
82nd Airborne unit told to use Signal or Wickr on government cell phones - danso
https://www.militarytimes.com/flashpoints/2020/01/23/deployed-82nd-airborne-unit-told-to-use-these-encrypted-messaging-apps-on-government-cellphones/#.XinQapgtOkY.twitter
======
Kalium
Given how much of that $700B is likely to go towards developing such a system
- likely somewhat less than all of it - and the general care towards usability
in DoD-built systems? I think it might not be a wildly unreasonable position
to take. Doubly so when you consider that DoD procurement and development
practices are not widely renowned for being quick.

With those in mind, and that Signal already exists, it's worth considering if
there's actually something for the DoD to gain by sinking millions of dollars
and years of time into developing and maintaining something new that might not
be an improvement. The answer might legitimately be "No, that's not worth it".

~~~
IIAOPSW
I suppose I'll take a shot at a counterargument.

The problem with the military using an off the shelf system like Signal isn't
the tangible features (re: encryption, usable ux). The problem is one of
control. What happens when the government gets into a dispute with Signal
(say, over a warrantless wiretap) and Signal decides in protest that it will
no longer have any DoD affiliated customers? What happens when, through a
series of shell companies and legal loopholes, a controlling stake in Signal
ends up in Chinese or Russian hands?

From the PoV of the DoD, owning the system from end to end is a feature they
shouldn't compromise on, even if the other features suffer and it costs more
than it otherwise would.

~~~
solotronics
You are assuming Signal is not already subverted by US Gov.

~~~
closeparen
You don't use covert intelligence capabilities to satisfy enterprise IT policy
controls.

"Oh don't worry about TLS interception for the office firewall, we can break
RSA anyway" is not how a bureaucracy thinks. Come on.

~~~
ryacko
>not how a bureaucracy thinks. Come on.

Conspiratorial bureaucracies operate that way. Trust no one, allow nothing
that can be used to undermine...

Read Memoirs Found in a Bathtub.

------
jpeg_hero
Are we witnessing the start of the combat iPhone? These devices are
staggeringly useful, I guess it just makes sense that they find their way into
this aspect of human life as well.

> Squad: the #1 small unit combat App

>What's New in 3.14: Enhanced Scout/Recon route setting- select up to 7 types
of perimeter security

>In-App Purchase: Unlimited "Friendlies" List - avoid unwanted friendly fire
incidents.

~~~
anon73044
CGI Federal/Raytheon has been working on something like this for the last 5-6
years for (AFATDS)

~~~
CapricornNoble
I'd argue that ATAK is closer to a "combat iPhone" system than AFATDS, which
is uniquely focused on field artillery coordination.

[https://en.wikipedia.org/wiki/Android_Tactical_Assault_Kit](https://en.wikipedia.org/wiki/Android_Tactical_Assault_Kit)

~~~
masterjefferson
I've worked on ATAK. It is a very capable combat tool.

~~~
mirimir
How do they secure baseband?

------
jandrewrogers
This has been rolling out for a couple years across parts of the US
government. The primary objective, as I understand it, is to eliminate the
pervasive use of WhatsApp and Gmail for unclassified communication for
security reasons.

~~~
Bahamut
The ironic part is the military lives on regular text messaging as it is.

------
AcerbicZero
ATAK already has several hundred thousand end users, and is likely going to
continue growing in popularity in the domestic environment. Extensions of the
FBCB2/BFT concept have been none stop since the 90's really. The tactical cell
phone has already found its place on the modern battlefield.

This directive however, likely has nothing to do with combat. Its more likely
related to trying to maintain some semblance of OpSec when things which
shouldn't be sent over these cell phones ends up being sent over these cell
phones _and_ to help avoid every other private from texting mom/dad/gf things
which will then be immediately leaked, by reminding them of the "seriousness"
of the situation.

------
rejectfinite
"told to"

Why do they not have some MDM like InTune or Knox and have the apps they need
pre-installed and the phone locked down to prevent any other apps from being
installed?

~~~
dogman144
the acquisitions procedure to do that would be a nightmare

~~~
crooked-v
I can alrady imagine a three-year waiting list to get new apps remotely
installed, which then inevitably fails under common international travel
circumstances.

------
aneutron
Everyone here is speaking like there HAS to be a backdoor for the messages to
be auditable, forgetting that they could modify the application to abide to
some sort of device management strategy that uploads a backup to some server
when connected to a LAN for example.

Signal already gives encrypted backups with a password you see one time when
setting up. I imagine you could easily modify that to lock the app with tye
Android administrator shenanigans, and then periodically upload incremental
backups.

The messages would of course remain encrypted but the key would be in the IT
administration's hold.

I believe the end-to-end part of Signal is very interesting if you consider
the whole NETWORK to be hostile, but that both ENDS are friendly once
authenticated.

I can see a very FoA-friendly implementation of this.

It always seemed kind of stupid to me that they would spend billions of
dollars to reinvent another wheel. It's like saying "Physics are good and we
could add some more research and engineering for our case, but no, physics is
opensource so let's make our own physics"

Not exactly the same but ...

~~~
godelski
I think the idea of a backdoor comes because CIA/FBI/NSA has incentives to be
anti-encryption. It is their job to break it. So they want their lives to be
easier. But the DoD has an incentive to have strong encryption. It is their
job to defend their communications.

But I'll disagree with you (while agreeing with you) on this

> Everyone here is speaking like there HAS to be a backdoor

The DoD __does__ have a backdoor. It is the cellphone, not Signal. There
doesn't have to be a backdoor in Signal for them to have full access to these
communications.

~~~
mirimir
> The DoD __does__ have a backdoor. It is the cellphone, not Signal.

How? By compromising the baseband, and then pivoting to compromise the AP? But
what about IOMMU? Or is that pwnable?

------
servercobra
There's a lot of comments here about Signal being better than Wickr, but
little information on why yet. A quick Google search didn't give me any decent
answers, so can anyone fill in why Signal is better?

~~~
cloudking
Signal is open source
[https://github.com/signalapp](https://github.com/signalapp)

~~~
BlueTemplar
Even their server code?

~~~
bqe
Yes! [https://github.com/signalapp/Signal-
Server](https://github.com/signalapp/Signal-Server)

~~~
DonCopal
But how can you be sure there's no additional code being run on their server?

~~~
eitland
It doesn't matter as the messages are end to end encrypted and the way it is
done is continously verified by multiple leading/up-and-coming cryptographers
as far as I understand.

This is the _huge_ advantage that Signal has over mail, the default mode in
Telegram and pretty much anything there is: it does matter if NSA, FSB, MI5,
Mossad, Google and Facebook all have root on a server that all the traffic
passes through. To the best our knowledge - long as they don't compromise one
of the endpoints - the only thing they'll get is metadata and the only thing
they can do is disrupting the service.

------
killjoywashere
Turns out the US military also buys lots of commercial off the shelf stuff,
including vast quantities of #10 letter envelopes for their mail. The US
Defense establishment has thoroughly accepted the fact that they can't out-
innovate commercial companies in a commercially viable space. Using the COTS
top 5 or 10 is entirely reasonable in such cases.

We fly troops on Delta and American too. I bet a few even flew in Boeing 737
Maxes. Perfect? No. Excellent decision among some number of possibly better
decisions, that could have been made at the time? Yes.

------
mikece
“ Electronic communications and text messages sent as part of official
government business are part of the public record, and should be accessible
via a Freedom of Information Act request.”

Unless it’s classified and it would be very easy to make the case that all of
the communication being sent on Army-issued cell phones would be Confidential
at a minimum. The important stuff all gets copied into OPORDS and will be
available for declassification someday.

------
mikece
I’m curious why Wire wasn’t recommended. I prefer it because you don’t need a
phone number to use it.

~~~
godelski
Signal talked about how this is actually a security flaw. I believe they are
working on implementing the feature though. It is about being able to create
social graphs. So like if you get a new phone you can keep your social network
(also that if you discard a phone an adversary can't pick up your identity
trivially). With the current implementation you'd lose your social graph every
time you got a new device. I didn't check very hard but I think it is this
blog post [0]. They don't have many posts, so I'm sure you can find it if this
isn't the one.

[0] [https://signal.org/blog/private-contact-
discovery/](https://signal.org/blog/private-contact-discovery/)

~~~
kijiki
[https://signal.org/blog/secure-value-
recovery/](https://signal.org/blog/secure-value-recovery/)

------
anderspitman
Everyone's making comments about this indicating there could be a backdoor.
Wouldn't that be impossible for Signal without putting it in the open source
app? Otherwise wouldn't it have to be a protocol-level vulnerability?

~~~
mr_toad
How do you know the binary in the App Store is actually compiled from the
published source. Is it possible to reproduce iOS binaries?

~~~
anderspitman
Great question. I would assume Signal has some sort of signed reproducible
builds, but I have no idea what the Apple store process is like. Do you not
just submit a binary to the store?

------
rkagerer
Didn't Bezos' phone get hacked through a WhatsApp message? I know they're not
talking operational comms, but how confident are we these two apps are
exploit-free?

~~~
arcturus17
We are not. It’s software.

E2E encryption is tight until you hack a client or system on either side, but
at least it makes it nearly impossible to attack the middle.

------
maximente
> “I don’t have confidence that DoD could build a unique texting system with
> proper security protocols that would beat any commercial, off the shelf,
> version,” the former official said.

so $700B in defense spending can't match some motivated, talented FLOSS devs?
that's rich.

~~~
xedeon
That's the sad reality. Not just on the DoD side, but from the entire federal
IT workforce/teams.

With the exception of:

18F [https://18f.gsa.gov/](https://18f.gsa.gov/)

USDS [https://www.usds.gov/](https://www.usds.gov/)

The motto seems to be: "Open Source is BAD! How are we going the get support?!
Let's just buy a product or solution from a vendor" Even though they have
people/teams who were hired as developers. I have so many horror stories, it's
not even funny.

~~~
mikekhusid
Check out Kessel Run as well.
[https://kesselrun.af.mil/](https://kesselrun.af.mil/)

DoD mindset re: digital acquisitions is changing.

~~~
dogman144
how each branch is implementing tech commands is fascinating. \- DDS in
general seems like a great program.

\- KR dudes are great and will probably unfuck the AF's tech if they have
enough wiggle room and command support against Lockheed and co. Hiring at
GS-12s, few weeks approval, quick clearances, other unheard of comp strategies
to get good civ talent.

\- Army futures command is ..... near retired E9s and O6s in cargo shorts and
underarmour polos, hiding out in the Austin Wework

~~~
2StepsOutOfLine
Sadly it's hard to argue the effect that KR is having is "positive".

KR stood up by working closely with Pivotal who supplied both the Pivots to
pair program with the comparatively inexperienced AF devs as well as the
deployment platform.

While the means are debatable, the ends that Units supplying devs to KR had to
face we're not. Those Units got back programmers completely reliant on Pivotal
Cloud Foundary. You would get devs that had no concept of what happens to
their code after they run `cf push` and the Units had to face the reality that
their devs were ineffective without PCF which costed 10's of millions to
purchase and maintain by a team of Pivotal engineers.

Obviously Pivotal is a company that exists to make profit but smaller units
that supplied devs to KR largely felt taken advantage of. And after that you
had things like SpaceCamp, LevelUp, Platform1, that are very similar to KR
just without the heavy reliance on Pivotal or their products popping up left
and right.

Now that it's gone on for so long even leadership in KR is getting pressured
to actually produce a product ready app for all the money that's been dumped.
They have plenty of MVP's but afaik nothing to big AF's satisfaction.

At least from a lowly enlisted programmers perspective you can live in Boston
in civilian clothes for 6 months.

~~~
AndrewKemendo
This is no longer the case.

While we do have spring applications running on PCF, we have a significant and
growing number of services and applications that are not built on PCF and PCF
isn't required to build a production application and be CATO compliant. In
fact almost all of the applications and services in my branch are not.

------
choeger
According to the article, they also require a VPN. So why use these apps? Is
the VPN purely optional or do they not trust the _inner_ network?

~~~
gpm
Signal supports local encryption doesn't it? Maybe they are worried about
physically losing their phones?

But they probably don't fully trust their vpn, good spycraft assumes that the
adversary has (partial) access to your systems.

~~~
RL_Quine
It doesn’t have any mode that’s not encrypted.

~~~
ziolent
SMS?

~~~
mcpeepants
the app supports SMS for convenience, but that's not "using signal" as in the
protocol

------
dogman144
AG Barr, what now? Signal/Wickr use only allowed with govt employment?

Good though, although most AD have been using Whatsapp anyways for comms back
home

------
xrd
The irony that Edward Snowden also recommends Signal is so thick. Isn't this a
gateway drug for other whistleblowers?

~~~
jblwps
In what sense would it be a gateway? Because of the possibility of data
exfiltration?

~~~
xrd
This allows people to communicate securely with certain people, say
journalists, if you have something you want to share in private. If you don't
know about this kind of app you might be fearful of doing that. I meant
gateway drug as a joke but hopefully you get the point.

------
anon176
Why not keybase?

~~~
otachack
Keybase comes with social tools to verify identity. Would be pretty silly to
see a military personnel profile in public view.

~~~
anon176
Good point, its been a while since I signed up and I forgot about the whole
"verification" process. Thanks.

------
upofadown
Why wouldn't they just install and use a boring old corporate style XMPP
system with auditing? Everything would be open source and entirely under their
control.

Why would you want something that had to send traffic outside of the VPN?

------
pepve
"[...] where adversaries can _exploit_ American communications systems, cell
phones and _the electromagnetic spectrum_." (emphasis mine)

Wait, what?

~~~
ryanmercer
>the electromagnetic spectrum

EMP, signal jamming, GPS spoofing etc.

------
o_p
Good to know they are only US-backdoored then

------
sp332
Signal's auto-delete feature is optional and off by default.

~~~
kissickas
It could still be problematic if "With regards to transparency and records
keeping requirements, Foote said he 'cannot confirm if any personnel have
Signal or Wickr settings which allow auto-delete of messages at this time.'"

------
class4behavior
Wickr makes little sense. Maybe they meant Wire?

~~~
antoncohen
Why? I'm genuinely curious. I've never used their product, but their Wikipedia
page says they are a San Francisco based company with end-to-end encrypted
messaging and video conference calls[1]. And their home page[2] says "Fully
encrypted. Enterprise-ready. Private."

At first glance it seems like a reasonable choice. US based and end-to-end
encrypted seems to be what the military wants in this case.

[1] [https://en.wikipedia.org/wiki/Wickr](https://en.wikipedia.org/wiki/Wickr)

[2] [https://wickr.com/](https://wickr.com/)

------
calin2k
why not backdoored whatsapp? it would be perfect government endorsement.

------
bigcohoneypot
This is probably because Signal and Wickr are actually intelligence
operations.

------
egberts1
Definitely not Wickr.

~~~
noja
Why?

~~~
egberts1
As one who studied protocol state of many Internet-based protocols, Wickr
isn’t as closely guarded protocol as Signal is with regard to being able to do
MitM (between a specific two protocol states). This is from a theoretical
analysis. No time to do actual jerryrigging.

------
CKN23-ARIN
DARPA literally invented the Internet for this kind of use case and now they
can't even write their own secure messaging app?

~~~
hjek
And they now recommend an app developed by anarchists?

~~~
applecrazy
Source? I didn’t know that.

~~~
zaphod12
Moxie Marlinspike (owner of the world's greatest name) is the lead of the
Signal project is often described as an anarchist (as in this wired article:
[https://www.wired.com/2016/07/meet-moxie-marlinspike-
anarchi...](https://www.wired.com/2016/07/meet-moxie-marlinspike-anarchist-
bringing-encryption-us/), which is better than it's headline).

He is not, in truth, an anarchist. He is a crypto-zealot, most definitely
eccentric, and opposed to a lot of government intrusion. In today's world, I
guess that's an anarchist

~~~
rvnx
An anarchist who collaborates with WhatsApp (Facebook), that's rather comical
:o)

~~~
tptacek
An anarchist who works to get all the major messaging platforms end-to-end
encrypted, so that normal people who don't think to explicitly opt-in to
encryption get the benefits by default? Makes perfect sense to me.

WhatsApp was (maybe still is?) the most popular messaging application in the
world. Getting it E2E encrypted is a huge coup.

~~~
jgalt212
true, but storing all conversation histories locally and in the cloud is an
anti-coup. Not that Moxie had any influence on these decisions one way or the
other (to the best of my knowledge).

The upshot is I worry that E2E encryption has given folks a false sense of
security.

~~~
dylan604
E2E means it is encrypted before transmission, so if that data is stored in
the cloud, wouldn't that mean that it would remain encrypted if it does get
stored in the cloud?

~~~
jgalt212
not according this announcement by WhatsApp.

> Media and messages you back up aren't protected by WhatsApp end-to-end
> encryption while in Google Drive.

[https://faq.whatsapp.com/en/android/28000019/?category=52452...](https://faq.whatsapp.com/en/android/28000019/?category=5245251)

[https://www.zdnet.com/article/whatsapp-warns-free-google-
dri...](https://www.zdnet.com/article/whatsapp-warns-free-google-drive-
backups-are-not-encrypted/)

------
nimbius
A bit alarming to see the government embracing an end-to-end chat system with
perfect forward secrecy, considering both the head of the FBI and the CIA have
confirmed that the lack of a back door would impede the fight against ISIS.

[https://www.theguardian.com/technology/2015/jul/08/fbi-
chief...](https://www.theguardian.com/technology/2015/jul/08/fbi-chief-
backdoor-access-encryption-isis)

~~~
yonaguska
Why is that alarming? The FBI and CIA requests for backdoors are alarming.
Unless you're positing that these apps may have secretly complied with CIA and
FBI requests?

If anything, this is a really good thing, as the utility of publicly available
comms are embraced by government entities, it should somewhat guarantee that
us consumers will also have access to this.

~~~
EthanHeilman
>If anything, this is a really good thing, as the utility of publicly
available comms are embraced by government entities, it should somewhat
guarantee that us consumers will also have access to this.

I largely agree with you but a more cynical take would be that it allows the
following argument to be advanced:

"If the 82nd Airborne uses it, then it is a weapon of war. Why should
civilians have access to the same communication equipment as a soldier needs
in a time of war."

That is, they associate the technology with combat and the military. Then,
they use that association as a way to argue the technology is only inherently
useful for those planning to engage in combat.

It also allows governments to advance the argument that if it useful for our
soldiers then it should be denied to enemy soldiers and thus it should be
tightly controlled (see night vision googles[0] or cryptography as a
weapon[1]).

[0]: [https://en.wikipedia.org/wiki/Night-
vision_device#Legality](https://en.wikipedia.org/wiki/Night-
vision_device#Legality)

[1]:
[https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...](https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States)

~~~
nitemice
If they make that argument, it shouldn't be much of a stretch to say that the
2nd amendment should apply to this technology then.

~~~
big_chungus
There's certainly a case here. If Barr goes forward with his nutty anti-
encryption push, I hope the opposition uses this argument. Google lists
definition #1 for "arms" as "weapons", and definition #2 of "weapons" as "a
means of gaining an advantage or defending oneself in a conflict or contest."

I doubt any would argue that un-breakable (at least, theoretically) comms
would provide no tactical advantage. If anyone would, I'd refer him to the
second world war as a prominent example. This argument could help built a bi-
partisan pro-cryptography group by pulling in support from the 2A crowd. I
support cryptography remaining fully legal (even if classified as a munition
or armament) for the same reason I support the 2A, practical security
considerations aside.

------
rolltiide
I don't trust Wickr

~~~
servercobra
Why not?

~~~
rolltiide
Closed source, compellable US based company, lack of emphasis on being
installable on privacy OS' like Tails and Whonix.

They don't do anything to dispel the notion of being a honeypot and basically
do the exact opposite.

------
jokoon
Well signal is not supported on non-phone androids (there was some option on
the desktop dev build but it's not supported anymore, so it's not even usable
on desktop). I've heard that this limitation increases security but I have a
hard time understanding why. So I can't really vouch for Signal, but I wish I
would. I guess requiring a physical android phone makes it hard to create
bogus accounts?

I wanted to try jami to do some p2p voip on windows. It crashes when I create
an account.

It really sounds like secure alternatives are "disappearing" or just not
usable or mature enough, in favor of mainstream apps that are known to be
monitored. Not to mention the call quality of skype/discord can suffer because
it's using servers.

------
UI_at_80x24
While I appreciate that there are only 2 CVE's for Signal [1], it doesn't
appear to tell the whole story.[2][3][4]

I don't need 'Perfect', I do need 'Better'. OS independent: *BSD, Linux,
Windows, Android, iOS

I'm willing to run my own server, but the wife-unit needs something "easy"
(hence the Windows requirement).

What are some reasonably secure E2E IM platforms?

[1][https://www.cvedetails.com/vulnerability-
list/vendor_id-1791...](https://www.cvedetails.com/vulnerability-
list/vendor_id-17912/product_id-45789/Signal-Signal.html)

[2][https://www.google.com/amp/s/www.forbes.com/sites/daveywinde...](https://www.google.com/amp/s/www.forbes.com/sites/daveywinder/2019/10/05/signal-
messenger-eavesdropping-exploit-confirmedwhat-you-need-to-know/amp/)

[3][https://www.fastcompany.com/90444005/hackers-could-have-
expl...](https://www.fastcompany.com/90444005/hackers-could-have-exploited-a-
whatsapp-flaw-to-create-mass-chaos-say-researchers)

[4][https://www.scmagazineuk.com/researchers-reveal-easily-
signa...](https://www.scmagazineuk.com/researchers-reveal-easily-signal-
telegram-whatsapp-messages-hijacked/article/1521145)

~~~
nicky0
Hmm. Define "reasonably secure". Your link [3] is about WhatsApp and [4] is a
about a compromised platform. No app is secure once you hack the phone.

