Because The Defense Department's Secure Communications Options Don't Work For Everyone, Soldiers Are Turning To Signal And WhatsApp
from the breaking-the-rules-to-stay-in-touch dept
The military has an obvious need for secure communications. It offered its support of encryption even as the NSA tried to find ways to undercut to make its surveillance ends easier to achieve.
The problem is the military doesn’t have a great plan for securing communications between personnel. Due to tech limitations the Defense Department has yet to overcome (despite billions in annual funding), soldiers are turning to third-party messaging services to communicate orders and disseminate information.
The use of the encrypted messaging app Signal is ubiquitous within the Department of Defense. Service members have received briefings about operational security (OPSEC) and information security (INFOSEC) and have taken the dangers of living in a digital world seriously by making sure that the work-related text messages they send on their cell phones are encrypted. The contradiction is that using Signal for official military business is against regulations.
Securing communications apparently means breaking the rules. The DoD forbids the use of non-DoD-controlled messaging services to handle the distribution of nonpublic DoD information. The Defense Department insists personnel use its services, but those services can’t be accessed by employees who don’t have military-issued cell phones. And everyone has a cell phone, so it’s often easier to use third-party platforms to communicate.
When this happens, it raises the risk that unauthorized access or sharing of information could occur. It also puts many communications beyond the reach of public records requests, which often cannot access communications between privately owned devices.
And there appears to be no fix on the immediate horizon. The Defense Department is quick to point out the use of Signal and WhatsApp violates regulations. But it has nothing in place that would allow the many military members not in possession of government-issued cell phones to communicate when out in the field.
This is what the Secretary of Defense’s Public Affairs Officer (Russell Goemaere) told Audacy when asked about how military members were expected to use DoD-approved communications platforms they didn’t actually have access to on their personal devices.
“DoD365 provides a messaging capability that is approved for CUI and use on DoD mobile devices. The Services are in the final stages of testing Bring Your Own Approved Device (BYOAD) and Bring Your Own Device (BYOD) solutions that provide access to the DoD365 collaboration capability on service member’s personal devices,” Goemaere said.
It’s 2022 and the Defense Department is only at the “final stage of testing” for solutions it needed years ago. Cell phone usage has been ubiquitous for nearly two decades at this point. For the Department to still be weeks or months away from a solution should be considered unacceptable. Denying soldiers access to third-party options means cutting them off from communications that can often have life-or-death implications.
This also means the Defense Department is still weeks or months away from ensuring communications subject to FOIA law are being captured and retained. The priority should still be personnel safety, but this is another downside of the Defense Department’s slow roll into the 21st century.
Filed Under: dod, encrypted messaging, encryption, military, soldiers
Companies: meta, signal, whatsapp
Comments on “Because The Defense Department's Secure Communications Options Don't Work For Everyone, Soldiers Are Turning To Signal And WhatsApp”
Is there a real problem here or an imagainary one?
Yes, it violates regs, but it’s secure and apparently works fine.
The problem here is imaginary paperwork made-up problems.
Re: Is there a real problem here or an imagainary one?
Not a problem till:
We know there are bad actors out there who don’t want encryption to start with. that won’t stop your superiors from blaming you if you are private nobody just trying to learn where and when to report for duty.
Then you now have violated Op/Info-Sec and now are to blame for a spill.
Re: Is there a real problem here or an imagainary one?
"Yes, it violates regs, but it’s secure and apparently works fine."
Define "secure". Maybe the communication is secure, but you’re offloading security to a third party who practices have not been approved or vetted. You’re also trusting that the app itself hasn’t been compromised. It sounds to me that comms that could be compromised by convincing a grunt to download your special version of the app would attract a lot of interest in some circles. If people are able to install unapproved apps on their phones then why not your spyware version?
Re: The real problem
Foia needs to be reigned in somewhat. Flexibility, security, and safety should be the primary concern of all Americans regarding troops in the field whether in a combat zone or not.
"Yes, it violates regs, but it’s /apparently/ secure and apparently works fine."
Probably doesn’t meet the exact, lovingly crafted, designed here, Mil-spec. As a commercial implementation, it’s probably not been through microscopic scrutiny, but "perfect is the enemy of good enough". Do the risk analysis: If it’s good enough for lower levels of sensitive information, change policy, use it there and then keep the rare and expensive stuff for higher levels.
No surprise. The Air Force (when it’s not outsourcing everything to Microsoft) screws up IT worse than any company _ever_ Using a desktop or laptop in the Air Force with all the _tools_ to protect it has made it a terrible place to work: https://www.airforcemag.com/fix-my-computer-cry-echos-on-social-media-air-force-cio-responds/
Because reinventing the wheel make sense to someone somewhere.
We have regular citizens who have access to better communication platforms than our military.
We are paying top dollar for "testing" that seems to be endless and leaves our military in the lurch.
One would think with things going sideways in Ukraine having a secure messaging system for military use to make sure messages arrive in a timely and secure manner might matter.
But hey we bought 500 more MRAPs that we’ll end up handing out to police departments with 5 officers rather than manage to have secure communications.
How can the nation be safe when we can’t make sure our troops can actually get orders or information they need?
But then they also refuse to make sure we live up to our responsibilities to those who put their lives on the line so they can have the freedom to keep lying to citizens that its not a real disease & leading to more deaths.
Billions of dollars on programs/gear we really don’t need… but things we desperately need yesterday… well maybe in another decade of testing.
when I enlisted I was issued a pager. Because of the construction of my government housing it wouldn’t receive contacts unless it was sitting on the windowsill. And I guess since it was a device designed to be worn on your person, it didn’t beep very loud when it got a message, so I failed to receive like 75% of the recall notifications in that first year.
My leadership tried to mandate cellphones but I said I wasn’t going to get one unless they paid at least part of it or issued one. I’ve heard that some places still issue out pagers to certain personnel.
On the other hand, 2 years ago when we started to ‘maximize telework’ to reduce transmission of COVID it seemed like there were only about 2 weeks of the VPNs being overloaded into uselessness before my branch fixed the issue. Still not flawless but I swear my computer works better at my home office than my office office.
Re: Re:
As someone who wasn’t able to work from home when the DoD went full telework, I can tell you they fixed the VPN problem by shutting down everything possible through the VPN and DoD network. That means for people like me, who had to go to the office, couldn’t access anything to make the day tolerable. They didn’t so much "fix" it as just screw over everyone who couldn’t turn off the VPN to do what they wanted at home.
Signal?
Signal, the republican message eraser. Interesting platform for secure messaging. Anyone remember the open government flap with the previous Missouri governor? Seems most of his messages went out on a certain platform, that destroyed that messages. How is that secure? Secure is that your message got to the right individuals, and the message is readable. And that you can trace back to a place. A time and action. A cya. An signal message decrypts once, and deletes that key, leaving a false trace, can that message be trusted? Was it a plant? Would you stake your career on it? Oh, and one of the latest stories from two weeks ago, was in a court case where a signal message was read out in court. Like usual, it may have a leak, or a constant drip.
This comment has been flagged by the community. Click here to show it.
Interesting Computer courses
Today’s era need is to make yourself skillful that’s why we are here to provide <a href="https://skillhai.in/digital-marketing-course-in-delhi/“>Digital Marketing Course in Delhi</ a>
Re: Interesting Computer courses
smelly spammer does not even try "preview"
This comment has been flagged by the community. Click here to show it.
Best computer courses
Nowadays there is a need of computer courses, we provide https://skillhai.in/digital-marketing-course-in-delhi/
Блог Википедия
And while, french massage and not violates practically any prohibitions, for the reason it's not about sexual contact.
Systematically visiting the four hands massage for clients, you guarantee himself excellent sexual relaxation.
The energy massage inSoho it today skill give away bliss. The Soapy massage – on the influence on clients is meant practically unlimited available opportunities actions on bodily, and consequently, and psychoemotional state of health friends.
Dear gentlemen!
In school sensual massage women will hold erotic 4hands massage. Similar swedish massage, as in principle, and relaxation, influences on some area human body, this give a chance male gain strength.
<a href=https://sites.google.com/view/perfect-relaxation>Список более 40 качественных блогов которые принимают</a>
[—-]
jim your signal comment is ansurd
signal can verify who sent you the message when you receive it and display the correct sender. it even has a verification process you can use to make it impossible for anyone to pretend to be someone they are not.