Because The Defense Department's Secure Communications Options Don't Work For Everyone, Soldiers Are Turning To Signal And WhatsApp
from the breaking-the-rules-to-stay-in-touch dept
The military has an obvious need for secure communications. It offered its support of encryption even as the NSA tried to find ways to undercut to make its surveillance ends easier to achieve.
The problem is the military doesn't have a great plan for securing communications between personnel. Due to tech limitations the Defense Department has yet to overcome (despite billions in annual funding), soldiers are turning to third-party messaging services to communicate orders and disseminate information.
The use of the encrypted messaging app Signal is ubiquitous within the Department of Defense. Service members have received briefings about operational security (OPSEC) and information security (INFOSEC) and have taken the dangers of living in a digital world seriously by making sure that the work-related text messages they send on their cell phones are encrypted. The contradiction is that using Signal for official military business is against regulations.
Securing communications apparently means breaking the rules. The DoD forbids the use of non-DoD-controlled messaging services to handle the distribution of nonpublic DoD information. The Defense Department insists personnel use its services, but those services can't be accessed by employees who don't have military-issued cell phones. And everyone has a cell phone, so it's often easier to use third-party platforms to communicate.
When this happens, it raises the risk that unauthorized access or sharing of information could occur. It also puts many communications beyond the reach of public records requests, which often cannot access communications between privately owned devices.
And there appears to be no fix on the immediate horizon. The Defense Department is quick to point out the use of Signal and WhatsApp violates regulations. But it has nothing in place that would allow the many military members not in possession of government-issued cell phones to communicate when out in the field.
This is what the Secretary of Defense's Public Affairs Officer (Russell Goemaere) told Audacy when asked about how military members were expected to use DoD-approved communications platforms they didn't actually have access to on their personal devices.
"DoD365 provides a messaging capability that is approved for CUI and use on DoD mobile devices. The Services are in the final stages of testing Bring Your Own Approved Device (BYOAD) and Bring Your Own Device (BYOD) solutions that provide access to the DoD365 collaboration capability on service member's personal devices," Goemaere said.
It's 2022 and the Defense Department is only at the "final stage of testing" for solutions it needed years ago. Cell phone usage has been ubiquitous for nearly two decades at this point. For the Department to still be weeks or months away from a solution should be considered unacceptable. Denying soldiers access to third-party options means cutting them off from communications that can often have life-or-death implications.
This also means the Defense Department is still weeks or months away from ensuring communications subject to FOIA law are being captured and retained. The priority should still be personnel safety, but this is another downside of the Defense Department's slow roll into the 21st century.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: dod, encrypted messaging, encryption, military, soldiers
Companies: meta, signal, whatsapp
Reader Comments
Subscribe: RSS
View by: Time | Thread
Is there a real problem here or an imagainary one?
Yes, it violates regs, but it's secure and apparently works fine.
The problem here is imaginary paperwork made-up problems.
[ link to this | view in thread ]
"Yes, it violates regs, but it's /apparently/ secure and apparently works fine."
Probably doesn't meet the exact, lovingly crafted, designed here, Mil-spec. As a commercial implementation, it's probably not been through microscopic scrutiny, but "perfect is the enemy of good enough". Do the risk analysis: If it's good enough for lower levels of sensitive information, change policy, use it there and then keep the rare and expensive stuff for higher levels.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Is there a real problem here or an imagainary one?
Not a problem till:
We know there are bad actors out there who don't want encryption to start with. that won't stop your superiors from blaming you if you are private nobody just trying to learn where and when to report for duty.
Then you now have violated Op/Info-Sec and now are to blame for a spill.
[ link to this | view in thread ]
Because reinventing the wheel make sense to someone somewhere.
We have regular citizens who have access to better communication platforms than our military.
We are paying top dollar for "testing" that seems to be endless and leaves our military in the lurch.
One would think with things going sideways in Ukraine having a secure messaging system for military use to make sure messages arrive in a timely and secure manner might matter.
But hey we bought 500 more MRAPs that we'll end up handing out to police departments with 5 officers rather than manage to have secure communications.
How can the nation be safe when we can't make sure our troops can actually get orders or information they need?
But then they also refuse to make sure we live up to our responsibilities to those who put their lives on the line so they can have the freedom to keep lying to citizens that its not a real disease & leading to more deaths.
Billions of dollars on programs/gear we really don't need... but things we desperately need yesterday... well maybe in another decade of testing.
[ link to this | view in thread ]
when I enlisted I was issued a pager. Because of the construction of my government housing it wouldn't receive contacts unless it was sitting on the windowsill. And I guess since it was a device designed to be worn on your person, it didn't beep very loud when it got a message, so I failed to receive like 75% of the recall notifications in that first year.
My leadership tried to mandate cellphones but I said I wasn't going to get one unless they paid at least part of it or issued one. I've heard that some places still issue out pagers to certain personnel.
On the other hand, 2 years ago when we started to 'maximize telework' to reduce transmission of COVID it seemed like there were only about 2 weeks of the VPNs being overloaded into uselessness before my branch fixed the issue. Still not flawless but I swear my computer works better at my home office than my office office.
[ link to this | view in thread ]
Signal?
Signal, the republican message eraser. Interesting platform for secure messaging. Anyone remember the open government flap with the previous Missouri governor? Seems most of his messages went out on a certain platform, that destroyed that messages. How is that secure? Secure is that your message got to the right individuals, and the message is readable. And that you can trace back to a place. A time and action. A cya. An signal message decrypts once, and deletes that key, leaving a false trace, can that message be trusted? Was it a plant? Would you stake your career on it? Oh, and one of the latest stories from two weeks ago, was in a court case where a signal message was read out in court. Like usual, it may have a leak, or a constant drip.
[ link to this | view in thread ]
Re: Is there a real problem here or an imagainary one?
"Yes, it violates regs, but it's secure and apparently works fine."
Define "secure". Maybe the communication is secure, but you're offloading security to a third party who practices have not been approved or vetted. You're also trusting that the app itself hasn't been compromised. It sounds to me that comms that could be compromised by convincing a grunt to download your special version of the app would attract a lot of interest in some circles. If people are able to install unapproved apps on their phones then why not your spyware version?
[ link to this | view in thread ]
Interesting Computer courses
Today's era need is to make yourself skillful that's why we are here to provide <a href="https://skillhai.in/digital-marketing-course-in-delhi/">Digital Marketing Course in Delhi</ a>
[ link to this | view in thread ]
Best computer courses
Nowadays there is a need of computer courses, we provide https://skillhai.in/digital-marketing-course-in-delhi/
[ link to this | view in thread ]
Re:
As someone who wasn't able to work from home when the DoD went full telework, I can tell you they fixed the VPN problem by shutting down everything possible through the VPN and DoD network. That means for people like me, who had to go to the office, couldn't access anything to make the day tolerable. They didn't so much "fix" it as just screw over everyone who couldn't turn off the VPN to do what they wanted at home.
[ link to this | view in thread ]
Re: Interesting Computer courses
smelly spammer does not even try "preview"
[ link to this | view in thread ]