Comment by ctrlp
8 months ago
In my opinion there are at least two ways to interpret this:
a) It's an unintentional opsec failure. Perhaps there was an address book collision with another intended user. Perhaps it was fat-fingered. This seems likely.
b) It was an intentional leak. Perhaps overtly, perhaps covertly, by one or more of the channel members for unknown purposes. This seems less likely as there are better ways to leak with less blowback risk.
Regarding using Signal in the first place. Yes, this seems like bad opsec, but it's possible that the current admin working groups don't trust the official secure channels and assume they are compromised and they are being spied upon by their own or foreign agencies. That seems very likely, given the circumstances. In which case, it is still a possible opsec failure, but perhaps a less bad risk than trusting operational security to known adverse agencies. This is the more interesting case, imho, since the assumption on here is largely that these types of coordination should be happening on official government channels. But "government" is not necessarily a unified collective working towards the same goals. If you have a strong suspicion that agents within your own team are acting against your goals, then of course, you have to consider communicating on alternative channels. Whether that's to evade legal restrictions or transparency, like with the Clinton email servers, or to evade sabotage, I'm not judging the ethics, just considering the necessity of truly secure communication.
Is that trust in Signal justified? It suggests members at the highest security clearances believe Signal is not compromised. Are they correct? In any case, clearly there are more ways to fail opsec than backdoors.
Using Signal in this case is wrong and foolish full stop, and the extremely likely reason they did so is so they could escape standard government record keeping compliance (NARA).
To start with, classified information is ONLY supposed to viewed in a SCIF. Secondly, it should never be loaded onto private devices. The private phones of national security leadership would be prime targets for every hostile intelligence agency in the world. It matters little if the information was encrypted in transit if the host device is compromised.
One would have to be a fool to not trust all of the classified tools and safeguards the US government uses only to then use a commercial app on commercial phones to communicate classified data in public while stateside and abroad. Just the fact that someone could accidentally add an unauthorized person to the chat is but one reason it was crazy for them to do this.
The most likely reason is convenience, not escaping record keeping.
The report includes notes on certain messages having durations set before they would disappear. This indicates intent.
1 reply →
It can certainly be both. Just like they have already tried to shield DOGE from FOIA transparency requests.
Then why would you enable the disappearing messages functionality?
Avoiding government record keeping is literally part of the Project 2025 plan.
11 replies →
Avoiding FOIA requests is the reason every secretary of state since Collin Powell uses private email to conduct business.
"classified information is ONLY supposed to viewed in a SCIF"
No.
No, no, no.
Most classified information is NOT designated SCI. When classified info was mostly paper, it was placed in GSA approved safes in regular 'ole office buildings. You'd get to work, open your safe, and do your work. Most SIPRNet computers are not in SCIFs.
Heck, you can even mail classified documents via USPS. Confidential and secret documents can be sent registered mail.
SCIFs are for viewing TS materials, whether or not they are SCI. Even then, SCIFs are often employed for processing things that are only marked Secret or systems only handling Secret. But yes, if we want to be specific, Secret has a lower bar and can be worked on outside of SCIFs but still not in public or at home.
2 replies →
There are a ton of assumptions in here that have yet to be proven true.
CISA explicitly promoted the use of signal by all top government officials.
This is true, but lacks specificity. Do you think CISA would recommend sharing details of imminent military operations via signal?
Where? They recommended it for members of the public as part of their general recommendation for end-to-end encryption but that’s a very different scenario than government employees who have official systems.
[citation needed]
Assuming this is true, how did they determine what a "top" government official is? So if you're the SecDef you should use it but not the deputy SecDef? How would this guidance not pertain to all government officials?
Sure, those are the reasons for, but would be interesting for you to address the salient point of not trusting those government systems. I'm sure you can make the counterargument.
That doesn't really make sense. If they had strong reason to believe that the secure comms systems they were supposed to be using were compromised, using personal phones to communicate outside of SCIFs is very, very far from what any competent person who understands and is briefed on the threat environment would do. Note that none of the people involved are making that argument because it would make them look even more incompetent.
23 replies →
If the CIA and NSA (let alone Russian and Chinese intelligence) are illegally spying on you, your civilian phone is toast. You shouldn't be ordering DoorDash on the thing.
1 reply →
The administration has not made this argument though. You have.
So why should we default to the position of not trusting those systems when every previous administration has used it without issus.
17 replies →
They are the government. You're suggesting trusting a third party over trusting themselves.
3 replies →
I mean, the conversation included references to materials sent on 'the high side' (classified-material email systems). If they consider those systems secure, what's the point of using Signal instead?
2 replies →
For a tech forum, this take is pretty darn close to once again giving bad/dumb actors benefit of the doubt backed up by zero.zero% technical logic by claiming they’re actually playing 4D OPSEC chess.
They replace “ideologically compromised SCIFs” with…… 18 separate iOS devices that I’m sure are on 18 separate OS/app versions and device postures and…
Got news for you - want to compromise e2e encryption and Signal? You do it via what they did. So no, they are not correct.
Yeah Signal isn't the issue - it's the phones. In the end Signal was probably easier and faster to use while a bit more secure than WhatsApp but one has to presume that a chunk of those phones have been compromised for months.
They can bake any Tom Clancy style excuse they want. They broke the law and they're incompetent. Even if you want to ignore one, they still need to go. Making mistakes like this anywhere else would cost you your job.
It may or may not be bad security (I lean toward a rather than b), but it definitely violates record-keeping requirements. Deliberations of public officials might need to be classified, but they should definitely be recorded. If you're using disappearing messages to auto-erase records of conversations, it's a kind of fraud upon the public.
Using Signal is very very very intentional. They may have fat fingered an invite but that does not excuse the whole skirting-all-natsec-protocols.
Option (a) 100%.
This is an abysmal mistake on the big stage for a bunch of new people on the job. That it is the intelligence community makes it feel so much worse.
"abysmal mistake" makes it sound like this wasn't a considered action and willful disregard for both op-sec and the law. There is zero chance these guys didn't know what they were doing...
At minimum, Mike Waltz is retired special ops, Rubio has had high-level clearance for ages from his time in the Senate, same for Gabbard in the House. None of them responded "Hey, this is poor op-sec and illegal, perhaps take this to an approved messaging service?"
Im not defending anything here but i also know how unsophisticated executives are and these guys are for sure not technical savvy people. Normally handlers do all the orchestration. I mean it looks pretty clear they chose to work outside the standard operating channels.
1 reply →
“Abysmal” mistake seems excessive.
Basically a journalist was added to a discussion group of high ranking politicians.
This journalist is well known within those circles and has plenty of access to those people regardless.
The conversation may have been war plans, but the action is pretty uncontroversial across both parties, and went off without a problem so the impact of the leak was nil.
Seems like a great topic for making political hay, but twins that a mistake that can be easily corrected.
Fine, deeply embarrassing on an international front that your highest level intelligence agency can't do Op Sec securely.
I can't imagine having my personal secure commentary being put out into the public and I don't have national security under my belt.
> Is that trust in Signal justified? It suggests members at the highest security clearances believe Signal is not compromised. Are they correct? In any case, clearly there are more ways to fail opsec than backdoors.
If you new that Signal was secretly a front by the CIA/NSA then you'd feel pretty comfortable using it.
Secretly? Surely you're not suggesting people on Signal Foundation's board are intelligence assets? Surely, you're joking. That could never, ever, ever be the case. Why would you say such things.
FWIW, Signal has been the de facto semi-informal chat app throughout the US intelligence community for many years. I first started using Signal several years ago because I needed it to chat with people in DC.
European governments do the same but with WhatsApp.
I've had a similar experience.
stop lying
They are being spied upon, by the future, on purpose. That's why we have laws regarding records retention, open meetings, etc.
Lincoln famously suspended the law of habeas corpus (due process) for the purposes of preserving the Union and his ability to govern, and many consider him to be one of our greatest statesmen. There is no government on earth that can function "in the open". Secrecy is a requirement. Go ahead and try to plan an office party without some "need to know" organizers and see what kind of trouble and interference you stir up.
You missed the part about "spied on by the future".
"it's possible that the current admin working groups don't trust the official secure channels and assume they are compromised and they are being spied upon by their own or foreign agencies"
Jesus Christ, this is dumb. Using a civilian app with civilian phones is literally the best way to get spied on, by either "your own" or foreign agencies. These people are going to get us all killed in a nuclear first strike.
> These people are going to get us all killed in a nuclear first strike.
Not sure how leaking state secrets is risking nuclear annihilation - unless they invite Putin or Xi mistakenly in their Signal Group and plan to bomb Moscow or Beijing but the coziness of the current administration with these 2 countries is certainly not making this scenario realistic at all.
Instead the reality is likely more boring: they just accelerate American decline
Don’t kid yourself that coziness makes anyone safe. We’re always one radar fluke away from a mistaken launch. And the more confident any adversary is that they can eliminate leadership, the higher the probability something terrible happens.
Please don’t reassure yourself by thinking that putting total incompetents in power is making anyone safer.
> It was an intentional leak
I don't see how this would work. If you're the leaker, do you just add the journalist to the group yourself? How are you going to explain that? I think there are more anonymous ways to leak stuff than adding someone else to the group chat. Or does signal not show who added someone?
I have not read this article, but I saw the headline this morning.
I am reading it now.
https://www.ibtimes.co.uk/signal-app-owned-china-it-safe-use...
Edit: nothing to see here.
"So, is Signal App owned by China? The answer is no... Signal is run by the Signal Foundation, a non-profit based in San Francisco... Amidst this controversy, it's crucial to remember that Signal's roots are firmly planted on American soil, dispelling any notion of Chinese ownership."
This leak proves that the trust in Signal is not justified. Yes, their crypto didn’t fail, but the system did. If you’re having a classified conversation electronically, you really want the system to check that the participants are supposed to be privy to this information. If some rando is in the chat, there should be a big, loud “some rando is in the chat, don’t share any secrets” alert.
Obviously, Signal is not meant for this sort of thing, so it has no reason for such a feature. It’s not a failing of Signal, but it’s not fit for this purpose.
With the level of disdain for Europe in the leak, it’s hard not to think b.
There are other ways to "fake leak" information than having to look like an incompetent idiot at the end. Plus, what they said on Europe is not breaking news, they say pretty much the same on open channels - even when they face directly Europeans (e.g. last Munich conference)
Yeh, not quite the same level of frankness though. The trouble is this vaporises the veil of pretence that stern words on the surface were really backed by an unshakable relationship at it's foundation, and that leaves European leaders with nothing to hide behind to convince their electorate it's worth placating the US as they'll look pathetic. So, they're now left with no choice but to fight fire with fire.
I don't think using Signal is the biggest problem in terms of security, though it's against the rules to use something not explicitly approved.
The bigger security problem is that it was being run on devices that evidently weren't limited to secure communication tasks (such devices wouldn't have a journalist in their contacts). That suggests at least some people were using personal phones, which seems like a terrible idea.
if you think the national security infrastructure is untrustworthy, you need to fix the national security infrastructure. getting elected doesn't mean you get to create your own private government - we call that a revolution, not an election.
but of course, this lot thinks the existing government is all corrupt / deepstate.
Democratic elections are always potentially mini-revolutions. That's the risk of democracy.
>It was an intentional leak. Perhaps overtly, perhaps covertly, by one or more of the channel members for unknown purposes.
It was Mike Waltz who invited Jeff Goldberg to connect on Signal. It seems inordinately unlikely that he would have been uninvolved if it was an intentional leak.
None of your conjecture matters: it is blatantly illegal to use commercial apps to discuss classified information.
You can debate the seriousness of this sometimes. When it comes to impending military action though, revealing when and where US personnel will be conducting an operation in the future, there really is no debate. This is gravely serious.
> Is that trust in Signal justified? It suggests members at the highest security clearances believe Signal is not compromised. Are they correct? In any case, clearly there are more ways to fail opsec than backdoors.
Once upon a time, I was visited very forcefully by the FBI at 0600. They used a battering ram to gain access to my domicile.
During the "interview" that took place later that morning, they requested some information from me. I told them that the information was contained in Signal conversations between two recipients, and the messages in question have "disappearing messages" turned on. tldr; the messages are no longer available.
Relevant parts of conversation that followed:
me: "Do you have signal?"
agent: "I have it on my phone if that's what you mean."
me: "No, do you HAVE it - as in, do you have access to messages sent between other parties?"
agent: "If we do, I am unaware of it, and we certainly don't 'have it' with regard to this matter."
Take that for what it's worth.... my takeaway was that they(the FBI at least) have not compromised Signal. This was late in 2019 for context.
The other takeaway...be careful who you trust. That all happened because I trusted someone I shouldn't have.
I think there is likely a difference between what the FBI does to someone they want info pretty badly from vs what <insert state actor> does to someone that they have determined is a keystone to one of their national adversaries.
If they did have some kind of collection capability around Signal, they likely would not have risked burning it on you.
> If they did have some kind of collection capability around Signal, they likely would not have risked burning it on you.
I've always thought the exact same thing. The harm was ~800m USD to a private company. Sounds big, but it's nothing compared to actual state sponsored anything.
Just to add some more (possibly useful) context from the encounter....
The FBI was not able to unlock many LUKS secured devices - at all. They had zero success over approx 30 days, and had to explore alternative methods to obtain key material.
The FBI was not able to decrypt blowfish2 (ie vim -x).
The FBI was not able to decrypt ccrypt secured files (ie aes256).
2 replies →
I'd go with b: They've been talking for a while about finding information leaks, and the messages themselves seem a bit staged. They probably did it intentionally with different people, with slightly different wording, and because of which version got published they just identified a leak.
A barium meal is for finding leakers within an organization. IF you send material to a journalist, unsolicited, and they report on it, what exactly have you established?
Like, do you think they did the same thing with multiple journalists in an attempt to see who would publish and who would keep their mouths shut?
Bear in mind, when you join a Signal group you don't see the conversation history from before you arrived, only the live updates that take place during the time you're a member. Also, anyone in the group can view the list of group members and receives notifications about people being added to/removed from/leaving the group.
My guess would be the journalist wasn't the one being tested, it was one of the other members. Adding the journalist would be how it was leaked.
1 reply →
This doesn't make any sense. They were the ones who added the journalist to the chat. The chat wasn't covertly relayed to a journalist by one of the members.
That would require coordinated competence. Testing for these kind of leaks is much easier with paper than live chats too