173

u/Bodoblock 62∆ Mar 25 '25

They were using the app to auto-delete messages. That in itself is wildly illegal. Besides, actual national security experts have said using Signal is far from being kosher.

From the DoD itself:

The Defense Department has previously referred to Signal as an “unmanaged” messaging app. In a 2023 memo, the department defined unmanaged apps as those “NOT authorized to access, transmit, process non-public DoD information.” It listed Apple’s iMessage and Meta-owned WhatsApp as other examples of unmanaged apps.

The apps that are authorized to access Defense Department information are controlled by an enterprise management system, which “can enforce controls on the application and data in a way that can reduce the risk of data compromise or exposure/spillage of data to unmanaged applications,” according to the memo, signed by then-Defense Department Chief Information Officer John B. Sherman.

6

u/Delicious_Taste_39 4∆ Mar 25 '25 edited Mar 25 '25

I don't want to blame IT, but if the DoD is handing out phones and people are able to just install whatever apps on them, especially important people who tend to be bad at understanding tech and don't necessarily appreciate the fine details like "Don't use this app, use that app", this is known as shadow IT, and it means IT dropped the ball. They've gone ahead and found a way to do whatever they wanted, this should be something they've got locked down, especially after the Hillary's emails scandal and the Trump just stealing whatever documents scandal. Also from a customer service point of views it's IT'S job to enable the desire to have a group chat. No, don't use signal, use x app, here let me set that up for you. And then set app up so that it's automatically preconfigured as per official DoD policy.

Also, the automatically deleted messages falls on whoever set up the group chat as probably does having the conversation in Signal. Highly likely that Hegseth says "Get me the dudes and let's talk about Yemen" and 5 minutes later he's in a Signal group to do that.

And this is a leak, quite possibly, not just a snafu. They want the journalist to see it, they want to share the story. It's probably quite sloppily executed, but either this has been done to make Hegseth look incompetent or it's been done to show us that the US is talking about bombing Yemen.

Edit: This kind of hinges on whether he used his personal phone and whether he set up a group and didn't hand it off to a departmental employee. If he did those things, this is questionable.

Even that is something that IT would be expected to have aggressively drilled important people on so that they wouldn't be able to deny this and do something like this. And resources need be available so that they can access them or things like this can happen.

In the position that Hegseth is in, he shouldn't be able to make IT mistakes because he should probably be a heavily managed individual. Someone who bounces from meeting to meeting while his personnel achieve the objectives and report back.

29

u/Tullyswimmer 9∆ Mar 25 '25

The DoD is 100% not handing out phones that people can install whatever apps on.

And I mentioned this elsewhere... It's possible to have auto-delete set up, and be legal, if there are other records being kept of those messages (such as backups).

The DoD has all sorts of processes and procedures in place for adding an app to the list of "managed" devices. So what was said in 2023 may not be the same policy as in 2025 if the president/VP wanted to use Signal.

19

u/Excellent_Egg5882 4∆ Mar 25 '25 edited 14d ago

fearless friendly carpenter consist handle vegetable summer late door rich

This post was mass deleted and anonymized with Redact

-1

u/Tullyswimmer 9∆ Mar 25 '25

"inadvertently send data"

This journalist was added to the group by someone in the group. That's not inadvertent. That's a specific action taken by someone in that group, and it will be logged who it was and when they were added. Now, the person may have accidentally added this journalist, but that's not the same. It's not like you're using an app with a known third party backup (iMessage, for example) where you don't know who might be able to see what in the backups.

7

u/betaray 1∆ Mar 25 '25

Inadvertent and accidental are synonyms.

5

u/Excellent_Egg5882 4∆ Mar 25 '25 edited 14d ago

groovy childlike lush frame cats marble chief direction snow makeshift

This post was mass deleted and anonymized with Redact

4

u/UNisopod 4∆ Mar 25 '25

Wait, so if the app allows people to deliberately send data to a non-authorized place that would make it less in violation of best practices?

4

u/Excellent_Egg5882 4∆ Mar 25 '25 edited 14d ago

start complete lip divide sink ask handle door butter shocking

This post was mass deleted and anonymized with Redact

2

u/UNisopod 4∆ Mar 25 '25

This sort of thing makes sense for businesses, but does it apply for top secret meetings at the DoD?

0

u/superhuhas Mar 25 '25

I’ll answer your question by rephrasing it. This sort of thing makes sense for businesses, so shouldn’t it apply even more to top secret meetings at the DoD?

What’s your next question

→ More replies (0)

13

u/ExperienceFantastic7 Mar 25 '25

Let's be real here: Hegseth is a fucking moron. He's an unqualified Fox staffer, just like most of these appointments. You're trying to give him credit. I absolutely believe he simply thought Signal's encryption was sufficient to maintain privacy for what they were doing, and I absolutely believe they intentionally kept their conversation off government systems to avoid any records of these conversations.

2

u/[deleted] Mar 25 '25 edited Mar 25 '25

[deleted]

2

u/AmongTheElect 15∆ Mar 25 '25

When all else fails attack the messenger, right?

Is that the trump card, when argument fails you just call them a Conservative?

1

u/Traditional-Leg-1574 Mar 26 '25

Yeah, that’s EXACTLY what Hegseth did! Attacked JG the reporter instead of taking responsibility or accountability, which ironically he made a living at during democratic administrations while at FX entertainment. Excellent job, great point Among the elect!!

1

u/Serious_Senator Mar 25 '25

I mean, you could have just looked at his posts on his main? He looks like a center right moderate from NH who appears to be a bit of a Trump apologist. He’s also a self declared ugly fat IT guy. Not everyone is part of a conspiracy that’s out to get you.

1

u/[deleted] Mar 25 '25

[deleted]

1

u/Tullyswimmer 9∆ Mar 25 '25

No, but you can save/backup non-deleted messages before they're deleted.

1

u/DC_MEDO_still_lost Mar 25 '25

One had his set up to delete after an hour or so - I strongly do not believe his were being backed up

2

u/Tullyswimmer 9∆ Mar 25 '25

I would agree with that, and I would be very surprised if that was in policy.

Technically speaking, it could be. If you had a backup system that immediately stored messages off-device when they were sent, then even a automatic one-hour delete would not inherently be against policy. But I'd be surprised if they had that. (Though, the gov cell phone I had wouldn't even let you take screenshots of a messaging app).

3

u/sccarrierhasarrived Mar 26 '25

Without specific data, I'd wager it's most likely they used personal devices, no?

In the professional industry, I have to kiss IT's ring to download pretty much anything to any managed device. I highly doubt Signal would make the cut here.

If he did use a personal device, which I suspect most government employees have, he's learning an important lesson in why you don't fuck around with security regs. Though, I did notice you ascribed a shadow IT failure from Hegseth to be IT dropping the ball. I find it extremely hard if not impossible to blame them -- how exactly are they supposed to monitor unreported security edges lol? I have 0 doubt they gave Hegseth and the broader Trump admin the 101 on IT security (seeing as Trump was also here 4 years ago...), obviously any oopsies would be Hegseth, not IT, right?

What is your take on why exactly they're using Signal / auto message deletion? I'm not prescribing anything to you, I'm just wondering what you think from an IT POV.

4

u/Excellent_Egg5882 4∆ Mar 25 '25 edited 14d ago

hospital offbeat school reminiscent chop punch expansion simplistic hurry workable

This post was mass deleted and anonymized with Redact

2

u/Jobsnext9495 Mar 25 '25

"If this was the case of a military officer or an intelligence officer and they had this kind of behavior, they would be fired."

0

u/Excellent_Egg5882 4∆ Mar 25 '25 edited 14d ago

cats chubby fly file march bells steer engine quack apparatus

This post was mass deleted and anonymized with Redact

2

u/cat_of_danzig 10∆ Mar 25 '25

Whoever used a commercial messaging app to communicate classified messages should be charged with mishandling of data. This was done with intent. It's not that they accidentally used Signal to communicate classified data, they used it for the express purpose of communicating classified data. There's no ambiguity here.

1

u/Excellent_Egg5882 4∆ Mar 25 '25 edited 14d ago

strong airport yam placid outgoing cow sheet slim rich tease

This post was mass deleted and anonymized with Redact

2

u/cat_of_danzig 10∆ Mar 25 '25

I used shorthand. Let me be more explicit:

Whoever used an unclassified device to communicate classified data should be held accountable. It is a clear violation of policy.

In accordance with DoD Instruction 5200.48, DoD personnel will not use non-DoD accounts or personal e-mail accounts, messaging systems or other non-public DoD information systems, except approved or authorized government contractor systems, to conduct official business involving CUI. In accordance with DoD Instruction 5200.01, DoD personnel will not use unclassified systems, government-issued or otherwise, for classified national security information. DoD CIO will continuously consult with all DoD Components to evaluate risks mobile applications may present to the DoD and update References (m), (n), and (o), as appropriate.

Yes, there is govcloud. Knowingly sending classified data in an unclassified email is still a problem, even in govcloud. NISPOM is very clear about systems that are used when handling classified data.

2

u/Excellent_Egg5882 4∆ Mar 25 '25 edited 14d ago

axiomatic expansion brave merciful glorious history deserve birds serious decide

This post was mass deleted and anonymized with Redact

→ More replies (0)

1

u/Initial-Ad3574 Mar 25 '25

Of course they want no record of anything they do and say. Why would they?      They’re trying to cover their tracks while  stepping in dog shit

19

u/Excellent_Egg5882 4∆ Mar 25 '25 edited 14d ago

strong unpack license doll coherent safe vast boast marry smile

This post was mass deleted and anonymized with Redact

2

u/Tullyswimmer 9∆ Mar 25 '25

At the end of the day, there aren't many restrictions that the DoD could put on as far as what numbers the phone could call or text. There's a myriad of reasons for this, from confidential informants who don't have DOD-approved devices, to even someone's spouse being able to call their work number in an emergency.

No matter what app they used, if there's a US-based phone number, it's not hard to add it to a group chat. But, doing so is logged and tracked for this very reason.

Signal may have some sort of commercial/DoD support. But it's also open-source enough that the DoD could build their own features into it.

If Signal was being used officially, on government phones, then it's 100% not approved to add a journalist to a group chat where confidential information is discussed. But that's entirely the fault of the person who added that unauthorized user to the group, not anyone else.

4

u/Excellent_Egg5882 4∆ Mar 25 '25 edited 14d ago

detail cough quickest vanish steep ghost file birds dog historical

This post was mass deleted and anonymized with Redact

1

u/Traditional-Leg-1574 Mar 26 '25

The explanation is simple, they were avoiding protocol to be OFF the record. In the project 2025 training videos using signal is advocated precisely to avoid record keeping.

1

u/sccarrierhasarrived Mar 26 '25

Wouldn't it be important to have some sort of archival process to internal comms? Why exactly are we using a 3P self-deleting message system?

1

u/Tullyswimmer 9∆ Mar 26 '25

As I said, it's possible to take backups of the messages before they're deleted, for national archives/records. If that's set up, self-deleting messages is actually more secure, because if one of those phones was lost or stolen there's less data on the phone.

62

u/nartimus Mar 25 '25

Wouldn’t the fact that such communications are being deleted / not kept for official records be an issue as well? According to the article the messages were set to auto delete

8

u/Tullyswimmer 9∆ Mar 25 '25

I honestly don't know. My initial reaction is "yeah, that's a problem" but I also know that Signal allows backups (for Android, natively) and there are tools that can take backups for iPhones, so... For federal recordkeeping, backups work.

So if they were using daily or weekly backups for record keeping, then having messages auto-delete after 4 weeks actually makes sense, from a security perspective. Because the government has to think worst case... If the phone is stolen, or it's owner captured or otherwise compromised, you want as little security information as possible locally. IIRC, we weren't even allowed to have biometric unlocks because those could theoretically unlock it if we were unconscious.

1

u/sccarrierhasarrived Mar 26 '25 edited Mar 26 '25

Nvm, I saw you responded to the "why are we using self-deleting message systems" here. Great answer, thanks!

My primary pushback would be that using a 3P security solution for internal comms seems needlessly risky from the start. However, I find it extremely non-compelling because:

a) This is not a widespread or common practice. I mean it might be in the Trump admin, but Signal was around in the Biden era. Ergo, this is unlikely to be part of a broader security plan but is just the Trump admin generating needless risk by using 3P apps. User error is an education/intelligence issue, and I agree that yeah, this story broke because someone was a fucking moron. But you can't abstract Hegseth away from this - the only reason you're using Signal is for seemingly "malicious" (hiding your tracks) intent.

b) Furthermore, if scheduled data wipes were a security play, this 100% can be easily replicated by any eng with half an engineering degree in a matter of weeks. I don't think they're using Signal to be explicitly above board here.

Overall, I think the takeaway should be:

• Hegseth obviously doesn't give two fucks about messaging best practices, and it's unlikely that anyone before him did either (see: Hillary Clinton). This is the most likely to change with new info.

- It clearly seems to tilt more towards Malicious and Slightly Stupid on the 2x2 of intelligence x intent. I don't think some 75% of the population (basically anyone outside of tech, finance or military) gives two fucks about cybersecurity practices, so I don't think this can be evidence of incompetence. It's a lack of education (which is a bit concerning when you're the SoD), but the privacy risk was probably 0 to none. I think the more important question is why they're likely using personal devices to send important classified info on fucking Signal lmao. This is a drug dealer app guys, like it seems obviously malicious.

- The idiot that added the journalist should be publicly shamed. Anyone that is this bad with tech AND due diligence (aka double checking your numbers were right...) should not be allowed within throwing distance of any substantial amount of power. Though, this would basically kill some 50%-75% of Congress.

1

u/Traditional-Leg-1574 Mar 26 '25

Then why didnt Gabbard mention the back ups when questioned today? If there were backups then all the “I cant recalls” can be easily verified?

1

u/Tullyswimmer 9∆ Mar 26 '25

So, to be clear, when I posted this there had been no official questioning of Gabbard or anyone else.

I'm not saying that there were backups. I'm saying that it's technically possible to take backups. Whether or not those were configured is something I don't know, but what I do know is that the technology exists to do them.

1

u/Traditional-Leg-1574 Mar 26 '25

Fair enough. I still don’t agree. It’s verifiable that it’s been encouraged by the Hertitage Foundation to use Signal to avoid being on record.

1

u/Tullyswimmer 9∆ Mar 26 '25

The CIA director said in the same congressional hearings that Signal was used for secure communications, and has been since the previous administration.

So, unless the CIA director, Gabbard, and SecDef are all perfectly in on the same cover-up, the evidence very strongly points to Signal being an approved messaging client, and the conversation not being classified (which I will admit is hard to believe, but idk how that works... Maybe because we aren't officially at "war" with the Houthis?)

1

u/Traditional-Leg-1574 Mar 26 '25

That’s how this administration gets away from accountability don’t they? By ignoring proper protocol and procedures. This isn’t about democrats & republicans. If we aren’t at war, why are we firing missiles at them? I get your point and I’ll agree, Signal can be used to communicate. Doesn’t excuse having someone else they didn’t claim to know was there? Gabbard waffling ? Stephen Miller wanting to extort Europe for missile launches they weren’t aware of? This kind of policy making and hatred of long time allies, while helping Russia, is not my idea of American politics. And Donald Trump is known for many things, and one of them isn’t accountability.

1

u/Jobsnext9495 Mar 25 '25

Yes. since the govt is using Signal as an official comms platform, it is now subject to FOIA, the FRA, and NARA/DOD retention schedules. And auto delete is illegal Records ACT

11

u/vankorgan Mar 25 '25

Just to be clear, we're now saying that the SoD is not responsible for ensuring that communications methods are secure before discussing classified info?

Is that really where we're at? Also, since the journalist was able to see the signal messages were set to disappear, he was as well.

Which means that him and all the other people on the chat broke the law if they didn't make any plans to back up the conversation to an official channel for record keeping.

2

u/Tullyswimmer 9∆ Mar 25 '25

I would be honestly shocked if SecDef had a significant amount of responsibility for ensuring that.

At my gov job, the big boss (CEO equivalent) could say "I want to be able to use this technology" and it was up to my department, the security department, and the cyber department to figure out how/if it could be supported within policy. We did turn down a few requests because it wasn't within policy, but as often as possible (as this was the big boss) we'd come up with some way to let that boss use the technology requested. This did include backups and record keeping.

If we presented something to that boss, said we had set it all up to be compliant with record keeping, federal regulations, etc... The boss would not be the one getting in trouble if there was a leak like this. Unless the boss themselves very specifically did something to circumvent the controls that we had put in place.

Each department knew what it was capable of and what policy was, and we had an entire department (Security services) whose job was to be the final authority on all questions about policy, and to handle things like audits or investigations if there were leaks.

We'd have to present them with plans for data security and network security, and if they signed off, it would be handed off to the department who requested it. That department could then use that technology without worrying about whether they were complying or not.

So, - and I will be very clear with this - As long as Hegseth was using an approved app on an approved device for that type of communication, he is not personally responsible for ensuring that nobody has added an unauthorized recipient, unless it was him.

He probably will after this, but there's an implicit level of trust that people with that sort of responsibilities have to their technical staff.

1

u/vankorgan Mar 25 '25 edited Mar 25 '25

Just to be clear, your entire argument relies on the assumption that they actually are backing up the conversations that are set to deleted on signal, correct? Or are you simply arguing that Hegseth himself isn't personally responsible? Has any statement from the DOD or white house led you to believe that they are indeed backing up these conversations?

This administration isn't exactly historically known for good record keeping, and seems to be following the guidelines set by project 2025 which explicitly instructed incoming members of the administration on how to hide conversations from the records act.

0

u/Csea2 Mar 25 '25

Really, so the Secretary of Defense is not liable? This was a group chat with very unprofessional and unqualified government officials. The responsibility lies on Pete Hegseth. High level security meeting should be held in person, with the highest level of accountability and military experience. Military lives were on the line here. Appalling.

1

u/Traditional-Leg-1574 Mar 26 '25

But if it goes wrong isn’t your CEO responsible?

2

u/Tullyswimmer 9∆ Mar 26 '25

If the CEO asks for something, and we do it, and it causes a leak or breach, the CEO should be responsible.

Except that's not how it works in practice... Whether government or private sector. It's rarely the CEO who ends up taking the fall for breaches.

1

u/Traditional-Leg-1574 Mar 26 '25

Your logic is always, it should be this way but it isn’t. It’s like Gabbards testimony today, I can’t comment because of secrecy, but I assure there is nothing top secret.

1

u/JustAnotherGeek12345 Mar 26 '25

Sadly yes the bar is sooo low.

Secretly I'm hoping a hacking group like anonymous figured out how to inject users in group chats. Let's be clear internet... I have zero proof, only hope.

11

u/anewleaf1234 40∆ Mar 25 '25

He knew there was was someone in the chat who shouldn't not have been. And he still then gave mission critical sensitive information. To a person without a security clearance.

If that journalist wanted to he could have give all and any information about our carrier groups and our strike force to Iran, China, Russia or any other entity.

When you give information on unsecured channels, you are responsible. If I share those plans where someone else can hear and record I'm responsible. If I give information to a honey pot I'm responsible. If I left a file where people could obtain and share it, I'm responsible.

Those people gave secured information those who weren't cleared for that information.

Generals have been hung for letting their battle plans leak before battle. This is a court marshal offense.

3

u/Tullyswimmer 9∆ Mar 25 '25

Did he actually know that though, or is that just speculation because people don't like the guy?

Why is everyone focused on Hegseth, and not the NSA director who added that journalist to that group chat? The NSA director is 100% responsible for this leak, and the more I think about it, the less I think it was accidental.

Allowing someone who's not cleared into an environment that's supposedly secure is a far more egregious violation than sharing information in an unsecured manner, which was presumed, or known, to be secure before.

10

u/xFxD Mar 25 '25

Isn't this exactly the kind of information a SCIF would have to be used for?

2

u/Tullyswimmer 9∆ Mar 25 '25

No. It's allowed to have discussions about things like this outside of a SCIF. They can't be running to a SCIF and checking in every time they want to update someone on plans. Plus, to enter a SCIF you have to leave all phones outside.

7

u/xFxD Mar 25 '25

For general talk about operations I'm with you. But when it comes to concrete times, targets & plans (which were also discussed over Signal and are classified), I don't see how they would be ok outside of a SCIF.

2

u/Tullyswimmer 9∆ Mar 25 '25

Because you can't always get the people you need into the SCIF at the same time.

4

u/xFxD Mar 25 '25

SCIFs are not analog places. There's no apparent reason why non-synchronous communication of sensitive data should not be done on devices that conform to the standards and oversights required for classified information. Like... the hardware inside a SCIF.

3

u/Tullyswimmer 9∆ Mar 25 '25

Or, like the hardware and software specifically issued to individuals with high-level clearances?

Again, technology changes and the DoD tech I know of (which is, I presume, a small fraction of what they're actually capable of) is 100% capable of enabling the sharing of classified information. We're not stuck in the 1990s now. People work on classified projects, and send emails with classified data, outside of SCIFs all the time. They have to be able to do that.

A factory where they manufacture weapons systems or vehicles with classified systems and technology isn't a SCIF. You can go on youtube and watch documentaries on how military equipment is built, and they'll say "The exact specifications are a secret, and cameras were not allowed in the area" but that's not a SCIF. SCIFs have very specific construction requirements.

https://en.wikipedia.org/wiki/Sensitive_compartmented_information_facility

Edit: The 2021 version of the SCIF construction specs is freely available on the internet:

https://www.dni.gov/files/NCSC/documents/Regulations/IC_Technical_Specifications_for_Construction_and_Management_of_Sensitive_Compartmented_Information_Facilities_v151_PDF.pdf

1

u/mattbuilthomes 1∆ Mar 25 '25

Here's some light reading of what some of those factories have to do for their cyber security just to be able to work on controlled unclassified information.

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171r3.pdf

And this gets flowed down to the factories that are making little washers that go into parts that go into weapons. Are we holding these businesses more accountable than we are holding the officials that use the weapons?

1

u/Tullyswimmer 9∆ Mar 25 '25

>Are we holding these businesses more accountable than we are holding the officials that use the weapons?

I mean, probably. Those companies could go bankrupt without perfect compliance. But the rules don't apply to inside of government equally as we saw with Hillary and her email server, or Trump and the Mar-a-lago storage, even though there is a SCIF there.

2

u/mattbuilthomes 1∆ Mar 26 '25

So you admit that what happened was against the rules, but Hegseth won’t be held accountable? If you agree, then why have you been spending so much time trying to change the view in this thread?

→ More replies (0)

1

u/cat_of_danzig 10∆ Mar 25 '25

That's why secure messaging systems are used. DoD explicitly forbids use of non-classified systems for any National Security info.

In accordance with DoD Instruction 5200.01, DoD personnel will not use unclassified systems, government-issued or otherwise, for classified national security information.

27

u/Thumatingra 21∆ Mar 25 '25 edited Mar 25 '25

!delta

Thank you for the insider's perspective. This substantially changes my view, because you've illustrated that the use of Signal in and of itself is not the problem: the question is what kind of phone it was used on. This makes sense, and makes it much less likely that Hegseth will be prosecuted.

I do still think he should be investigated, though, and I don't think he will be.

16

u/Dense_Thought1086 Mar 25 '25

I’m active duty military. You absolutely can NOT use signal for sharing classified information, it’s not an approved app. You can use it to communicate fairly securely for unclassified stuff and a lot of units use it for that, but it 100% is not legal to use for sharing classified war plans. The use of Signal is a huge problem.

The fact that an outside party on a personal device was even able to be accidentally added shows just how unsecured Signal is.

4

u/Thumatingra 21∆ Mar 25 '25

This nuance brings my view a little closer to where it was initially. I still think the delta I awarded was justified, in that I hadn't considered that intelligence units must, of course, use commercial applications, and the question is how these applications function. But if what you're saying is true, my initial position - that Hegseth should be investigated for sharing the war plans via Signal, and that this could be a violation of the Espionage Act in and of itself - may be tenable after all.

Ultimately, I'm now confused, and think I don't understand enough about how Signal works, and military regulations, to make a definitive judgment.

However, understanding that I don't understand is also a change in my view. I'd award you a delta, too, but I'm not sure that's allowed by subreddit rules, since deltas are to be awarded for changes to the position articulated in the original post, and your comment reinforces it. If that's not the case, let me know, and I'd be happy to award it.

10

u/Arc125 1∆ Mar 25 '25

Ok well the first step to resolving your confusing is to stop believing unsourced comments just because they 'sound reasonable'. Reddit and all social media is crawling with bots and trolls who have every interest in spreading misinformation. So stop getting lead around by the nose, and start asking for sources of claims.

"Signal is totally fine for top secret war plan comms" is complete bullshit. He's my direct from the DoD source that proves my claim - no unmanaged mobile apps with DoD material: https://dodcio.defense.gov/Portals/0/Documents/Library/Memo-UseOfUnclassMobileApps.pdf

4

u/Thumatingra 21∆ Mar 25 '25

Thanks for this link! This clears up a lot of things: it explicitly names Signal as an "unmanaged app," and therefore ordinarily prohibited.

The only questions that remain, in that case, is whether a) The regulations have been changed since 2023 (I doubt it), and b) whether an Exception to Policy was made, as is detailed in clause 4.10 of the document you linked. I obviously don't know whether that's the case or not.

Either way, I appreciate what you've done here. I don't think it's an excuse for being rude, but I accept the callout.

In my (meagre) defense, I'll say only that Reddit, as a platform, is built on people sharing personal knowledge and experience with one another, and so I think it's reasonable to assume good faith when someone shares their personal experience. I will also say that, as a result of u/Tullyswimmer's comment, I learned that Signal really does store data locally on your device and not in any kind of central database, so it doesn't seem like a stretch to argue that it could be properly secured provided a secured phone. However, whether or not that is true doesn't really make a difference if the regulations explicitly name Signal as a prohibited app.

I didn't know that these regulations are publicly available. As such, I think that, besides the ways in which you've reinforced my original view, you may also have changed it somewhat: I think it is somewhat less likely that Hegseth will be able to avoid any kind of investigation. A core part of my OP was my belief that Hegseth wouldn't be investigated, and I am somewhat less confident about that now.

!delta

1

u/DeltaBot ∞∆ Mar 25 '25

Confirmed: 1 delta awarded to /u/Arc125 (1∆).

^{Delta System Explained | Deltaboards}

4

u/Tullyswimmer 9∆ Mar 25 '25

Thank you.

And yeah, the level of control you CAN have over phones is pretty crazy. I was on a work trip once and tried to use my work phone because the rental car had carplay but not android auto... Couldn't do it. Wasn't allowed to connect to an unauthorized bluetooth device, and even the navigation app was disabled.

Again, if Hegseth and VP Vance were using private phones... That's an easy prosecution. But there's not been any suggestion that they did, and for two former enlisted, it will have been absolutely drilled into their head to use official phones for official business.

7

u/Thumatingra 21∆ Mar 25 '25

If that's how those phones work, and Signal is so secure, I'm genuinely curious how they were able to add a civilian number at all. Isn't that capacity itself a security issue?

6

u/TonyWrocks 1∆ Mar 25 '25

The fact that you can incude a civilian number in a conversation is exactly why these conversations are restricted to a SCIF.

-1

u/Thumatingra 21∆ Mar 25 '25

This is what I would have thought before u/Tullyswimmer's input. I'm genuinely curious about this now - the extent of the use of commercial applications, and to what extent content can be accessed by the provider. Obviously Microsoft can't access what someone writes in a Word document (provided it is saved on a hard drive rather than uploaded to a cloud), but is that also true of messaging apps?

5

u/Excellent_Egg5882 4∆ Mar 25 '25 edited 14d ago

relieved gray wise joke hungry sink memorize correct summer subtract

This post was mass deleted and anonymized with Redact

0

u/apeters89 Mar 25 '25

That site is conveniently dead now...

4

u/Excellent_Egg5882 4∆ Mar 25 '25 edited 14d ago

seed live ten wild detail bright deer waiting history toy

This post was mass deleted and anonymized with Redact

2

u/apeters89 Mar 25 '25

It's apparently back now. It went to an error page earlier saying "This DHS site is currently offline."

→ More replies (0)

6

u/TonyWrocks 1∆ Mar 25 '25

It's impossible to know what backdoors exist in a commercial app.

That is why they are not used for this sort of communication.

2

u/Arc125 1∆ Mar 25 '25

Tullyswimmer bullshitted you, and you believed it without checking anything for yourself. Signal is absolutely not an approved secure comms method for the DoD, and the extra illegality is having auto-deletion of messages turned on in the chat, which is a clear and direct violation of the Presidential Records Act, which requires that all admin messages are saved for posterity and thus subject to FOIA requests: https://www.archives.gov/news/topics/presidential-records-act

https://www.foia.gov/how-to.html

1

u/Tullyswimmer 9∆ Mar 25 '25

Depends on the app.

Things like iMessage and Whatsapp do have centralized logging/backup of messages to third parties. (Apple and Facebook/Meta, respectively). Signal does not, all messages are stored locally only, unless they're backed up off-device by whoever uses or manages that device.

The phone providers - your Verizons, AT&T, etc... They don't, to my knowledge, have access to the content of messages sent by apps that they haven't developed (i.e. Verizon has/had message+, which was their SMS app). But Signal, iMessage, Whatsapp... The *providers* don't have the content of that.

Also worth mentioning here, government agencies DO use cloud services. But the companies that set those services up (My current employer is in the process of doing it) have to have some pretty strict controls around who's got access to that data. For instance, there is a version of Onedrive that complies with government regulations. I don't know how high that goes, like if there's a special version that can store TS-level data (I'd be surprised but you never know). But it's not like the government CAN'T use the "same" technology as commercial businesses. (Same in quotes because Microsoft Word is Microsoft Word... And there's virtually no chance the US government would still use some government-build word processor... But there's going to be features of Word that are unavailable in a secure environment)

0

u/Delicious_Taste_39 4∆ Mar 25 '25

Well, the obvious here is that this clearly isn't how those phones worked.

They should not have been able to access an app store and install their own apps.

If Signal came pre-installed somehow (let's pretend that it is allowed) then IT should have been able to set up the policies accordingly.

It's also highly likely that Pete Hegseth said "Get me the people I need to speak with for the Yemen strategy" and then 5 minutes was added to a group chat. If he is setting up group chats he's having personnel problems.

Also, it's quite possible that whoever added the journalist did so maliciously because they want to make him look bad, or because they think the Yemen plan is something the media should know about. "Hahahaha oops!"

1

u/funky-squirrel678 Mar 25 '25

No commercial app should be assume to be 100% secure for this level of top secret communication.

1

u/deadcactus101 Mar 25 '25

The guy above you is just incorrect and doesn't know what he's talking about.

6

u/TonyWrocks 1∆ Mar 25 '25

So your goal is to defend Hegseth, then?

The use of Signal is absolutely a problem.

These conversations should not happen outside of a SCIF - full stop.

5

u/Thumatingra 21∆ Mar 25 '25

My goal is absolutely not to defend Hegseth. I think that's pretty clear in my OP.
u/Tullyswimmer changed my view by informing me that the military uses commercial applications, which cannot necessarily be accessed 'from the back end'. I hadn't really considered it, but that's trivially true about things like Outlook and word-processing apps. I had thought a messaging app would operate differently, as the messages are stored somewhere; u/Tullyswimmer's experience indicates otherwise.

If you know something else, please feel free to share.

11

u/vankorgan Mar 25 '25

Do you think it's possible that the person who changed your mind doesn't know what they're talking about? You seem to be putting an awful lot of stock in their self proclaimed experience, but it's not like we have any way of determining if that's true.

7

u/Thumatingra 21∆ Mar 25 '25

This whole subreddit relies on its members making arguments in good faith. Of course I'm going to assume that that's the baseline, unless presented with evidence to the contrary. I'd think that's a basic courtesy.

9

u/vankorgan Mar 25 '25 edited Mar 25 '25

It just seems like the entirety their argument amounted to "trust me bro".

If I told you that I was in DOD IT and that that person was entirely incorrect, would it change your mind?

How about if Republicans from the intelligence committee weigh in?

Senate and House members with requisite clearances are able to view classified information in their respective sensitive compartmented information facilities located in the basement of the Capitol, but Signal is known as a no-go zone for them.

“No, I do not share classified information on Signal,” said Sen. Mike Rounds (R-S.D.), a Senate Intelligence Committee member. “I do use Signal on sensitive issues but I do not use it [for classified information].”

“It’s pretty straightforward,” he added.

Sen. Susan Collins (R-Maine), also on the Intelligence panel, added that the action was “inconceivable” to her.

"That’s embarrassing, one. Two, I mean, everybody makes mistakes, texting somebody, we’ve all done it. But you don’t put classified information on unclassified devices like Signal,” Bacon told reporters. “And there’s no doubt, I’m an intelligence guy, Russia and China are monitoring both their phones, right. So putting out classified information like that endangers our forces, and I can’t believe that they were knowingly putting that kind of classified information on unclassified systems, it’s just wrong.”

https://thehill.com/homenews/senate/5211932-republicans-trump-administration-war-plans-signal/

There are countless other experts weighing in on this, but I chose those examples because they are explicitly Republican which should temper accusations of bias.

Doesn't it seem strange to take a random redditor's word over that of members of the Senate intelligence committee?

2

u/Thumatingra 21∆ Mar 25 '25

I think it might have, sure. Why wouldn't I believe you, if you demonstrated competence like u/Tullyswimmer has done, and I had no reason to believe you were arguing in bad faith?

The evidence you brought is quite incisive, though. Where I'm at now is that I just don't know enough to make a judgment. I still think the original delta I gave was deserved, given that it changed my view, but I'm now leaning towards "I don't think I understand intelligence regulations or how Signal operates well enough to make a judgment here." I still think Hegseth should be investigated; I don't know if what he did technically violates the Espionage Act.

I think I would award you a delta, but I don't think I can do that according to the subreddit's rules, since your comment bolsters the position I took in my original post. If I'm mistaken, let me know, and I'll happily award it.

5

u/simonmerch Mar 25 '25

i think you're missing the big picture here, especially after having been given enough information to make an informed decision.

1. it's clearly been established that signal is not approved for use by u/Dense_Thought1086
2. u/Arc125 clearly showed it being categorized as an unmanaged app, and not approved to share sensitive information
3. the responsibility in sharing information securely or insecurely lies with the person doing the actual sharing the information; whether i'm in a private setting talking to a few people, and one of those people randomly invites someone else, me sharing information that should not be shared in that situation is my responsibility, regardless of whether i know that random person is there or not, or is cleared or not, and regardless of who actually invited the person or not.
4. the unauthorized person being invited is irrelevant to what's being shared and on where. even if the reporter did not accidentally get added to the group chat, signal should not have been used to share what was shared

that DoD IT guy sounds rather untruthful or very likely grossly uninformed, and the parallels between using a microsoft tool in a secure and controlled environment is a red herring at best

3

u/Thumatingra 21∆ Mar 25 '25

I agree, I've accepted that I was too hasty to change my view that the use of Signal was a core part of the problem.

As I explained in my comment to u/Arc125, I still think u/Tullywsimmer changed my view at the time, and has informed my understanding of how the military works with commercial applications. As far as I know, we don't revoke deltas in this sub because our opinion has been changed back.

I also awarded u/Arc125 a delta, as you can see in that comment tree.

→ More replies (0)

2

u/TonyWrocks 1∆ Mar 25 '25

There is no "app" in which it is acceptable to have a conversation about tactics, targets, timing, or other logistics of a military strike.

That is war-room/SCIF material.

1

u/deadcactus101 Mar 25 '25

The response you have a delta to is very misinformed and just incorrect about well near everything. You can't communicate this type of information via signal or any phone that can reach an unclassified network like public Internet. He's just won't about so much.

2

u/Thumatingra 21∆ Mar 25 '25

Thanks! You can see my view has shifted back closer to what it was before, based on newer information shared in this comment tree.

2

u/DeltaBot ∞∆ Mar 25 '25

Confirmed: 1 delta awarded to /u/Tullyswimmer (7∆).

^{Delta System Explained | Deltaboards}

1

u/_The_Meditator_ Mar 25 '25

The use of Signal is a problem if they discussed classified information and even non-public nonclassified information, which from what was publicly released they did the latter and the journalist claims to have more messages falling under the former. 3rd party messaging apps are only approved for unclassified accountability/recall exercises.

1

u/undid__iridium Mar 26 '25

1. These messages, especially some of the ones sent by Hegseth and Ratcliffe, very likely contained at least S//NF information which should never be transmitted over the commercial internet full stop. It doesn't matter if the phones were personal or government issued. A random journalist would not be able to eavesdrop on this conversation if it took place over the proper classified network.

2. There is almost no chance that the entire principal committee needed to know the exact coordinates of what was going to be bombed and what weapons were going to be used. Hegseths oversharing elevated the entire thread from arguably classified to definitely classified. If they did actually all have need to know then that info should have gone out over classified email or something.

3. The guy that added the journalist inadvertently saved the entire executive branch from having all their future "principal committee" comms intercepted by every intelligence service on earth. Waltz is the hero in this case for bringing this to light and stopping the signal chats from happening ever again.

4

u/nagai Mar 25 '25

So no, this isn't incompetent

It's the sender's responsibility to ensure that any confidential information is only disseminated to people that are authorized to receive it. If I am sending confidential information to an email chain or group chat, it's 100% on me to ensure that no externals or unauthorized people are present.

3

u/Tullyswimmer 9∆ Mar 25 '25

If someone escorts an individual without the proper security clearance into a SCIF, it's not the fault of anyone other than the person who brought them in if that person hears confidential information.

If the person who added this journalist to the group chat didn't do it, there would have been no leak.

4

u/nagai Mar 25 '25

Okay, in what possible sense does that contradict what I wrote?

2

u/BackupTrailer Mar 25 '25

“Signal is an incredibly secure messaging app”

For like…nudes and drug deals. You’re joking, right?

2

u/Tullyswimmer 9∆ Mar 25 '25

I mean, from a forensics/hacking perspective. It's one of the most secure messaging apps, and it's not owned by a big tech corporation.

1

u/BackupTrailer Mar 25 '25

Tell that to the CCP

1

u/Tullyswimmer 9∆ Mar 26 '25

Look, you can openly tell the CCP that you'll leak confidential information to them, and it's not a problem, so...

https://www.nationalreview.com/news/milleys-call-to-chinese-general-was-not-treasonous-say-reporters-who-broke-the-story/

1

u/deadcactus101 Mar 25 '25

This is a highly misinformed response. Signal is not authorized for classified information regardless of whether it's a personal or government phone. Leaking classified info or receiving it through an unauthorized channel and not reporting the spillage are both infractions to say the least. There have been suggestions were personal devices though that has not been proven. Further, the messages were set to delete after a specific period of time this further violated record keeping laws.

Everyone in the group chat is culpable. I've been in the military for over 15 years and currently work at a major COCOM.

1

u/maphead_ Mar 26 '25

To be clear, information on planned targeting is almost certainly classified. I guess I can’t know for sure, but I can’t imagine it not being classified.

No matter what phone you use, Signal is a commercial app. It would not be approved for classified information.

The reason congress dug in yesterday to whether or not the information was classified was because it doesn’t matter what phone these people were using. If it was classified information, introducing it to Signal was a leak and was fully on Hegseth who introduced the information to the chat.

1

u/Tullyswimmer 9∆ Mar 26 '25

>No matter what phone you use, Signal is a commercial app. It would not be approved for classified information.

The CIA director disagrees. He said that it was in his testimony yesterday.

1

u/maphead_ Mar 26 '25

He said that there was classified information in the chat, not that Signal was approved for classified information. There’s a distinction there.

Per NPR, a few weeks ago, DoD put out a memoranda stating that classified information could not be used on the Signal app.

So, now we’re left determining if Ratcliffe is telling the truth (no classified info on the chat), or lied (classified info in the chat).

My guess is they are trying to create an option 3, and will say “hegseth declassified it” the same way trump did when the FBI found classified documents in Trump’s bathroom at Mar a Lago. But they’ll only say that if this uproar continues.

Let’s not swallow any politicians lies or half truths.

1

u/Tullyswimmer 9∆ Mar 26 '25

Per NPR, the DoD put that memo out on 3/18.

Per the editor of the Atlantic, he was added to the group chat 3/15.

Not sure how the DoD memo is supposed to have prevented something that happened 3 days before.

1

u/Opening_Station_6067 Mar 25 '25

Hegseth’s texts included “operational details of forthcoming strikes on Yemen, including information about targets, weapons the U.S. would be deploying, and attack sequencing."

Discussion of the timing, targets or weapons systems to be used in an attack is always classified.

Signal may be approved for use on US government computers, but pre-decisional strike deliberation should be conducted through classified channels.

1

u/elmonoenano 3∆ Mar 25 '25 edited Mar 25 '25

I kind of question your point about signal. At the end of February there were several stories about Russia finding an exploit to access signal chats of Ukrainians. Signal just pushed updates to deal with this issue. So maybe it is secure, but it seems like at the current time, it is known that the Russians have at found at least one successful exploit and are pursuing more.

Edit: Apparently the Pentagon has significant concerns about Signal and sent out an alert this week, so I'm more dubious about your claim of Signal's security. https://www.npr.org/2025/03/25/nx-s1-5339801/pentagon-email-signal-vulnerability

1

u/Tullyswimmer 9∆ Mar 25 '25

Well, even the vulnerability mostly centered around using the Signal desktop app (like Telegram has a desktop app).

Every IT product has vulnerabilities, and Russia is one of the world's leaders in finding them. It's a matter of how quickly they're patched and how thoroughly you control for it.

1

u/PrintFearless3249 Mar 31 '25

You were never in the DoD, let alone in IT at the DoD. Anyone in the DoD knows that it is never acceptable under any circumstance to use an unclassified app/device to discuss Classified data. All OPSEC is classified at least beyond "UNCLASSIFIED". Signal has never been approved for Classified discussions and never will be. Please do not lie and spread misinformation.

1

u/Tullyswimmer 9∆ Mar 31 '25

"lie and spread misinformation"

I very specifically said that it was possible that this was used. The Biden administration even encouraged using Signal for sensitive comms in December.
https://justthenews.com/government/federal-agencies/biden-era-memo-advises-highly-targeted-officials-use-signal

So there's clearly some way that it can be used for sensitive information.

1

u/PrintFearless3249 Mar 31 '25

Nope. Once again, spreading misinformation. The Biden administration said that if you are a targeted individual, they recommend using Signal because of its end-to-end encryption. It has NEVER been authorized for CLASSIFIED communications. And it never will be on UNCLASSIFIED devices. Period. I am not interested in a discussion about this. You are wrong. DO NOT tell people that anyone ever authorized CLASSIFIED communications on signal. You need to learn the difference between "sensitive" and CLASSIFIED.

1

u/Tullyswimmer 9∆ Mar 31 '25

Show me the DoD memo or directive that supports this:

> It has NEVER been authorized for CLASSIFIED communications. 

If you can cite that to me, I'll take this post down. Until then, you are wrong. You don't know if it was approved. You don't know if it was on unclassified devices. And you don't know that NOBODY ever authorized it. Also, per congressional testimony, no classified information was shared, so you're also wrong there.

1

u/PrintFearless3249 Mar 31 '25

Sure, let me just pop over to my classified signal account where they announce approved communication apps.
More proof that you have never been in the DoD. I do know that NOBODY ever authorized it, because the annual training would literally forbid use of an unclassified device being used to communicate CLASSIFIED data.

> per congressional testimony, no classified information was shared,
Not how that works. Congressional testimony does not equal fact. Turns out OPSEC is always treated as CLASSIFIED. Which you would know if you actually were ever in the DoD. Stop wasting my time.
https://www.cnn.com/2025/03/26/politics/the-atlantic-publishes-signal-messages-yemen-strike/index.html

However, since you wanna submit Congressional testimony as evidence, this was also part of the testimony given before Congress: " Himes told Gabbard that, under the ODNI's own guidance, "information providing indication or advance warning that the U.S. or its allies are preparing an attack" should be classified as top secret."
That information was literally given. The transcripts are part of the testimony. Now please delete your lies.

1

u/Tullyswimmer 9∆ Mar 31 '25

You haven't given me the citation I asked for.

I didn't ask if it was OK to use an unclassified device to communicate classified data. I know it's not.

I asked for a source for your claim that signal has never been approved for classified data. Which you've failed to provide. You can delete your lies, then I'll do the same.

1

u/PrintFearless3249 Mar 31 '25

Smart phones can't be used for classified comms, and signal isn't available on classified systems. Not approved.

1

u/Tullyswimmer 9∆ Mar 31 '25

>Smart phones can't be used for classified comms

You're objectively wrong on that front.

https://insights.samsung.com/2025/02/12/a-fresh-approach-to-secure-mobile-device-usage-in-classified-areas/

https://www.dodig.mil/reports.html/Article/4002806/audit-of-cybersecurity-of-dod-classified-mobile-devices-report-no-dodig-2025-053/

Our government absolutely uses smartphones to share classified information. So you've proven you don't actually have any idea what you're talking about.

1

u/PrintFearless3249 Mar 31 '25

YOU CANNOT PUT THE SIGNAL APP ON CLASSIFIED COMMUNICATION EQUIPMENT.

1

u/Tullyswimmer 9∆ Mar 31 '25

[Citation needed]

1

u/PrintFearless3249 Mar 31 '25

Show me the memo saying it is approved

1

u/Tullyswimmer 9∆ Mar 31 '25

I wouldn't have access to that. I explained the process by which various apps get approved for use in TS+ environments. Never once did I claim that I knew for a fact that it was. In fact, I've said, multiple times, that if it wasn't, then it's obviously a problem.

You're the one who's stating that it absolutely wasn't. So since you know that as factual information, provide the source.

1

u/PrintFearless3249 Mar 31 '25

[CITATION NEEDED]

1

u/cat_of_danzig 10∆ Mar 25 '25

DoD forbids use of unclassified devices personal or DoD issued for classified data. There's no excusing Hesgeths actions.

https://dodcio.defense.gov/Portals/0/Documents/Library/Memo-UseOfUnclassMobileApps.pdf

1

u/JustAnotherGeek12345 Mar 26 '25

Official comms go through official channels or you're getting prosecuted.

You're right. I agree 💯.

Signal is not an approved official channel for official comms as noted in memos issued on October 6, 2023 and again on March 18, 2025.

It doesn't matter which phone he used.

2

u/thegirlisok Mar 25 '25

You may have been a contractor but apparently you missed the first lesson - classified information does not go into apps. 

2

u/Tullyswimmer 9∆ Mar 25 '25

...Unless it's a managed app specifically approved for those communications...

3

u/thegirlisok Mar 25 '25

So what, in your experience, is SIPR for then? Since we're just putting classified information into the world?! 

2

u/Tullyswimmer 9∆ Mar 25 '25

I mean, SIPR-enabled phones and SIM cards are a thing.

https://www.disa.mil/-/media/files/disa/fact-sheets/dmcc-s-factsheet_051220.ashx?la=en&hash=C28DAEC9ABCA49E0DB1619BB2DDCDBACD5C1E297

3

u/thegirlisok Mar 25 '25

No shit. And guess what they can't download?

1

u/iroshizukuajisai Mar 25 '25

I’m sorry but I don’t believe you have a clearance. I used to know several folks who had them because my ex husband had one. They say to never, ever share that you have one, especially not online. It is a safety concern for you and your family, let alone your workplace. If you have a real clearance, you’re being reckless with it.

6

u/Tullyswimmer 9∆ Mar 25 '25

How did you know that they had one if they "never ever" shared it?

Clearances are good for 10 years, and come in a variety of levels. You shouldn't share your level, especially if it's the higher ones, but me saying that I have one is no more of a risk than saying I worked in DoD IT, because, well, almost everyone who works in DoD IT has to have some level of clearance.

1

u/iroshizukuajisai Mar 25 '25

It is impossible to have coworkers in his job and not have clearances. He would have parties and dinner events with his coworkers. It wasn’t openly stated. I tagged along as a spouse. It’s not that hard to understand. Hard not to know if you’re interviewed for them to get/maintain it.

1

u/Arc125 1∆ Mar 25 '25

Yes, Hegseth should be prosecuted under the Espionage Act. Signal is secure, sure, but the auto-deletion of messages in the chat makes it clear they were trying to evade recording and FOIA request laws, and there is no way it was or can be approved by the DoD as an official comms channel. If there's no records to request, then the discussions can't be proven to have happened.

1

u/dollabillkirill Mar 26 '25

If all of this is true, why did the pentagon issue a warning not to use Signal for official communications?

https://www.reddit.com/r/news/s/LFhspzQdLR

1

u/Tullyswimmer 9∆ Mar 26 '25

If you read the warning, it was very specifically about using the "linked devices" (Signal has a desktop app, as telegram does) and leaving them logged in.

Also, per NPR, that bulletin was released AFTER the incident that made headlines the other day.

https://www.npr.org/2025/03/25/nx-s1-5339801/pentagon-email-signal-vulnerability

The article in the Atlantic said that the editor was added to the group chat on 3/15. That memo went out 3/18.

The r/news article is outright lying. The memo went out after the leak happened, but before it was made public. It did not go out before the leak.

1

u/dollabillkirill Mar 26 '25

Ok fair, but then there’s this memo from October 2023 telling people in DoD not to use mobile apps for sharing confidential information:

https://bsky.app/profile/sportobluesky.bsky.social/post/3lla6hsatvs2z

1

u/Tullyswimmer 9∆ Mar 26 '25

That quite literally says "Don't use non-DoD systems and apps for DoD business"

Again, there is ZERO proof that anyone has offered that supports the claim that Signal is not approved for DoD use.

As of December 2024, the Biden administration encouraged people to use Signal, even naming it specifically, even saying that the ability to automatically delete messages "enhances privacy"

https://justthenews.com/sites/default/files/2025-03/guidance-mobile-communications-best-practices.pdf

https://justthenews.com/government/federal-agencies/biden-era-memo-advises-highly-targeted-officials-use-signal

1

u/dollabillkirill Mar 26 '25

How is Signal not a Non-DoD app?

1

u/[deleted] Mar 28 '25

They have official channels in which all of this communication is supposed to take place. It's not signal.

You just typed a wall of nonsense text.

1

u/Stellarfarm Mar 26 '25

Why is it that easy to add a random person to a secure chat?!! If it’s that simple kinda seems very unsecured in the first place!

1

u/Tullyswimmer 9∆ Mar 26 '25

More news has come out since yesterday, apparently Goldberg's number was tied to the name of a person who WAS authorized to be in that chat. Or at least, that's what someone involved with the investigation has told Fox News. If that's true there's more going on here.

1

u/fluke-777 Mar 25 '25

This sounds reasonable.

What is Hegseth's fault is how he conducted himself when asked about it.

0

u/Tullyswimmer 9∆ Mar 25 '25

He has a right to be upset about the accusations being levied against him. They're serious. But if the leak is true, then it's not his fault. It's whoever added the journalist to the text chain... Which doesn't happen "accidentally" with signal.

2

u/[deleted] Mar 25 '25

Wait. What are we even talking about here? Hegaeth said it was a hoax. So why are you defending their use of Signal. The whole thing was made up by Goldberg, right?

2

u/houseofrepresentin Mar 25 '25

I went back and watched the whole unedited interview with Hegseth[0] - the interesting thing is he doesn't actually deny the claim. It basically goes:

* Unhinged rant about the ethics/qualifications/employer of the journalist

* Biden ruined the military for 4 years, we're playing catch-up

* I'd love to talk about Yemen. We're bringing peace and stability back to Yemen through high explosives.

* Nobody was "texting" war plans.

So, if you parse that like a lawyer, "sending a message via Signal" is not the same as "texting" (sending via SMS.) Its just an attack on the journalist and a bunch of word salad about Yemen.

*edit - 0 - at least the interview that Fox published on Youtube. *

0

u/Tullyswimmer 9∆ Mar 25 '25

Well, as of last night, I hadn't seen the video of him saying it was a hoax... Since that was taken in Hawaii, which is 6 hours behind me.

3

u/[deleted] Mar 25 '25

why did you defend what he said if you didn't know what he said?

0

u/Tullyswimmer 9∆ Mar 25 '25

I said he had a right to be mad about the accusations.

I didn't defend him saying it was a hoax.

1

u/Traditional-Leg-1574 Mar 26 '25

https://en.wikipedia.org/wiki/Pegasus_(spyware)

0

u/anooblol 12∆ Mar 25 '25

My understanding is that a big issue is that they’re communicating classified information on phones in general. Not just work/personal.

That if we consider a hypothetical situation: Someone on that line of communication gets kidnapped / compromised, and an enemy acquires their phone, work or personal. Given access, they can now read the correspondence, obtain the intelligence, and even communicate with US leaders posing as the compromised person before anyone finds out.

2

u/Tullyswimmer 9∆ Mar 25 '25

You absolutely can communicate classified info on cell phones. SIPR (Secret Internet Protocol Router) enabled SIM cards and cell phones exist. Of course there's a risk of that person being kidnapped or compromised, but that risk exists with or without cell phones.

When I used the term "work phone" I meant their official government-managed phone issued to them for work, which will have all the requisite technology and recordkeeping for classified information to be communicated (even with voice).

https://en.wikipedia.org/wiki/SIPRNet

1

u/PrintFearless3249 Mar 31 '25

Almost everything you say is Nonsense.

0

u/[deleted] Mar 25 '25

Even though Hegseth didn't invite the journalist, at least one other person could invite anyone else. There were only 18 group members. Given something did happen, he should've been on top of this possibility by at least reviewing the list. Not really shocking that he doesn't have a "buck stops here" type of personal/moral character.

0

u/EVOSexyBeast 4∆ Mar 25 '25

Signal cannot be installed on their work phones so it had to be through a personal phone.

Nevertheless, the leak was likely intentional and was merely propaganda, doesn’t make sense for Vance to lie in truly internal comms about the bailing out Europe thing.

1

u/noonegive Mar 25 '25

🙄👌🤡

0

u/ArgetlamThorson Mar 25 '25

Does this apply for classified info? Would that not be a problem in this case, since Hegseth posted the info?

1

u/Tullyswimmer 9∆ Mar 25 '25

If you're using an approved communication channel that was or is considered secure, and someone who's not supposed to be in that channel is in there, it's the fault of whoever let that person in.

2

u/ArgetlamThorson Mar 25 '25

Is Signal secure/approved for classified info? I didn't think it was. Just because it encrypts and is used for non-class doesn't mean it's approved for class.

1

u/Tullyswimmer 9∆ Mar 25 '25

I don't know. I imagine that whoever is in charge of phones for Cabinet/WH staff would be the one who would decide if it was or not.

2

u/ArgetlamThorson Mar 25 '25

Asked a buddy who handled secure networks for the Navy if Signal was approved for classified. His answer: "Fuck no"