Cause SIPR, JWICS, GIANT etc… are nearly impossible to access - to the extent where for SCI info (which is arguably the level of data they were passing) they constrain you to having to communicate in a certified SCIF
The SecDef has a bunch of SCIFs but even NSC staff don’t to the same degree.
People pass TS/SCI data outside of the system regularly - congress is notorious for this and I have personally had multi year operations shut down because a congressman talked about it at a hearing.
I know of plenty of parking lot “SCIF” and sneakernet SCI conversations because time was an issue
The reality is this admin doesn’t care about the structures that the national security community is statuatorily mandated to use, but there’s nobody that is going to do anything to them about deviating.
Classified networks suck to use, anyone who can get around it does. The fact that its the secdef and nsc and they got busted just demonstrates that they view their behavior as more important than the system.
Left to the viewer to determine if thats a good tradoff
The thing is, it's up to the official classification officer to decide on how far is too far for classification down and this administration loves to short man everything so likely they decided it wasn't an issue, but it is, and someone should be blamed in my opinion since that is that official's job.
You can go around legally too just ask what is and isn't considered classified by derivative.
Most OCAs are 2-3 stars and are marginally aware of what they are signing
Rescinding or otherwise ignoring OCAs and caveats as an appointee, NSC officers or especially cabinet level person (don’t get me started on elected officials who have zero respect for classified information ntk) is basically an embedded privilege of rank
SIPR is easy to access, there are terminals all over. We had SIPR laptops in cabinets no one ever used. TS/SCI not so much, but there are still SCIFs on every military base and there are a lot of those. Not having access to proper facilities is a bad excuse for the people who work with the president.
SCIF (Wikipedia): A sensitive compartmented information facility (SCIF /skɪf/), in United States military, national security/national defense and intelligence parlance, is an enclosed area within a building that is used to process sensitive compartmented information (SCI) types of classified information.
I doubt FOIA is even a concern considering this is classified information. I think they're more worried about investigations by a future DOJ or by a future Congress since they can look at this information (if it's not deleted, that is)
FOIA requests can be made against formerly-classified information. But it's beside the point; any(?) non-classified information/communiques in government are subject to FOIA. Plenty of non-classified info in that chat and the ones we still aren't privy to.
I think the idea is they would configure Signal to delete messages after a few weeks, which bypasses FOIA because the records may not exist by the time someone requests them.
Doesn't "bypass" FOIA, it violates it. Even if the app is configured to do it for them automatically, they're actively deleting public records and violating the law by doing so.
Not all unclassified can be FOIA’d. There are exemptions to FOIA, that aren’t “it’s classified “. And there are things that aren’t “records” according to DoD records management regulations, and so would not be FOIAble, because they wouldn’t be a record to get.
Lack of oversight, too much power, failing checks and balances.
It's not unique either; the former prime minister of the Netherlands, Rutte, insists on using a Nokia phone and plain text messages, refusing to divulge what is in those messages and deleting them as there's limited space, thus not adhering to any archival requirements.
My guess that the actual secure government messaging services are a pain to use vs. Signal that's on your phone in your pocket, and these people don't really value security over their own convenience. They did share some of the details over actual secure systems ("you should have a statement of conclusions with taskings per the Presidents guidance this morning in your high side inboxes"), but I guess when the attacks were starting, it was easier to just blast them on Signal.
You can joke about Microsoft Teams not being a real messaging platform, but running it on a network that's physically separated from the Internet is quite effective at keeping random journalists out of your chat groups.
In practice? You are issued a special, secure phone expressly for connecting to the network which is not physically connected to the internet. Many details of e.g. CsfC are unclassified; you can read the architecture pdfs.
That only explains that Signal was considered safe and allowed on their phones not that it was an authorized medium for sharing confidential information.
Genuine question: I get that there’s usually an expected/different process, and (obvs) the ability to add the wrong person is a problem (!) but is there a fundamental practical reason that their using Signal is/was a problem?
The reason that there's an "expected" process is because the people who were hired to think deeply about security got together and, for a bunch of reasons including "(obvs) the ability to add the wrong person is a problem", decided that the process should be something other than Signal. I'm not sure if we know all of the reasons they made that decision, but I think we can infer a few:
- all communication must be stored for legal purposes
- all communication must be on secure government hardware
- the entire security infrastructure must be operated by the government
Thanks for your interesting reply. Some of this is what I was getting at with "fundamental" and "practical":
> all communication must be on secure government hardware
> the entire security infrastructure must be operated by the government
...only matter practically, if the Government hardware and infrastructure are guaranteed to be more secure than the alternative, also considering the fallibilty of the users. And while I appreciate that iPhones and Signal likely aren't infallible, I'm not sure we know what level of absolute trust to place on Government-supplied hardware or infrastructure provided by whoever got the contract?
Signal is end-to-end encrypted. One end is the Signal app on your phone. The other end is the Signal app on their phone. The Signal app is developed by people, using computers. Both of those things can be compromised, neither of them are under the perview of the U.S. security agencies.
I would put the market value of a backdoor into all Senior White House communications as certainly >$10B, and probably >$100B, limited only by how long the buyer believed it would be a reliable source of intel. (it may be better to offer it as a subscription service.)
At that point everything should be assumed to be compromised until demonstrated to a reasonable degree of confidence that it's probably safe. A random install from an app store is not that.
> I would put the market value of a backdoor into all Senior White House communications as certainly >$10B, and probably >$100B, limited only by how long the buyer believed it would be a reliable source of intel. (it may be better to offer it as a subscription service.)
Yes - how much would Russia, China, or Iran - and US allies - pay to know what the US is planning? What secrets the US has - strengths and weaknesses. It could be existential for their countries. They even could cash in on market-moving information, and even if they wouldn't pay $100B, so could investors.
But I don't know if I'd try the subscription model with state intelligence agencies. It exposes you indefinitely, rather than take the money and disappear; they won't like you having access to the valuable information; they can just take what you have; they are very dangerous.
According to the article: “ the White House had authorized the use of Signal, largely because there is no alternative platform to text in real time across different agencies, two people familiar with the matter said.”
Because now _this_ party is in power and controls the systems and information, but in 4/8/12 years _that_ party will be in power and a good-willing-mistake-making-bureaucrat may leak these 'by accident/mistake/etc' if they are properly recorded on a gov-controlled system.
But the auto-delete-after-1-week messages from Signal would never be recovered (unless someone is logging all that data and in the future will be able to crack it).
