How to Entirely Miss the Point of Signal in Order to Blame It

&gt; He signaled his intent for the group to contain sensitive info by turning on disappearing messages.<p>This product reviewer has elided what &quot;sensitive info&quot; means. The participants are required by law (the Federal Records Act of 1950 and it&#x27;s updates) to preserve records. These records may be sensitive info now, but not in 25 years, when it may be automatically declassified.<p>A product-minded engineer trying to channel Norman should know to look at all of the roles involved, including in this case the archivist.<p>&gt; I wondered: Is Signal even appropriate for this scenario?<p>&gt; Let’s define the scenario as: “A large group chat in which sensitive information is shared with a trusted set of collaborators”<p>Let&#x27;s define the scenario as &quot;a set of collaborators with authorized security clearance and devices&quot;, in which case we see immediately that Signal is a completely inappropriate solution.<p>&gt; I think it’s plausible that most of the (non-techie) people in the chat didn’t realize the risk they were taking.<p>What they did was illegal (and the military action they organized was a war crime).<p>If they cared about risk, they would follow the security training they were supposed to get, instead of feeling themselves above the law.<p>&gt; if Signal had somehow convinced the government not to use it, they would have avoided this headache.<p>&quot;The government&quot; here is doing a lot of work. Parts of the government said that Signal was not appropriate for top secret communications.<p>If government security training wasn&#x27;t able to convince these high-level people to not use Signal, what could Signal-the-company do?<p>&gt; it’s useful to imagine what they might do to expand into that use case<p>None of which are relevant to the actual scenario.

Signal was partly created with the use case in mind of political activists who may know each other informally, through loose social ties, and who might not always even know each other&#x27;s offline identities.<p>It&#x27;s also great for secure conversations among small groups of family and friends.<p>It seems right to me that the story of how to use Signal for professional collaboration within an organization is underspecified and underexplored. In other government (and some corporate) contexts there&#x27;s historically a centralized PKI and centralized IT management, but Signal hasn&#x27;t embraced that because you shouldn&#x27;t have to trust anybody as an intermediary, and you should be able to communicate securely with anyone you choose.<p>I think those are the right ideals for humanity-in-general, but if you happen to be the actual government you probably <i>can</i> trust some parts of the government to help set up your communications security. The resulting top-down security plan may never mesh well with Signal&#x27;s design, though. Imagine trying to convince the Signal developers that users should be able to opt in to trust a PKI (and maybe even opt out of trusting contacts outside of that PKI!). That would probably be a terrible decision for most Signal users, but probably a pretty appropriate decision for some government Signal users!