[donnachangstein]

> The users (i.e. high level U.S. officials) did no due diligence.

But why would they? It's not their job. They have massive IT staff supporting them. "High level U.S. officials" are just executives; the pointy-haired bosses to the pointy-haired boss. Only difference is these wear little decorative pins over their breast pocket.

Every Fortune 500 company has dedicated IT staff for execs; someone you can call 24/7 and say "my shit's broke" and they respond "we just overnighted you a new phone".

These people couldn't even install an app on their MDM-controlled device, now the narrative has become we expect them to be making low-level IT decisions too?

Next week we'll be scrutinizing Pete Hegseth's lack of thoughts on rotating backup tapes.

[Jedd]

> ... narrative has become we expect them to be making low-level IT decisions too?

I think that's a misdirection.

The narrative is that:

a) they were using a compromised piece of software

b) they should not have been using that software - not (necessarily) because it was compromised, but because it wasn't US DoD accredited for that use case.

(I understand your point that these guys are not tech savvy, and do not need to be, but they should be regulation-savvy (clearly they either are not, or willingly broke those regulations), and they should be following organisational guidelines that presumably cover the selection and use of these tools types.)

[da_chicken]

Yeah, and the purchase approval process is in place specifically so that someone who knows what to look for has looked at it and verified that it's an acceptable configuration.

This is the exact same problem as Clinton's blackberry enterprise server. Doing it right was hard and time consuming, so they ignored that and did what they wanted.

Only we should be a lot more demanding that our officials in 2025 have a better basic understanding of the importance of computer security than in 2005.

[nkrisc]

> now the narrative has become we expect them to be making low-level IT decisions too?

If their staff makes bad decisions, that’s their failure too.

We expect them to be ultimately responsible for what happens on their watch.

Was it Truman who said, “Woah, don’t bring the buck anywhere near me, it stops with my assistant”.

[microtonal]

It is too early to tell, but given that these people openly attack scientists and other experts (they don’t agree with), I wouldn’t be surprised if they ignored advise of their IT experts.

[input_sh]

It's not too early to tell, we knew from the beginning that the use of Signal (let alone its clone) was not authorised to be used for such communications.

Yes, there's a fleet of people who are supposed to make such tech decisions. The people involved specifically went against those rules. The existence of a group chat using an authorised app is a violation on its own, adding a journalist to it is a violation on top of a violation.

Adding a journalist was accidental, but using such an app (despite it not being approved) is very intentional.

[cornholio]

IT staff that knew it was illegal to provide them tools for a conspiracy were fired or silenced. So the only people left were their cronies, who instantly complied with their illegal request, to the best of the cronies' abilities. For such national failures, the buck has to stop at the very top, not on some IT monkey.

This is typical for highly corrupt governments and autocracies, they crumble from within because the autocrats can't trust random, competent people so their inner circle becomes saturated with people who are selected on the basis of loyalty not competence, and these people end up making the most important decisions and running the country.

[3rdDeviation]

Would tend to agree with most of that, but I think the assertion is Petey needed to ask his IT leadership to do the due diligence before diving in, not that he needed to decide using his own depth of skills and experience.

I assume he did and they said it was a bad idea - the memo they'd released a few weeks prior about Signal vulnerabilities seems to suggest a lack of faith in that approach - but he was already banging away on his phone with all the grocery reminders and definitely not battle plans he needs to keep pushing out. Which is also how it feels in the enterprise space these days.

Strange thing to see our bureaucracy start to behave like a corporation instead of the other way around.

[hristov]

Their massive it staff provides them with a way to communicate securely and they ignore it deliberately so that their communications are not preserved for history or for future court cases.

[TeMPOraL]

One man's low Integrity (in the "CIA triad" sense) of communications is another man's improved plausible deniability.