[GVIrish]

Using Signal in this case is wrong and foolish full stop, and the extremely likely reason they did so is so they could escape standard government record keeping compliance (NARA).

To start with, classified information is ONLY supposed to viewed in a SCIF. Secondly, it should never be loaded onto private devices. The private phones of national security leadership would be prime targets for every hostile intelligence agency in the world. It matters little if the information was encrypted in transit if the host device is compromised.

One would have to be a fool to not trust all of the classified tools and safeguards the US government uses only to then use a commercial app on commercial phones to communicate classified data in public while stateside and abroad. Just the fact that someone could accidentally add an unauthorized person to the chat is but one reason it was crazy for them to do this.

[kelipso]

The most likely reason is convenience, not escaping record keeping.

[Libcat99]

The report includes notes on certain messages having durations set before they would disappear. This indicates intent.

[Aeolun]

Sure, but I’m willing to give them the benefit of the doubt on that count. I’m fairly sure that’s because they felt it would be safer if the confidential info they sent wouldn’t stay around.

[matwood]

It can certainly be both. Just like they have already tried to shield DOGE from FOIA transparency requests.

[anigbrowl]

Then why would you enable the disappearing messages functionality?

[KerrAvon]

Avoiding government record keeping is literally part of the Project 2025 plan.

[lesuorac]

Avoiding FOIA requests is the reason every secretary of state since Collin Powell uses private email to conduct business.

[bobtheborg]

"classified information is ONLY supposed to viewed in a SCIF"

No.

No, no, no.

Most classified information is NOT designated SCI. When classified info was mostly paper, it was placed in GSA approved safes in regular 'ole office buildings. You'd get to work, open your safe, and do your work. Most SIPRNet computers are not in SCIFs.

Heck, you can even mail classified documents via USPS. Confidential and secret documents can be sent registered mail.

[GVIrish]

SCIFs are for viewing TS materials, whether or not they are SCI. Even then, SCIFs are often employed for processing things that are only marked Secret or systems only handling Secret. But yes, if we want to be specific, Secret has a lower bar and can be worked on outside of SCIFs but still not in public or at home.

[bobtheborg]

Again, no. Not all TS material is SCI. You only need a SCIF for SCI.

"SCIFs are often employed for processing things that are only marked Secret or systems only handling Secret"

No. SCIFs are expensive. They are not built when they are not needed. They are only needed for SCI materials.

[GVIrish]

That hasn't been my experience over 20 years. I've worked in multiple SCIFS that didn't handle SCI at all.

[heyflyguy]

There are a ton of assumptions in here that have yet to be proven true.

[zdragnar]

CISA explicitly promoted the use of signal by all top government officials.

[bglazer]

This is true, but lacks specificity. Do you think CISA would recommend sharing details of imminent military operations via signal?

[acdha]

Where? They recommended it for members of the public as part of their general recommendation for end-to-end encryption but that’s a very different scenario than government employees who have official systems.

[quadragenarian]

[citation needed]

Assuming this is true, how did they determine what a "top" government official is? So if you're the SecDef you should use it but not the deputy SecDef? How would this guidance not pertain to all government officials?

[ctrlp]

Sure, those are the reasons for, but would be interesting for you to address the salient point of not trusting those government systems. I'm sure you can make the counterargument.

[GVIrish]

That doesn't really make sense. If they had strong reason to believe that the secure comms systems they were supposed to be using were compromised, using personal phones to communicate outside of SCIFs is very, very far from what any competent person who understands and is briefed on the threat environment would do. Note that none of the people involved are making that argument because it would make them look even more incompetent.

[ctrlp]

Not arguing it was the best choice. But, I'm curious, if you were in the position where you had strong reasons to believe the official secure channels available to you were compromised by your political opponents who were leaking information received via those channels to undermine your policy initiatives, and needed to act and coordinate nonetheless, what would you do?

[digdugdirk]

Follow the SOP (and the law) and use a SCIF.

What they did is illegal. Any rank and file that did the same would be in prison for a decade, no questions asked.

In general, it seems like you're trying to "3d chess" incompetence into strategy, but try taking a step back and looking at it with clear eyes. This was a bad decision, plain and simple. Nobody is taking responsibility for it, and that makes it worse - these people are in charge of the largest intelligence and war machine on the planet. This is not okay.

[jandrewrogers]

The reality, which people are not acknowledging here, is that what they did may not have been according to official policy but it has been normal and pervasive for decades. It isn’t partisan, everyone does it. This is how DC works and the American public just got an education.

As a consequence, any enforcement now would be viewed as extremely selective.

I have been exposed to a lot of classified information in meetings in DC that were supposed to be unclassified. This isn’t an isolated incident, it has been a systemic issue across every administration for as long as I’ve worked in DC.

People should focus less on the incident and more on why this has been normal for decades.

The underlying tension is that doing things the official way is extremely slow and speed matters. There is a longstanding bias toward taking more risks in terms of information exposure because being slow carries its own significant risks. Speed of decision making is critical and that has proven to be impossible if every interaction has to happen inside a SCIF. It is a tension the intelligence community is still grappling with.

[rcpt]

I don't believe this is normal.

[ctrlp]

I'm not doing anything of the sort. The kind of problem I'm flagging in is experienced every day by governments all over the world. Would anyone disagree? People on here who want to put their heads in the sand about it are just being political when there is a legitimate technical topic to discuss. The point is these aren't "rank and file" actors. They are at the top of political leadership. Those rules don't apply at this level of power politics so why get bogged down in such thinking?

[Hojojo]

Because laws should matter. Laws should apply to members of government too. Unless you're suggesting it's totally fine for Trump and his administration to be above the law. In which case the whole discussion is moot, because then it's not a democracy with a functioning rule of law anymore.

[lesuorac]

> What they did is illegal. Any rank and file that did the same would be in prison for a decade, no questions asked.

IIUC, the "rank and file" go to prison for violating their NDA. At the highest level these people are appointed and don't have an NDA which is why senators / representatives can leak without punishment.

[giantrobot]

> But, I'm curious, if you were in the position where you had strong reasons to believe the official secure channels available to you were compromised by your political opponents who were leaking information received via those channels to undermine your policy initiatives, and needed to act and coordinate nonetheless, what would you do?

Here's a pretty good order of operations when your policy breaks the law or is so odious as to feel the need to hide it from other duly elected representatives in government:

1. Stop breaking the fucking law.

[ctrlp]

"The law" is for you and me. It can resolve contract disputes and punish some crimes. This is politics. It's a different order, and a category error to conflate the two. The sooner one disabuses oneself of having no distinction between the political and the legal, the sooner the world starts to make sense. Law at this level is lawfare (law as political weapon), not the normal proceedings of justice. Justice at this level is the rule of the stronger. Accept it and move on to more interesting political analysis. Or be trapped in an inescapable despair about the violations of the "rule of law."

[Hojojo]

Why would you put rule of law in quotations like that?

The rule of law matters. Even if it doesn't matter to you or Trump.

[chihuahua]

I would use a private service like Signal, and make sure to add a journalist that will leak information to undermine my policy initiatives - obviously! (because I'm a genius)

[GVIrish]

So you're using the word 'compromised'. In this context that would mean malware, unauthorized access, circumvented logging, etc. If someone thought this was happening the answer would be to lock the system down, perform forensic audits, and prosecute anyone who compromised these systems.

If you're talking about fear of leakers, the response to that is to tighten the distribution of information and start a counterintelligence investigation.

In any case the simple risk calculus is, what is the risk of adversaries getting a hold of this information and causing grave and lasting damage to national security and death vs the risk of political rivals leaking something. Pretty simple decision there and one that any cabinet member should get right.

[lmm]

So what would the smart move have been in that case?

[matthewdgreen]

If the CIA and NSA (let alone Russian and Chinese intelligence) are illegally spying on you, your civilian phone is toast. You shouldn't be ordering DoorDash on the thing.

[mmooss]

Imagine the resources the Chinese and Russian governments devote to accessing these phones. The value to them could be trillions of dollars and/or existential differences in national security outcomes. The owners have to assume they are hacked, and that China and Russia know where they are going to dinner (which itself is a problem - they know who is meeting with who and when).

[threeseed]

The administration has not made this argument though. You have.

So why should we default to the position of not trusting those systems when every previous administration has used it without issus.

[ctrlp]

Many people are making the argument that this administration is unlike all previous administrations. I infer you disagree with that.

[kelipso]

The argument is that there are many organizations in the current government, a lot of them independent agencies, that are politically aligned against the Trump administration. Many people in these organizations have backdoor or spying access to government communications, and so members of the Trump admin can't trust government systems for communication.

[abeyer]

I'd be interested in knowing which independent agencies have backdoored the military's operational communication channels. Wasn't aware that was a well known thing.

[unholythree]

So why did this conversation needed to be kept from malign rogue anti-Trumpers in the NSA (who would be risking very real jail time) but did not require the basic level of OPSEC that would keep the editor of the Atlantic out?

[kelipso]

Is this really such a strange thing to be concerned about? Snowden, NSA, etc...people remember. It’s well known that Trump’s campaign team was spied on by the FBI. Government is just a bunch of people, some of whom have strong political leanings, so intra-government leaks, spying, sabotage can happen and in all likelihood do happen.

[ctrlp]

You're trying to reason with the unreasonable. There are some very short memories on here. Or people being willfully obtuse.

[threeseed]

But this is an unfounded conspiracy theory you’ve made up.

There is no evidence, reporting etc that says the government has deliberately compromised the government’s own secure systems. And for what purpose is beyond me.

[ctrlp]

Yes. Thank you for making it succinctly.

[hkpack]

So they choose worse - to use untrusted channels?

This is a phenomenal level of stupidity - to use illegal channels of communication because of the bad vibes they are feeling from other people?

Did it help? How many adversary spy agencies has duplicate signal accounts for these officials and see all of the communication live?

I think some foreign leaders probably are reading summaries of these messages in complete disbelief and amusement.

[threeseed]

Once again you are making this assertion.

No one in the Trump administration has come out and said the secure systems can’t be trusted.

[nitwit005]

They are the government. You're suggesting trusting a third party over trusting themselves.

[ctrlp]

The government is not a unitary entity. The Constitution provides for three branches of government explicitly to offset each other's power. And the civil service is essentially a 4th branch of government. Just replacing the titular heads of government does not guarantee any ability to control the body. Witness the outpouring of protest at "the government's" attempts to control "the government" via DOGE. They are not the same.

[unethical_ban]

I'd love to hear how a modern national elected government can function without executive agencies, and how those agencies resist strongman corruption and ensure stability without guaranteeing the independence of some roles.

[nitwit005]

I'm aware of the branches of government. It's not relevant. Neither is protests, as no one is in the streets protesting about government secure communication policies.

[anigbrowl]

I mean, the conversation included references to materials sent on 'the high side' (classified-material email systems). If they consider those systems secure, what's the point of using Signal instead?

[ctrlp]

I don't think it was a particularly good tactic, but if there was some motivation, it may have been more about political sabotage than foreign adversaries. I think that is the more interesting conversation, personally. What do you do if your political (domestic) antagonists control your comms? This question applies to all sides politically. Signal itself is promoted for "activist" use cases to protect comms from domestic antagonists. I'm presenting a similar dilemma. If one part of the government, (e.g., the military) controls secure comms, then another (e.g., the political) may have no choice but to opt-out. This problem is maybe better seen in the context of another country. It may be "too close" for us to see it clearly in the U.S. Other countries face this problem all the time, and Signal is used for the same reasons. I find it an interesting security problem.