Steve, keep casting light on this topic. This thread is going to have legs, and it is good to have the technical and procedural topics laid out to understand. Thank you.
Great post and great companion to yesterday. Very informative.
I use Signal for some work stuff. Obviously my work does not involve real time discussions about military targets.
I would only add that “disappearing message” is a signal feature but not a default feature. IOW, you have to intentionally activate it for the message(s) in question. (Ie the entire chat can be per usual, then you start “disappearing messages” at some point, then can end it at a later point, but the chat can continue after you turn off disappearing messages).
I think you make a great point and a great distinction. Giving a civilian inadvertent access to that info is egregious. But simply having that type of convo on that platform is independently egregious, even if Goldberg had not been included (although we would then have been none the wiser).
But then as I said yesterday, I don’t think principles is a strong suit of current admin.
Thanks for listing the shortcomings of Signal. Maybe our politicians and bureaucrats will take notice and develop secure alternatives. I agree with one guy interviewed on Fox who said no alternative based on a commercial smart phone platform could be made truly secure.
Signal is secure and fine. You can't make a perfectly secure system as long as you have morons using it however they please, including adding the wrong people to the wrong groups.
As for the "no alternative" thing - the source code to Signal is open source, so there's nothing stopping an enterprising gov't supplier from "forking" the code to create a version that has all the Federal certifications one would want. I'd be interested to see to what extent compliance with those certifications actually made Signal a less secure product for its intended use case.
Thanks. Way out of my league. You know a lot more about the subject than I do but I remain skeptical of smart phones. I might be one of the last smart phone owners in the USA that refuses to do anything involving money on cellphones. Not even ordering and prepaying a pizza.
I'll order a pizza on a smartphone, but I've pulled off all the apps that directly touch money, such as banking, credit cards, Venmo, etc.
Too many criminals in Chicago kidnapping folks, forcing them to unlock their phones, and then drain their accounts while they threaten the owner with injury for not revealing pass codes and PINs. (I also religiously use a password manager for this same reason, with a password that is unintelligible.)
This gets to the crux of the issue, though. While Signal itself will secure communications so that messages cannot be wiretapped, it is NOT designed to thwart an adversary that has physical access to you or your device. It's useful to protect your communications, but won't do anything to thwart an ICE agent, foreign power, or anyone else in a position to inflict violence on you from accessing your communication transcript.
There are platforms for accessing confidential information remotely that involves not actually bringing the document/text itself onto the device, and from some of the details surrounding this scandal there have been agencies that use Signal solely to alert someone to the presence of a document in another system.
The broader point, of course, is whether systems like Signal are worth the trade-off in terms of security vulnerabilities.
Thanks. I use very few cell phone apps and none of them involve finances or personal information other than my phone number and address. When I did have a job protecting Top Secret and Cryptographic materials everything was contained in a shielded facility with no phones. Cellphones did not exist. Any documents or equipment entering or leaving the facility were in the custody of a courier. Some required two couriers. I guess that shaped my conservative approach to such things.
Steve, whatever the technical context, the amateurs hired to run our national security for their dogma, broke the law, embarrassed the nation internationally, and set off a chain of events where even our allies, not our enemies, will not trust. If isolation is the goal, these clowns who used signal to hide their intimate conversations, breaking the law, have succeeded.
Not necessarily everyone. Hegseth for sure. However, Jay told me about an interview with John Bolton about this topic and who should resign. He said apparently the senior person in the chat was VP JD Vance and perhaps he should resign. 😂
They're all willingly using a non-approved application that deletes messages (with the particular thread set to delete messages after 1 week) in violation of record keeping laws.
(We can likely start getting into the "I don't recall" BS from Gabbard and Ratcliffe to, since the events were literally within the past two weeks and they'd just had their memory refreshed from the very article in prompting the questioning in Congress)
Self disclosure - Am a full supporter of much of the work this new administration is engaged in. I worked with/for the DOD long (+10 years) ago. Worked extensively with DOD approved coms apps. Watched folks who made unintentional mistakes in using unapproved apps get terminated from their careers for those mistakes. And finally, believe strongly that Ms Clinton should have been prosecuted for using non-gov approved apps while engaging in gov. business.
The clowns engaged in this shit-show (Sec Dev etc) should be terminated with extreme prejudice. First for outright stupidity. Second, for endangering ops and personnel. And third, to establish a standard of expected conduct/line in the sand that NO ONE should be allow to cross without consequences. My 2 cents.
Really good and informative post.
Steve, keep casting light on this topic. This thread is going to have legs, and it is good to have the technical and procedural topics laid out to understand. Thank you.
Great post and great companion to yesterday. Very informative.
I use Signal for some work stuff. Obviously my work does not involve real time discussions about military targets.
I would only add that “disappearing message” is a signal feature but not a default feature. IOW, you have to intentionally activate it for the message(s) in question. (Ie the entire chat can be per usual, then you start “disappearing messages” at some point, then can end it at a later point, but the chat can continue after you turn off disappearing messages).
I think you make a great point and a great distinction. Giving a civilian inadvertent access to that info is egregious. But simply having that type of convo on that platform is independently egregious, even if Goldberg had not been included (although we would then have been none the wiser).
But then as I said yesterday, I don’t think principles is a strong suit of current admin.
Very well reasoned. I have to agree that the counterpoints are probably reflexive rather than principled.
Unfortunate that the people given opportunities to prove their critics wrong did the opposite in this case.
Thanks for listing the shortcomings of Signal. Maybe our politicians and bureaucrats will take notice and develop secure alternatives. I agree with one guy interviewed on Fox who said no alternative based on a commercial smart phone platform could be made truly secure.
Signal is secure and fine. You can't make a perfectly secure system as long as you have morons using it however they please, including adding the wrong people to the wrong groups.
As for the "no alternative" thing - the source code to Signal is open source, so there's nothing stopping an enterprising gov't supplier from "forking" the code to create a version that has all the Federal certifications one would want. I'd be interested to see to what extent compliance with those certifications actually made Signal a less secure product for its intended use case.
Source: https://github.com/signalapp
Thanks. Way out of my league. You know a lot more about the subject than I do but I remain skeptical of smart phones. I might be one of the last smart phone owners in the USA that refuses to do anything involving money on cellphones. Not even ordering and prepaying a pizza.
I'll order a pizza on a smartphone, but I've pulled off all the apps that directly touch money, such as banking, credit cards, Venmo, etc.
Too many criminals in Chicago kidnapping folks, forcing them to unlock their phones, and then drain their accounts while they threaten the owner with injury for not revealing pass codes and PINs. (I also religiously use a password manager for this same reason, with a password that is unintelligible.)
This gets to the crux of the issue, though. While Signal itself will secure communications so that messages cannot be wiretapped, it is NOT designed to thwart an adversary that has physical access to you or your device. It's useful to protect your communications, but won't do anything to thwart an ICE agent, foreign power, or anyone else in a position to inflict violence on you from accessing your communication transcript.
I will have to try a password manager on my PC, but I will never trust cellphones.
There are platforms for accessing confidential information remotely that involves not actually bringing the document/text itself onto the device, and from some of the details surrounding this scandal there have been agencies that use Signal solely to alert someone to the presence of a document in another system.
The broader point, of course, is whether systems like Signal are worth the trade-off in terms of security vulnerabilities.
Thanks. I use very few cell phone apps and none of them involve finances or personal information other than my phone number and address. When I did have a job protecting Top Secret and Cryptographic materials everything was contained in a shielded facility with no phones. Cellphones did not exist. Any documents or equipment entering or leaving the facility were in the custody of a courier. Some required two couriers. I guess that shaped my conservative approach to such things.
Steve, whatever the technical context, the amateurs hired to run our national security for their dogma, broke the law, embarrassed the nation internationally, and set off a chain of events where even our allies, not our enemies, will not trust. If isolation is the goal, these clowns who used signal to hide their intimate conversations, breaking the law, have succeeded.
Looks like the display of the Admin's lack of accountability triggered Goldberg to release everything:
https://archive.is/vnPIk
Everyone on that Signal chat should be fired or resign.
Not necessarily everyone. Hegseth for sure. However, Jay told me about an interview with John Bolton about this topic and who should resign. He said apparently the senior person in the chat was VP JD Vance and perhaps he should resign. 😂
They're all willingly using a non-approved application that deletes messages (with the particular thread set to delete messages after 1 week) in violation of record keeping laws.
(We can likely start getting into the "I don't recall" BS from Gabbard and Ratcliffe to, since the events were literally within the past two weeks and they'd just had their memory refreshed from the very article in prompting the questioning in Congress)
Get rid of 'em all.
Self disclosure - Am a full supporter of much of the work this new administration is engaged in. I worked with/for the DOD long (+10 years) ago. Worked extensively with DOD approved coms apps. Watched folks who made unintentional mistakes in using unapproved apps get terminated from their careers for those mistakes. And finally, believe strongly that Ms Clinton should have been prosecuted for using non-gov approved apps while engaging in gov. business.
The clowns engaged in this shit-show (Sec Dev etc) should be terminated with extreme prejudice. First for outright stupidity. Second, for endangering ops and personnel. And third, to establish a standard of expected conduct/line in the sand that NO ONE should be allow to cross without consequences. My 2 cents.