[esafak]

What is the point of using Signal if you are going to let a (foreign) company intercept your communications? I guess they wanted the UX of a commercial product instead of whatever clunky app that's approved for government. Does anyone know what the alternative was?

[sorcerer-mar]

It makes a lot more sense if you don't assume from the start these people have one iota of intellectual horsepower.

Signal is approved for government uses, just not non-public DOD information. They're supposed to use Signal for something like "hey, get to a SCIF so we can discuss details," then they discuss the details in a secure environment.

[UnreachableCode]

> They're supposed to use Signal for something like "hey, get to a SCIF so we can discuss details," then they discuss the details in a secure environment.

Sort of like the drug dealers from The Wire

[ezst]

> Signal is approved for government use

[Ref. needed]

[sorcerer-mar]

Approved for government use: https://www.cisa.gov/sites/default/files/2024-12/guidance-mo...

Not approved for non-public DOD information: https://dodcio.defense.gov/Portals/0/Documents/Library/Memo-...

[Den_VR]

Guidance from CISA (an agency within the Department of Homeland Security) does not translate to an Approval for DOD.

The DOD memo does not supersede other DOD instructions referenced by the memo requiring RMF and NIAP things.

[sorcerer-mar]

We're saying the same thing, It's "use Signal for everything you'd use Whatsapp or SMS for, and use the standard secure channels for anything you'd typically need a secure channel for."

[fiddlerwoaroof]

From last year after Salt Typhoon became public:

> Adopt a free messaging application for secure communications that guarantees end-to-end encryption, such as Signal or similar apps. CISA recommends an end-to-end encrypted messaging app that is compatible with both iPhone and Android operating systems, allowing for text message interoperability across platforms.

https://www.cisa.gov/sites/default/files/2024-12/guidance-mo...

[brookst]

As Dev_VR said, that is a recommendation from CISA to private sector users, not an approval for DOD users.

[fiddlerwoaroof]

That’s only partially true: I know for a fact that people in government agencies were given permission to use Signal during the Salt Typhoon attacks. You might not be able to use Signal for certain DOD purposes, but non-DOD agencies do permit Signal.

[pokstad]

Traditionally you would use the plain old telephone system to communicate non-classified information. All of the major telcos services (voice and text) are no longer considered secure per CISA. CISA also recommended to instead use e2e encrypted services (specifically calling out Signal).

https://investigations.cooley.com/2025/01/15/federal-law-enf...

[EasyMark]

The alternative is not installing Signal on a phone with spy software on it. They aren't "intercepting" as in man-in-the-middle. They are intercepting by spying on the personal phone where signal is. signal is just another app on your phone. If you're using it for secrets comms you'd best have minimal or no software on the phone you're using and protect it every way you know how with passwords and encryption

[coliveira]

They need to let their foreign handlers know what they're doing... It is probably in the contract somewhere.