Hacker News new | ask | show | jobs
by diego898 421 days ago
Not downplaying or defending - but I don’t understand the failure mode here - presumably hegseth had to ask someone in pentagon IT to set this up? Submit a form etc. sure he asked for something illegal* but someone actually following a set of rules had to enable this, no?

(* or against protocols, etc)
2 comments
lukev 421 days ago
The failure mode is that the Secretary of Defense unilaterally bypassed security protocols to use technology that had not been evaluated for that use case in a national security context by the appropriate experts.

It doesn't matter if he happened to use something that has a solid security model. The problem isn't Signal, it's that he ignored all the rules.

And it does have an impact, as we see in other news, because one failure mode of Signal is that it's super easy to add the wrong people to a group. Which has actually happened. Twice (at least.)

link
betaby 420 days ago
> to use technology that had not been evaluated for that use case

I'm curious what technology has been evaluated for secure communications. Are there better option?

Is MS Teams approved?

link
lukev 420 days ago
There are whole agencies dedicated to this. In this case, DISA (https://www.disa.mil/About/Our-Work)
link
firesteelrain 420 days ago
CISA actually recommended Signal.

https://www.cisa.gov/sites/default/files/2024-12/guidance-mo...

link
lukev 420 days ago
That's a recommendation on how to conduct personal/unclassified communications.

Approval for classified or military use is a completely different ballgame.

link
firesteelrain 420 days ago
Of course it’s not approved for classified use. There is a leap here until it’s been proven it’s been used for classified communications. There is no proof yet. Open to changing my mind if an authority on the topic says it is classified.
link
rasz 420 days ago
for discussing airstrike details pre op?
link
firesteelrain 420 days ago
We don’t know what was actually discussed because all we have is dubious investigative reporting from unknown sources.
link
ceejayoz 420 days ago
The texts were released. There were Congressional hearings about them. There’s video of the CIA director acknowledging their existence.

Why beclown yourself like this? Just say you don’t care.

Even Trump can’t manage denial mode for this one. https://www.nbcnews.com/news/amp/rcna197944

> "Michael Waltz has learned a lesson, and he’s a good man," Trump said Tuesday in a phone interview with NBC News.

> Asked what he was told about how Goldberg came to be added to the Signal chat, Trump said: “It was one of Michael’s people on the phone. A staffer had his number on there.”

link
diego898 420 days ago
I 100% agree - I’m only saying hegseth didn’t run an unsecured line into his office himself no?

Why didn’t some automated system say “installation of unsecured lines in this building is not possible” or similar

To be course : I didn’t think something so obviously wrong would have been allowed and enabled by several people who made this possible - removing absolutely no accountability from the person who asked for this to happen

link
lukev 420 days ago
If this happened the way it's being reported, yeah, several people should lose their jobs.

I suspect this is a case of being more afraid of saying "no" to the boss than of facing consequences for violating policy. Policies are unfortunately not self-enforcing.

Trump's been firing Inspectors General and dismantling mechanisms of internal accountability across the government, so perhaps that's a correct calculus in this case.

link
CamperBob2 420 days ago
Not downplaying or defending - but I don’t understand the failure mode here

Like so many others, this particular 'failure mode' doesn't exist if you're a Republican. What if Hillary Clinton did it? Now that would be a democracy-threatening 'failure mode.'

link