Hacker News

How Obama’s BlackBerry got secured (2013)

2025-05-057:5422082www.electrospaces.net

A weblog about Signals Intelligence, Communications Security and top level telecommunications equipment

(Updated: October 31, 2023)


Around January 20, 2009, when Barack Obama took over the office of president of the United States, there was quite a lot of media attention about the fact that he had to give up his BlackBerry, because it was considered to be a security risk. This caused almost world wide media attention, but the follow-up was less accurately covered and a number of different stories were told. Here we will show that Obama actually kept his beloved BlackBerry, but only after it had been secured by special encryption software and some additional security measures.

President Obama showing his BlackBerry (photo: Reuters)

Obama's predecessor, George W. Bush, also used a BlackBerry during the 2000 presidential campaign, but had to give it up, as well as the use of any e-mail software, upon taking office. Three days earlier, he sent out a final e-mail to 42 friends and family members to inform them that he would no longer correspond electronically.

Eight years later, Barack Obama was also forced to give up his BlackBerry, not only because of concerns that its communications and e-mail could be intercepted, but also because of the Presidential Records Act of 1978. This makes all written White House communications public property and subject to examination under the Freedom of Information Act (FOIA).

However, this time Obama definitely wanted keep using this popular business phone to stay in touch with people outside the White House bubble. Therefore, the Secret Service (USSS), the White House Communications Agency (WHCA) and the National Security Agency (NSA) went looking for a solution.


Obama using his BlackBerry 8830 during the election campaign in 2008 (Photo: Getty Images)


US President Obama using a silver BlackBerry 8830
Nokia E61 or E62, as recognized by someone here


Sectéra Edge

Some media suggested Obama had to change his BlackBerry for the Sectéra Edge, a highly secured PDA, which is produced by General Dynamics for the US military. But the Sectéra Edge is quite big, heavy (340 grams) and bulky and therefore hardly convenient for someone used to a BlackBerry. This solution would also require everyone that Obama would like to communicate with to have the same phone, which is priced between 2650,- and 3350,- USD. Secure communications are only possible if both ends use the same (or compatible) encryption devices.

According to other sources, the Sectéra Edge was only used in addition to Obama's BlackBerry, until a permanent solution was worked out. Reports weren't clear about how exactly these two devices were combined. Probably the Sectéra Edge acted like an encryptor, which was plugged into the BlackBerry, so Obama could keep using this device to make a call or send out an e-mail, which then went through the Sectéra Edge, encrypting it, before going over the telecommunications network.


The Sectéra Edge, manufactured by General Dynamics


Compromise That latter, temporary solution must have been even more cumbersome, so a compromise was made, in which president Obama could keep using a BlackBerry, but equipped with a software package to encrypt phone calls and text and email messages.

For this purpose, the security agencies choose the SecurVoice application, which was developed by The Genesis Key, in cooperation with engineers from BlackBerry manufacturer Research In Motion (RIM). SecurVoice should not be confused with Secure-Voice.com, nor with SecuVOICE, which is used for securing the smart phone of the German chancellor Merkel.

Update:
Responsible for securing Obama's BlackBerry was Richard "Dickie" George, who served as technical director of the NSA's Information Assurance Directorate (IAD) from 2003 until his retirement in 2011. In 2014 he told CNN that the NSA set up a lab where dozens of experts performed surgery on the president's future BlackBerry for several months. The device was manipulated to weed out potential threats to secure communication and BlackBerry's algorithms were also reviewed. The choice of the smartphone model was eventually the NSA's, not Obama's, George explained.

After the NSA did all the necessary tests and checking to make sure the software met federal standards like FIPS 140-2, the highly secured BlackBerry was delivered to the president somewhere in May or June 2009. He also gave up his old e-mail address and switched to a new one, which is kept secret. Maybe we can see the new, secured BlackBerry in this picture below, where there are two BlackBerrys lying in front of Obama. The silver one seems to be the BlackBerry 8830, which he already used during the election campaign. The black one, probably a BlackBerry 8900, could then be the new secure one, as we can see the president using this one in later pictures:


President Barack Obama works with Jon Favreau, director of speechwriting, on the Normandy speech aboard Air Force One enroute to Paris. In front of him are a black and a silver Blackberry. (White House photo by Pete Souza, June 5, 2009 - click for a bigger picture!)


Detail from the picture above, showing the two BlackBerrys


The secure BlackBerry was not only issued to the president, but also to a small group of people with whom he likes to stay in close contact with. This because, as said, it's only possible to have secure communications if both ends are using the same encryption method. This limited Obama's goal of keeping in touch with the outside world: encryption (still) means exclusion.

The number of people able to message and call the president is probably only between ten and twenty. Included are vice-president Biden, Obama's chief of staff Rahm Emanuel, advisors David Axelrod and Valerie Jarrett, press secretary Robert Gibbs, first lady Michelle Obama, a few other family members, and some personal friends from Chicago.

Update:
On March 16, 2016, AP reported that in February 2009, secretary of state Hillary Clinton also wanted a secured BlackBerry like the one used by Obama, but that NSA denied that request. A month later, Clinton began using a private server, located in the basement of her home, to exchange e-mail messages with her top aides through her regular, non-secure BlackBerry. Later it came out that this rather risky solution was also used for sensitive messages.

On October 30, 2013, Obama's press secretary Jay Carney said that the president will continue to use his (secured) BlackBerry, despite concerns about eavesdropping which came up after it was revealed that NSA intercepted the communications of 35 world leaders.

The Genesis Key

The SecurVoice software for the presidential BlackBerry was developed for a small company called The Genesis Key, Inc., based in Washington DC. This company was founded in October 2008 by W. Steven Garrett, who took the name from an item used in the 1986 computer game The Legend of Zelda.

The software was developed in the previous four years, apparantly for one of the projects of Steve I. Cooper, a former special assistant to the president, senior director for information integration, and CIO (Chief Information Officer) for the Office of Homeland Security. He is now a member of the advisory board of SecurDigital, Inc., a firm founded in October 2009 by Bruce Magown and Steven Garrett to distribute the SecurVoice software applications.

Steven Garrett is a man with a quite surprising background. His Linked-In profiles show that he has been involved in a very wide range of businesess, like manufacturing plants for Fannies Fat Free Cheesecakes and Fat Free Burger (providing microwave-ready cheeseburgers to military commissaries) and marketing & sales for Lion Sportswear and Faded Glory Jeans. He also developed a highly secure appartment building, named Garrett Place. At his twitter account he describes himself as "Proven Rainmaker, Change Agent, Strategist, and Driving Force for Unprecedented, Exponential Growth in Revenues, Earnings, and Market Valuation".

SecurVoice

The Genesis Key released the SecurVoice software in December 2008, claiming this to be the world's first completely secure voice and data encryption solution. Allthough there were already a number of other hardware and software encryption solutions, the SecurVoice application should be able to protect global voice connections between and within all types of cell, satellite, PBX, SDR and VOIP phones and phone systems.

SecurVoice is 100% Java based, which should make it device- and carrier-independent, but according to the website, the software is currently only operational on the Blackberry operating system version 4.5 and up. Software porting for other operating systems, like Symbian, Brew, Windows Mobile, Google, and iPhone is said to be underway. With SecurVoice, each phone can be loaded with up to three levels of security, each one accessible through a separate icon and recognizable by a different ringtone. When dialing a number and this number has a cryptographic key associated with it, then the call is automatically placed as a secured call. If a phone number has no cryptographic key associated with it, then the cell phone operates normally and the call is placed unencrypted. The SecurVoice software comes in two versions:

- Phone-to-Phone (P2P), where secure calls are made directly from one cell phone to another. The price for government users is 1795,- USD per application.


- Phone-to-Server (P2S), where secure calls are routed from the phone to an enterprise server and back. The price of a server license is between 2500,- and 25.000,- USD.

It's likely, that for Obama the server solution was chosen. This allows a centralized key management, monitoring of all secure calls and record keeping of the messages. One source says the president may have to wait up to 50 minutes for an e-mail reply, as the system actively sniffs out incoming messages for viruses or Trojan horses.


Overview of the SecurVoice application options (by The Genesis Key/SecurDigital)

Encryption

The SecurVoice software features a dual-layered, or hybrid encryption scheme, which means it combines symmetrical and asymmetrical encryption algorithms. It performs the voice encryption in real time by using a fast symmetric cipher, using a strong key. This key is then encrypted with a public-key or asymmetrical cryptosystem, like RSA or ECC, and transmitted together with the encrypted message. This is also how the vast majority of present-day communications encryption works.

The SecurVoice symmetric encryption uses a 256-bit session (conversation) key, which replaces the encryption every second with non-reoccurring numbers. This session key is a combination (salted hash) of the sender Base Secure Key (stored in the recipient key store) and a random session key. According to the manufacturer, SecurVoice uses classified Type 1 encryption algorithms, which are restricted to government and military users. For corporate users, public crypto algorithms like AES are used.

In case of a SecurVoice enterprise server, the software converts voice into encrypted data, which is then sent over the carrier network to the SecurVoice Enterprise Server where it is decrypted. It is then re-encrypted and sent back over the carrier network to the receiving phone, where it is decrypted and converted back to voice. It's also possible to select different encryption algorithms, so that, for example, encryption from a cell phone to the enterprise server may be the AES algorithm with a 128-bit, while from the server to the receiving phone this may be done by using Elliptic Curve Cryptography (ECC).


President Obama using his BlackBerry 8900 in the limousine while traveling from the University of Indonesia to the airport in Jakarta, Indonesia. (White House Photo by Pete Souza, November 10, 2010)


Security risks

As Obama wanted to keep using a BlackBerry device, the security solution is software only. This still leaves risks like compromised hardware and hacking by means of social engineering. Therefore, some security specialists say that it's not impossible to hack Obama's BlackBerry and that foreign states and other hackers will likely try to do so.

To minimize these risks, the secured BlackBerrys prevent forwarding e-mail messages from the president and sending him attachments. His secret e-mail address is likely to be changed regularly as well and Obama's friends and staff members were lectured about these security issues.

Another risk of the president using a BlackBerry, like a cell phone in general, is that enemies can try to track the president's location in real-time, even when GPS is disabled. Every cell phone regularly transmits it's IMEI-number to the cell tower, and this can be intercepted by devices like a Triggerfish. How this tracking can be done, and countered, is described in this, respectively this article.

One source says the presidential BlackBerry can only connect to a secure base station, which can be used to hide the IMEI-number of the device and thus prevent tracking it. This would mean the White House Communications Agency has to carry such a secure base station wherever the president goes.

There must be also a secure base station inside the presidential limousine, as we can see in the picture above. First because using a foreign cell phone network would be a big security risk, but also because the limousine is most likely constructed like a Faraday cage, and therefore a BlackBerry could only be used if there's a base station in the car itself (and probably also in Air Force One). The secure base station is probably connected to a secure satellite link with Washington.

President Obama uses his BlackBerry for calling Mitt Romney (White House photo by Pete Souza, November 6, 2012)


President Obama using his old BlackBerry, during a campaign visit to Albuquerque, New Mexico in August 2008


Conclusion As we have seen, president Obama has kept his BlackBerry, but only after it had been secured. This took quite some effort: newly developed software had to be tested within a couple of months, all his contacts have to use the same software, limiting their number to a rather small group, and a secure base station has to follow the president. Nonetheless, this ad hoc solution for the president marks the beginning of an era in which top level mobile communications will no longer be secured with dedicated hardware, but by using software applications for regular commercial smartphones.
Update #1:

By the end of 2014, a Russian state-sponsored hacker group, known as Cozy Bear, was able to infiltrate White House e-mail servers containing the sent and received emails of president Barack Obama, but they failed to penetrate the servers that controlled the traffic from his personal BlackBerry. The Dutch Joint Sigint Cyber Unit (JSCU) monitored these hacking operations and alerted the Americans.

UPDATE #2:

Since August 2023, the actual BlackBerry devices used by president Obama are on display in the National Cryptologic Museum (NCM). This museum, which is located just outside the NSA campus at Fort Meade, shows four BlackBerry smartphones, several with the presidential seal. Following Obama’s term, the NSA removed security modifications and classified data from the phones and eventually offered them to the NCM.

BlackBerry devices used by president Obama on display at the NCM (photo: NSA - click to enlarge)


Besides the four BlackBerry devices, the NCM also has three Motorola A840 flip phones on display, which Obama used in his presidential limousine, for example. In the photo released by the NSA, we see that the front side camera of these phones have been replaced by what looks like the seal of the White House Communications Agency (WHCA), which maintains (secure) communications for the president.

Motorola A840 flip phones used by president Obama on display at the NCM (photo: NSA - click to enlarge)

Sources and Links



- Yahoo.com: Obama has finally ditched his BlackBerry, but its replacement will surprise you (2016)
- CNN.com: 'I made Obama's BlackBerry' (2014)
- FoxNews.com: Obama Getting Super-Secure BlackBerry
- New York Times: Symbol of Elite Access: E-Mail to the Chief
- The Telegraph: Barack Obama's BlackBerry 'no fun' (2010)
- PRWeb: The X-Change Corporation Acquires Genesis Key, Inc. (2010)
- Radio interview about SecurVoice: Telecom Junkies - Secret Agent Phone
- Interview with Steven Garrett: Wireless Technology Risks and Enterprise Security (2010)
- Washington Times: Obama soon to get secure BlackBerry (2009)
- WirelessMoves: How To Secure The BarackBerry (2009)
- Communities Dominate Brands: Do Communities Dominate personal security of Obama? The Blackberry Battle (2009)
- See also: securvoice.blogspot.com

Read the original article

lastdong

Karma: 2139
...
 @Hacker__News
@hacker._news

Comments

  • By bigfatkitten 2025-05-0811:221 reply

    These days, NSA's Commercial Solutions for Classified program[1] addresses a lot of these sorts of secure mobility use cases.

    The underlying design principle behind CSfC is that the CNSA algorithms[2], when properly implemented are good enough to protect information classified up to TOP SECRET on their own. However, there's still a risk of exposure due to broken implementations, active exploitation or operational error.

    To mitigate this, CSfC's "capability packages" (reference architectures) typically use two or more cryptographic layers of different provenance to reduce the risk that a vulnerability in one layer could be used to compromise the whole solution. For a VPN for example, they will use two tunnels; an inner tunnel using a solution from one vendor, and an outer tunnel from another.

    There are other considerations apart from cryptography. They also specify the use of "retransmission devices" (mifi routers, basically) in favour of native cellular capability, presumably to mitigate the risk of a cellular baseband exploit being used to compromise a classified handset.

    [1] https://www.nsa.gov/Resources/Commercial-Solutions-for-Class...

    [2] https://en.wikipedia.org/wiki/Commercial_National_Security_A...

    • By NitpickLawyer 2025-05-0812:572 reply

      > They also specify the use of "retransmission devices" (mifi routers, basically) in favour of native cellular capability

      Yeah, this makes the most sense, there's no way they'd let a president's phone be connected to commercial networks. Tracking alone would be a huge issue, not to mention the plethora of ss7 abuses that can be done.

  • By miki123211 2025-05-0811:575 reply

    It's so strange to me how little information there is on the internet about how the BlackBerry really worked.

    Other phone OSes, both modern ones like iOS and Android, as well as ancient ones like Symbian or even the Nokia 3310 firmware, have their internals well described. All I could find about the BlackBerry was that it used some Java-based OS, but no detailed information about its architecture, conventions, file system layouts, security properties or technical capabilities seems to be available. The communications protocols are just as mysterious, especially on the phone-to-server side. I know it required some kind of carrier integration to work, which makes me think it wasn't just a bog-standard connection over TCP/IP, but I have no idea what it actually was.

    There's some information in BlackBerry programming books, which can still be found in the "usual places", some old BlackHat presentations, which seem to mostly focus on the enterprise server component, as well as some company history and brief descriptions of the technical choices made in "Losing the Signal", but that's about it. Even Nintendo's OS is understood much more widely, despite Nintendo being much more secretive and litigious.

    • By Spooky23 2025-05-0813:584 reply

      They shared information with large customers with NDA. They were old school telecom — very tight.

      Everything traversed their network. It was a bonkers architecture that would not fly today. The other thing about that obscurity is it enabled all sorts of weird use cases. Because the devices were identified to the BlackBerry network, you could message without user assignment.

      It was common for corporate and political people to use them for unaccountable, compartmentalized communications. You could build ad hoc networks of people without there a record of who was who, and periodically reshuffle the devices to add and remove people. It was basically Nextel DirectConnect for texting / “the wire” for corporate people.

      • By miki123211 2025-05-0818:061 reply

        > you could message without user assignment

        > It was basically Nextel DirectConnect for texting / “the wire” for corporate people

        What does "without user assignment" mean here. Not an American and not that familiar with the American telecoms environment of the early 2000s, so while those names ring a bell (no pun intended), I think the comparisons escape me.

        • By Spooky23 2025-05-092:24

          Most services are tied to a user account or phone number. PIN messages were associated with a phone. Easy to swap sims and phones to build ad hoc groups.

          Nextel was a little different… their walkie talkie function was not tappable. They became the phone of choice for street level dealers among others.

      • By smileybarry 2025-05-0817:49

        I remember how it needed specific telecom support to work at all, whereas iPhone needed carrier help for a subset of things like APNS. So for most of BlackBerry’s life none of the carriers here supported running one on their network.

      • By dec0dedab0de 2025-05-0816:021 reply

        I think most corporate blackberries were tied to an enterprise server that tracked everything they did.

        • By Hilift 2025-05-0816:541 reply

          Indeed. The FBI made a lot of cases with that. It wasn't unusual for a corporate user to not know that all of the texts, contacts, and numbers called were available centrally.

          • By nothercastle 2025-05-0823:112 reply

            I assume they are on iMessage as well at some level are they not?

            • By Barbing 2025-05-090:211 reply

              If any party receiving an iMessage uses iCloud backup, it should be available to the US govt one way or another.

              Am I correct that parties who don’t use backup are indeed messaging “entirely” privately, barring Harvest Now, Decrypt Later?

            • By fdb345 2025-05-092:55

              Not to my knowledge.

              iMessage keys never leave your device until you back them up to iCloud.

      • By gotohelldang 2025-05-0815:47

        [flagged]

    • By amaccuish 2025-05-0813:08

      Quite agree, I find it really sad. The most that is out there was about the BlackBerry Enterprise Server, but the docs were always light on details. And yes that one BlackHat presentation about SRP.

      I'd love to know more about the GPRS side of things, how their NOCs were connected to carriers, etc.

    • By schlauerfox 2025-05-0816:00

      We used to install the server-side exchange connector on windows small business server. It was an involved process to get working, but pretty reliable.

      Also interesting is some comments from former RIM employee, turned woodworking youtuber https://www.youtube.com/watch?v=GLxjXP-XCJA matthias wandel

    • By gjsman-1000 2025-05-0813:331 reply

      > despite Nintendo being much more secretive and litigious

      Eh, kind of? Nintendo has never interfered with solely modding your Switch, or the tools to do so, and will not ban you for loading CFW. Install CFW, overclock your Switch, even cheat in offline games, no interference.

      Their lines in the sand for years have been changing your profile image to something arbitrary (and possibly NSFW), installing a pirated game, cheating online, or tampering with system logs. That’s when the ban hammer hits; and the tools for doing those get targeted.

    • By numpad0 2025-05-0815:42

      ? There are more private stuff in the world than what's public on the Internet. Naively believing that private parts must be the minor part and basically everything should be already on the WWW is pure arrogance.

      Google paid a lot of effort a while back into putting up obsolete as hell 130nm Skywater PDK on the public 'net. I've seen people on social media describing their anxiety from just seeing some industry specific shapes and forms out in the open, despite knowing those files were thoroughly cleared for release and completely fine for anyone to see.

      Reading up stuffs on WWW and thinking it should cover most of everything is like placing yourself in clothes of pre-war physicists who thought physics is all figured out like a sunny backyard except there's a tiny black pinhole in the sky called quantum physics that idiots are obsessed with. There's a whole universe(s) behind it.

  • By mschuster91 2025-05-0812:523 reply

    > On March 16, 2016, AP reported that in February 2009, secretary of state Hillary Clinton also wanted a secured BlackBerry like the one used by Obama, but that NSA denied that request. A month later, Clinton began using a private server, located in the basement of her home, to exchange e-mail messages with her top aides through her regular, non-secure BlackBerry. Later it came out that this rather risky solution was also used for sensitive messages.

    A good reminder how IT departments need to provide solutions that actually work and are accessible to everyone. If not, "shadow IT" will emerge, rather sooner than later.

    And Clinton was Secretary of State, not some low level clerk.

    • By vessenes 2025-05-0820:34

      Thank you - I was about to post this. It’s worth noting Comey reopened an email inquiry four days before the election; this was widely seen as the reason for her loss at the time.

      Reminder: this was a really big deal to people.

      Investigation was closed shortly thereafter; he said in interviews at the time he was unhappy with Bill; I vaguely remember a clandestine meeting at a private jet fbo.

      I’ve always imagined there was a little bit of payback from Obama in this story: the Clintons absolutely did not open up resources for Barack in his first term, and it cost him a lot. My head canon is like: “bury hatchet with Clintons for sec state apptment: fine. Deny Hillary a blackberry: very fine.”

    • By setgree 2025-05-0816:034 reply

      A friend who works for the FBI flagged this long ago as the origin story for Clinton's "but her emails!" woes. It's distinctly possible that if the NSA had just secured her Blackberry, there would never have been a president Trump. Funny how small things spiral out.

      You might draw many possible lessons from this story, though. One is the lesson you draw, which is that the NSA should have secured her damn Blackberry. The second is that this was really about egos, and Clinton couldn't accept that she was less important, and deserved a less important phone, than Obama, so she went ahead anyway. A third is that if you want to be president someday, you can't cut corners, and you need to use whatever clunky tech the government gives you -- so that one day, you can be the boss, summon the head of the NSA into your office, and humiliate and then fire him in front of his peers. But Clinton didn't have that kind of patience: she had emails to send.

      • By toast0 2025-05-0822:39

        > One is the lesson you draw, which is that the NSA should have secured her damn Blackberry. The second is that this was really about egos, and Clinton couldn't accept that she was less important, and deserved a less important phone, than Obama, so she went ahead anyway.

        It could be ego. It could just be the hold of the crackberry. I didn't know many people that were full on in thrall to the Temple of Blackberry, but those few were willing to do what it takes to keep using them (until eventually they gave in and accepted the inevitable loss and usually moved to iPhone)

        I had to spend about a week to figure out how to get a Blackberry to send DKIM compliant email before I could turn on DKIM. One of the acceptable alternatives for the CEO was just enabling anyone with a blackberry to send email from our domain.

      • By mmooss 2025-05-0816:551 reply

        The President and Secretary of State have less power than you think; they aren't corporate CXOs. They are subject to the laws, and NSA must follow laws made by Congress. That's intentional - the division of power is that Congress makes the rules and the executive branch implements them.

        The Secretary of State should have a secure mobile communication device, as should most everyone else in national security positions (and other jobs). It's absurd that they didn't. Just think of the productivity hit and the capability hit - imagine how it interferes with responses to crises.

        Who here would tolerate it at their workplace?

        • By mschuster91 2025-05-0818:011 reply

          > The President and Secretary of State have less power than you think; they aren't corporate CXOs. They are subject to the laws, and NSA must follow laws made by Congress. That's intentional - the division of power is that Congress makes the rules and the executive branch implements them.

          Indeed indeed... but sadly, as we're seeing (especially, but not just) with DOGE this keeps on eroding.

          • By kelipso 2025-05-090:44

            And that NSA ever followed the law is news to me.

      • By FormerBandmate 2025-05-0820:57

        A similar thing seems responsible for signalgate. The NSA needs better tech tbh

      • By timewizard 2025-05-0820:10

        > It's distinctly possible that if the NSA had just secured her Blackberry, there would never have been a president Trump. Funny how small things spiral out.

        She was a neocon warhawk who was shrill and unlikable. There were a lot of reasons she lost. The blackberry was the smallest part of it.

        It's also distinctly possible that if the government had enacted appropriate oversight over it's cabinet level secretaries that the illegal configuration would have been detected and remediated before it became an embarrassment.

    • By bunabhucan 2025-05-0813:061 reply

      And the lesson every us pol seems to have learned is "use signal, use protonmail."

      • By mschuster91 2025-05-0813:084 reply

        They're using Signal to circumvent the Presidential Records act - the US government nowadays has ample ways to officially and quickly communicate with each other, while being in compliance with recordkeeping and national secrets requirements.

        • By jandrewrogers 2025-05-0814:321 reply

          Use of Signal has been rife in Washington DC since COVID times.

          During COVID they closed many of the secure facilities indefinitely. Building access was on a rotation, so many people couldn’t see or communicate with their counterparts for weeks or months unless their rotation intersected. The government had no plan for how to conduct classified business with their facilities closed for extended periods. It is in this milieu that Signal became established as an alternative way to communicate.

          They required almost everyone to work at home without a plan for how that is supposed to work when most people don’t have a SCIF[0] in their house. As bad as it is that the US DoD converged on using Signal, there is an identical issue in many European countries with the pervasive use of WhatsApp for sensitive communication. It is a classic case of shadow IT taking over.

          [0] https://en.wikipedia.org/wiki/Sensitive_compartmented_inform...

          • By mmooss 2025-05-0816:561 reply

            I hadn't heard that. Do you remember where that story is covered?

            • By jandrewrogers 2025-05-0817:25

              It is first-hand knowledge, I was doing quite a bit of government work in Washington DC during COVID. Everything ground to a halt because it was so difficult to connect with people. I use Signal today primarily because of working in Washington DC.

        • By dwood_dev 2025-05-0814:011 reply

          That is what I assumed as well. In both the current and previous admins.

          But as more details come out about the current admins use of signal, this appears to not be the case.

          They are using a shitty third party patched version of signal specifically designed to archive messages.

          Leaving aside the security issues with the version they are using and the lack of public facing policy, the use of a Signal variant that archives chats is a reasonable compromise.

          Instead of walling off users, creating a barrier to use and therefore extensive bypassing of the security standards, they have met users where they are and provided them with what the user cannot distinguish from official signal. This allows them to interface internally and externally through signal, preserving records and maintaining a much better level of security than the other options.

          This represents a huge breach of trust between external parties and government signal users, but most of the government signal users are probably completely unaware that it's being logged.

          My issue is not that they are using Signal. I think it's one of the better options. My issue is that they use a shitty version of it when there should be an in house maintained version for government use.

        • By mmooss 2025-05-0816:57

          > They're using Signal to circumvent the Presidential Records act

          FWIW, the national security advisor was/is using an unofficial Signal client that logs messages - insecurely, of course.

        • By MattSayar 2025-05-0815:41

          Well, they're not even using Signal, but a wrapper that's less secure.

          https://micahflee.com/tm-sgnl-the-obscure-unofficial-signal-...

HackerNews

About