-missing" rel="nofollow">https://www.theguardian.com/us-news/2016/sep/02/hillary-clin...</a><p><a href="https://www.theguardian.com/us-news/2016/jul/05/fbi-no-charges-hillary-clinton-email-investigation" rel="nofollow">https://www.theguardian.com/us-news/2016/jul/05/fbi-no-charg...</a><p>Also:<p><a href="https://www.fbi.gov/news/press-releases/statement-by-fbi-director-james-b-comey-on-the-investigation-of-secretary-hillary-clinton2019s-use-of-a-personal-e-mail-system" rel="nofollow">https://www.fbi.gov/news/press-releases/statement-by-fbi-dir...</a><p>"To be clear, this is not to suggest that in similar circumstances, a person who engaged in this activity would face no consequences. To the contrary, those individuals are often subject to security or administrative sanctions. But that is not what we are deciding now."
Valid concerns about op-sec and personal responsibility aside, I think this is another example of why "security at the expense of usability comes at the expense of security". Official DoD communications equipment sucks, so people use the less secure, more usable encrypted communications platform when they feel they can get away with it.<p>Maybe the DoD should work on developing some internal Android and Signal forks that focus on adding additional critical security controls without impacting usability. There's an obvious desire path here.
If you're going to put a guy in charge who is completely unqualified and has a history of alcohol abuse you should at least make sure he's competent. It's actually very grating to see someone operating at this highest level of authority and treating it like its beneath them. It feels like we're watching history get written by the most entitled and inept among us.
Let's pretend you work for a non-US state intelligence agency. How would you find Hesgeth's personal computer in his office on the public Internet? A genuine thought experiment.
I think a pretty good show would be something written like West Wing, where everyone takes themselves very seriously, but with rampant, blatant incompetence. Like, not funny at all. Nothing tongue in cheek, no winks to the audience. A drama of morons.<p>Get me inside the minds of these freaks.
The contrast betweeen<p>a) beaurocrats' real comms setups (3 <i>telephones</i>, four monitors all sitting on the desk – versus mounted on arms/wall) full of clutter and sitting on an anachronism of a wood desk<p>and b) what you'd see in any "spy" movie with dark-mode graphics displaying fancy l33t charts displayed on quad-monitor setups mounted on arms, probably in a low-light setting and the beaurocrat doesn't look at the "small" monitors himself, his cronies do that, the only monitor he looks at is the single 136" on the wall used for teleconferencing with villains<p>is hilarious
I can only imagine two possible explanations:<p>1) He is avoiding some sort of corrupt signals intelligence folks from knowing what he's working on.<p>2) He is avoiding the government catching him in some corruption by avoiding the official records act.<p>Anything else?
I feel bad for the Signal devs. If they weren't personally targets for state level actors before, they are now.<p>Say what you want about the usability of DoD home grown solutions, but it was a military system backed up by military budgets and guns - civilians are less likely to be collateral damage in an attack against these systems.<p>Now, all the civilians using Signal are potential splash damage casualties in a military conflict.<p>I also suspect Signal does not have the budget, staffing, or desire to serve as a front line soldier in a cyber war; but this exposes them to military-grade risks, whether they like it or not.
If some tech geniuses wanted to improve government efficiency, one thing they could do is create secure yet easy to use collaboration software. Maybe give the app a catchy one-letter name.
Somewhat related: does there exist a technology where I can encrypt something in a manner that it can only be decrypted after a specific future date? If theoretically possible, what would it take for something like that to exist? ie. "We'd need an authority to broadcast some ongoing pseudorandom number generator that can be trusted" or whatnot.
I'm simply going to point out the blaringly obvious that has somehow missed the armchair commentariat for this whole narrative debacle:<p>1) DoD and other departments have either tacitly or explicitly approved the use of Signal for internal matters for several years now, with proper opsec.<p>2) You cannot govern exclusively from a SCIF, hence 1.
They're just going to keep hammering this dude until he bombs Iran, then MSNBC will say that he's finally grown into the role of a statesman and learned to make the hard choices.
I’m somewhat surprised to see that they use a KVM to switch between back and forth between a JWICS and SIPRNET. I would imagine it’s a special KVM as it’s essentially bridging the airgap between the two.<p>I’m guessing that’s the product in question: <a href="https://www.vertiv.com/490454/globalassets/products/monitoring-control-and-management/secure-kvm/secure-kvm-application-brief.pdf" rel="nofollow">https://www.vertiv.com/490454/globalassets/products/monitori...</a>
Not a fan of the Trump administration but I imagine the official pentagon communications systems must be extremely clunky and annoying, and about 20 years behind civilian tech.<p>During the UK Covid-19 enquiry into gov decision making at that time it came to light that most of the UK cabinet were co-ordinating via Whatsapp groups. Again, I'm not a fan of Boris and Dom Cummings but this makes some sort of sense to me. I recognise the need for government teams to have quick convenient chat available to them. Things move too fast these days to wait for the next cabinet meeting or to arrange things via a series of phone calls.<p>Similarly we can look back to Obama having to fight to keep his Blackberry in 2009 <a href="https://www.nbcnews.com/id/wbna28780205" rel="nofollow">https://www.nbcnews.com/id/wbna28780205</a>
> It is remarkable to what great lengths Hegseth went to use the Signal app, because as defense secretary he has his own communications center which is specialized in keeping him in contact with anyone he wants. This center is commonly called SecDef Cables and is part of Secretary of Defense Communications (SDC) unit.<p>... but unlike Signal, SDC respects laws requiring accurate record-keeping. And that's why this bunch of lawbreakers want to use Signal. They want to evade any and all accountability once this administration is over.
Where is the "but her emails" crowd now? There are three main issues here:<p>1. The Defense Department bans the use of Signal for everybody else. Why is that? Why is the Secretary exempt?<p>2. As we've seen it's pretty easy to add unauthorized people to what should be secure communication channels where classified information is shared; and<p>3. There are laws around the preservation of governmental records. Expiring Signal messages seems like it's intentionally meant to circumvent these legal requirements ie it's illegal.<p>We're only 100 days in. We've got 1200 more days of this.
Of course the guy needs to have an end-to-end encrypted direct line to the president. It's the president that runs the show and all decisions must go through him.
Maybe just let the man use Signal?<p>If someone gave me a whole set of locked down _windows_ computers and a bunch of achaic phone lines and told me to use them in 2025, I’d also try to circumvent such inconvenience.
I wish more people, especially media writers, would start with the presumption that "circumventing the state-approved security machine" is a _feature_ of this administration.<p>Not to pick on this in particular – nearly all the reporting on this starts and ends with "Signal is insecure" as if that was all it took to be wrong. And in other eras, that was enough.<p>The man likes Signal. For better or worse, he is the Secretary of Defense...The man we've entrusted to help coordinate our national defense.<p>There's so many questions I genuinely don't have an answer for...<p>Has Congress made it illegal to use an off-brand messaging app for secure communications? _Why_ is it insecure? What is the probability that China is reading these messages in real-time? 100%? 25%? 0.2%?<p>We need to start from the presumption that the people-in-power don't care that it's always been done this way...in fact, they have a ton of pressure to be different. But, in some cases, these people may be willing to listen to reasonable arguments which clearly establish _why_ using Signal is unreasonably worse than using US Government Issue messaging.