Because The Defense Department's Secure Communications Options Don't Work For Everyone, Soldiers Are Turning To Signal And WhatsApp

from the breaking-the-rules-to-stay-in-touch dept

The military has an obvious need for secure communications. It offered its support of encryption even as the NSA tried to find ways to undercut to make its surveillance ends easier to achieve.

The problem is the military doesn't have a great plan for securing communications between personnel. Due to tech limitations the Defense Department has yet to overcome (despite billions in annual funding), soldiers are turning to third-party messaging services to communicate orders and disseminate information.

The use of the encrypted messaging app Signal is ubiquitous within the Department of Defense. Service members have received briefings about operational security (OPSEC) and information security (INFOSEC) and have taken the dangers of living in a digital world seriously by making sure that the work-related text messages they send on their cell phones are encrypted. The contradiction is that using Signal for official military business is against regulations.

Securing communications apparently means breaking the rules. The DoD forbids the use of non-DoD-controlled messaging services to handle the distribution of nonpublic DoD information. The Defense Department insists personnel use its services, but those services can't be accessed by employees who don't have military-issued cell phones. And everyone has a cell phone, so it's often easier to use third-party platforms to communicate.

When this happens, it raises the risk that unauthorized access or sharing of information could occur. It also puts many communications beyond the reach of public records requests, which often cannot access communications between privately owned devices.

And there appears to be no fix on the immediate horizon. The Defense Department is quick to point out the use of Signal and WhatsApp violates regulations. But it has nothing in place that would allow the many military members not in possession of government-issued cell phones to communicate when out in the field.

This is what the Secretary of Defense's Public Affairs Officer (Russell Goemaere) told Audacy when asked about how military members were expected to use DoD-approved communications platforms they didn't actually have access to on their personal devices.

"DoD365 provides a messaging capability that is approved for CUI and use on DoD mobile devices. The Services are in the final stages of testing Bring Your Own Approved Device (BYOAD) and Bring Your Own Device (BYOD) solutions that provide access to the DoD365 collaboration capability on service member's personal devices," Goemaere said.

It's 2022 and the Defense Department is only at the "final stage of testing" for solutions it needed years ago. Cell phone usage has been ubiquitous for nearly two decades at this point. For the Department to still be weeks or months away from a solution should be considered unacceptable. Denying soldiers access to third-party options means cutting them off from communications that can often have life-or-death implications.

This also means the Defense Department is still weeks or months away from ensuring communications subject to FOIA law are being captured and retained. The priority should still be personnel safety, but this is another downside of the Defense Department's slow roll into the 21st century.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: dod, encrypted messaging, encryption, military, soldiers
Companies: meta, signal, whatsapp


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    OldMugwump (profile), 28 Jan 2022 @ 10:21am

    Is there a real problem here or an imagainary one?

    And there appears to be no fix on the immediate horizon. The Defense Department is quick to point out the use of Signal and WhatsApp violates regulations

    Yes, it violates regs, but it's secure and apparently works fine.

    The problem here is imaginary paperwork made-up problems.

    link to this | view in thread ]

  2. identicon
    Anonymous Coward, 28 Jan 2022 @ 10:47am

    "Yes, it violates regs, but it's /apparently/ secure and apparently works fine."

    Probably doesn't meet the exact, lovingly crafted, designed here, Mil-spec. As a commercial implementation, it's probably not been through microscopic scrutiny, but "perfect is the enemy of good enough". Do the risk analysis: If it's good enough for lower levels of sensitive information, change policy, use it there and then keep the rare and expensive stuff for higher levels.

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 28 Jan 2022 @ 11:07am

    No surprise. The Air Force (when it's not outsourcing everything to Microsoft) screws up IT worse than any company _ever_ Using a desktop or laptop in the Air Force with all the _tools_ to protect it has made it a terrible place to work: https://www.airforcemag.com/fix-my-computer-cry-echos-on-social-media-air-force-cio-responds/

    link to this | view in thread ]

  4. identicon
    anonymous coward, 28 Jan 2022 @ 11:54am

    Re: Is there a real problem here or an imagainary one?

    Not a problem till:

    • your phone gets confiscated by a 3-letter agency or local PD and they use tools to break the encryption.
    • you travel to a country where encryption is illegal and they take your device.
    • Or just the normal 3rd party hacker who gets a hold of certain tools out of Israel.

    We know there are bad actors out there who don't want encryption to start with. that won't stop your superiors from blaming you if you are private nobody just trying to learn where and when to report for duty.

    Then you now have violated Op/Info-Sec and now are to blame for a spill.

    link to this | view in thread ]

  5. icon
    That Anonymous Coward (profile), 28 Jan 2022 @ 12:11pm

    Because reinventing the wheel make sense to someone somewhere.

    We have regular citizens who have access to better communication platforms than our military.
    We are paying top dollar for "testing" that seems to be endless and leaves our military in the lurch.
    One would think with things going sideways in Ukraine having a secure messaging system for military use to make sure messages arrive in a timely and secure manner might matter.

    But hey we bought 500 more MRAPs that we'll end up handing out to police departments with 5 officers rather than manage to have secure communications.

    How can the nation be safe when we can't make sure our troops can actually get orders or information they need?
    But then they also refuse to make sure we live up to our responsibilities to those who put their lives on the line so they can have the freedom to keep lying to citizens that its not a real disease & leading to more deaths.

    Billions of dollars on programs/gear we really don't need... but things we desperately need yesterday... well maybe in another decade of testing.

    link to this | view in thread ]

  6. identicon
    20 years ago, 28 Jan 2022 @ 12:41pm

    when I enlisted I was issued a pager. Because of the construction of my government housing it wouldn't receive contacts unless it was sitting on the windowsill. And I guess since it was a device designed to be worn on your person, it didn't beep very loud when it got a message, so I failed to receive like 75% of the recall notifications in that first year.

    My leadership tried to mandate cellphones but I said I wasn't going to get one unless they paid at least part of it or issued one. I've heard that some places still issue out pagers to certain personnel.

    On the other hand, 2 years ago when we started to 'maximize telework' to reduce transmission of COVID it seemed like there were only about 2 weeks of the VPNs being overloaded into uselessness before my branch fixed the issue. Still not flawless but I swear my computer works better at my home office than my office office.

    link to this | view in thread ]

  7. identicon
    Jim, 29 Jan 2022 @ 6:15am

    Signal?

    Signal, the republican message eraser. Interesting platform for secure messaging. Anyone remember the open government flap with the previous Missouri governor? Seems most of his messages went out on a certain platform, that destroyed that messages. How is that secure? Secure is that your message got to the right individuals, and the message is readable. And that you can trace back to a place. A time and action. A cya. An signal message decrypts once, and deletes that key, leaving a false trace, can that message be trusted? Was it a plant? Would you stake your career on it? Oh, and one of the latest stories from two weeks ago, was in a court case where a signal message was read out in court. Like usual, it may have a leak, or a constant drip.

    link to this | view in thread ]

  8. icon
    PaulT (profile), 29 Jan 2022 @ 1:14pm

    Re: Is there a real problem here or an imagainary one?

    "Yes, it violates regs, but it's secure and apparently works fine."

    Define "secure". Maybe the communication is secure, but you're offloading security to a third party who practices have not been approved or vetted. You're also trusting that the app itself hasn't been compromised. It sounds to me that comms that could be compromised by convincing a grunt to download your special version of the app would attract a lot of interest in some circles. If people are able to install unapproved apps on their phones then why not your spyware version?

    link to this | view in thread ]

  9. icon
    Akshay (profile), 31 Jan 2022 @ 3:43am

    Interesting Computer courses

    Today's era need is to make yourself skillful that's why we are here to provide <a href="https://skillhai.in/digital-marketing-course-in-delhi/">Digital Marketing Course in Delhi</ a>

    link to this | view in thread ]

  10. icon
    Akshay (profile), 31 Jan 2022 @ 3:47am

    Best computer courses

    Nowadays there is a need of computer courses, we provide https://skillhai.in/digital-marketing-course-in-delhi/

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 31 Jan 2022 @ 8:26am

    Re:

    As someone who wasn't able to work from home when the DoD went full telework, I can tell you they fixed the VPN problem by shutting down everything possible through the VPN and DoD network. That means for people like me, who had to go to the office, couldn't access anything to make the day tolerable. They didn't so much "fix" it as just screw over everyone who couldn't turn off the VPN to do what they wanted at home.

    link to this | view in thread ]

  12. icon
    Tanner Andrews (profile), 1 Feb 2022 @ 2:37am

    Re: Interesting Computer courses

    smelly spammer does not even try "preview"

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.